Control Catalogue

11.02 Control Catalog

We're on control catalog release 11.02 at the moment, and things have stabilised for this release. The whole control catalog is now in place, but we have ideas to enhance and refine the control format during 2012 to align to the latest release of 800-53. Of course we'd welcome any comments or ideas you may have.

Controls are based on NIST 800-53, and there is a mapping to ISO17799 and COBIT 4.1, with ISO 