home || catalog: SP800-53rev3 / class: All ||
search controls:
search nistpubs:

(AC) Access Control
(AC-01) Access Control Policy and Procedures
(AC-02) Account Management
(AC-03) Access Enforcement
(AC-04) Information Flow Enforcement
(AC-05) Separation of Duties
(AC-06) Least Privilege
(AC-07) Unsuccessful Login Attempts
(AC-08) System Use Notification
(AC-09) Previous Logon (Access) Notification
(AC-10) Concurrent Session Control
(AC-11) Session Lock
(AC-12) Session Termination
(AC-13) Supervision and Review — Access Control
(AC-14) Permitted Actions without Identification or Authentication
(AC-15) Automated Marking
(AC-16) Security Attributes
(AC-17) Remote Access
(AC-18) Wireless Access Restrictions
(AC-19) Access Control for Mobile Devices
(AC-20) Use of External Information Systems
(AC-21) User Based Collaboration and Information Sharing
(AC-22) Publicly Accessible Content

(AT) Awareness and Training
(AT-01) Security Awareness and Training Policy and Procedures
(AT-02) Security Awareness
(AT-03) Security Training
(AT-04) Security Training Records
(AT-05) Contacts with Security Groups and Associations
(AT-06) Assessor Training

(AU) Audit and Accountability
(AU-01) Audit and Accountability Policy and Procedures
(AU-02) Auditable Events
(AU-03) Content of Audit Records
(AU-04) Audit Storage Capacity
(AU-05) Response to Audit Processing Failures
(AU-06) Audit Monitoring, Analysis, and Reporting
(AU-07) Audit Reduction and Report Generation
(AU-08) Time Stamps
(AU-09) Protection of Audit Information
(AU-10) Non-repudiation
(AU-11) Audit Record Retention
(AU-12) Audit Generation
(AU-13) Monitoring for Information Disclosure
(AU-14) Session Audit
(AU-3, AC-22)

(CA) Security Assessment and Authorization
(CA-01) Security Assessment and Authorization Policies and Procedures
(CA-02) Security Assessments
(CA-03) Information System Connections
(CA-04) Security Certification
(CA-05) Plan of Action and Milestones
(CA-06) Security Authorization
(CA-07) Continuous Monitoring

(CM) Configuration Management
(CM-01) Configuration Management Policy and Procedures
(CM-02) Baseline Configuration
(CM-03) Configuration Change Control
(CM-04) Security Impact Analysis
(CM-05) Access Restrictions for Change
(CM-06) Configuration Settings
(CM-07) Least Functionality
(CM-08) Information System Component Inventory
(CM-09) Configuration Management Plan

(CP) Contingency Planning
(CP-01) Contingency Planning Policy and Procedures
(CP-02) Contingency Plan
(CP-03) Contingency Training
(CP-04) Contingency Plan Testing and Exercises
(CP-05) Contingency Plan Update
(CP-06) Alternate Storage Site
(CP-07) Alternate Processing Site
(CP-08) Telecommunications Services
(CP-09) Information System Backup
(CP-10) Information System Recovery and Reconstitution

(IA) Identification and Authentication
(IA-01) Identification and Authentication Policy and Procedures
(IA-02) User Identification and Authentication (Organizational Users)
(IA-03) Device Identification and Authentication
(IA-04) Identifier Management
(IA-05) Authenticator Management
(IA-06) Authenticator Feedback
(IA-07) Cryptographic Module Authentication
(IA-08) Identification and Authentication (Non-Organizational Users)

(IR) Incident Response
(IR-01) Incident Response Policy and Procedures
(IR-02) Incident Response Training
(IR-03) Incident Response Testing and Exercises
(IR-04) Incident Handling
(IR-05) Incident Monitoring
(IR-06) Incident Reporting
(IR-07) Incident Response Assistance
(IR-08) Incident Response Plan

(MA) Maintenance
(MA-01) System Maintenance Policy and Procedures
(MA-02) Controlled Maintenance
(MA-03) Maintenance Tools
(MA-04) Non-local Maintenance
(MA-05) Maintenance Personnel
(MA-06) Timely Maintenance

(MP) Media Protection
(MP-01) Media Protection Policy and Procedures
(MP-02) Media Access
(MP-03) Media Marking
(MP-04) Media Storage
(MP-05) Media Transport
(MP-06) Media Sanitization

(PE) Physical and Environmental Protection
(PE-01) Physical and Environmental Protection Policy and Procedures
(PE-02) Physical Access Authorizations
(PE-03) Physical Access Control
(PE-04) Access Control for Transmission Medium
(PE-05) Access Control for Output Devices
(PE-06) Monitoring Physical Access
(PE-07) Visitor Control
(PE-08) Access Records
(PE-09) Power Equipment and Power Cabling
(PE-10) Emergency Shutoff
(PE-11) Emergency Power
(PE-12) Emergency Lighting
(PE-13) Fire Protection
(PE-14) Temperature and Humidity Controls
(PE-15) Water Damage Protection
(PE-16) Delivery and Removal
(PE-17) Alternate Work Site
(PE-18) Location of Information System Components
(PE-19) Information Leakage
(PE-20) Physical Security

(PL) Planning
(PL-01) Security Planning Policy and Procedures
(PL-02) System Security Plan
(PL-03) System Security Plan Update
(PL-04) Rules of Behavior
(PL-05) Privacy Impact Assessment
(PL-06) Security-Related Activity Planning

(PM) Program Management
(PM-01) Security Program Plan
(PM-02) Senior Information Security Officer
(PM-03) Information Security Resources
(PM-04) Plan of Action and Milestones Process
(PM-05) Information System Inventory
(PM-06) Information Security Measures of Performance
(PM-07) Enterprise Architecture
(PM-08) Critical Infrastructure Plan
(PM-09) Risk Management Strategy
(PM-10) Security Authorization Process
(PM-11) Mission / Business Process Definition

(PS) Personnel Security
(PS-01) Personnel Security Policy and Procedures
(PS-02) Position Categorization
(PS-03) Personnel Screening
(PS-04) Personnel Termination
(PS-05) Personnel Transfer
(PS-06) Access Agreements
(PS-07) Third-Party Personnel Security
(PS-08) Personnel Sanctions

(RA) Risk Assessment
(RA-01) Risk Assessment Policy and Procedures
(RA-02) Security Categorization
(RA-03) Risk Assessment
(RA-04) Risk Assessment Update
(RA-05) Vulnerability Scanning

(SA) System and Services Acquisition
(SA-01) System and Services Acquisition Policy and Procedures
(SA-02) Allocation of Resources
(SA-03) Life Cycle Support
(SA-04) Acquisitions
(SA-05) Information System Documentation
(SA-06) Software Usage Restrictions
(SA-07) User Installed Software
(SA-08) Security Engineering Principles
(SA-09) External Information System Services
(SA-10) Developer Configuration Management
(SA-11) Developer Security Testing
(SA-12) Supply Chain Protection
(SA-13) Trustworthiness
(SA-14) Critical Information System Components

(SC) System and Communications Protection
(SC-01) System and Communications Protection Policy and Procedures
(SC-02) Application Partitioning
(SC-03) Security Function Isolation
(SC-04) Information in Shared Resources
(SC-05) Denial of Service Protection
(SC-06) Resource Priority
(SC-07) Boundary Protection
(SC-08) Transmission Integrity
(SC-09) Transmission Confidentiality
(SC-10) Network Disconnect
(SC-11) Trusted Path
(SC-12) Cryptographic Key Establishment and Management
(SC-13) Use of Cryptography
(SC-14) Public Access Protections
(SC-15) Collaborative Computing
(SC-16) Transmission of Security Attributes
(SC-17) Public Key Infrastructure Certificates
(SC-18) Mobile Code
(SC-19) Voice Over Internet Protocol
(SC-20) Secure Name/Address Resolution Service (Authoritative Source)
(SC-21) Secure Name/Address Resolution Service (Recursive or Caching Resolver)
(SC-22) Architecture and Provisioning for Name/Address Resolution Service
(SC-23) Session Authenticity
(SC-24) Fail in Known State
(SC-25) Thin Nodes
(SC-26) Honeypots
(SC-27) Operating System-Independent Applications
(SC-28) Protection of Information at Rest
(SC-29) Heterogeneity
(SC-30) Virtualization Techniques
(SC-31) Covert Channel Analysis
(SC-32) Information System Partitioning
(SC-33) Transmission Preparation Integrity

(SI) System and Information Integrity
(SI-01) System and Information Integrity Policy and Procedures
(SI-02) Flaw Remediation
(SI-03) Malicious Code Protection
(SI-04) Information System Monitoring
(SI-05) Security Alerts, Advisories and Directives
(SI-06) Security Functionality Verification
(SI-07) Software and Information Integrity
(SI-08) Spam Protection
(SI-09) Information Input Restrictions
(SI-10) Information Input Validitation
(SI-11) Error Handling
(SI-12) Information Output Handling and Retention
(SI-13) Predictable Failure Prevention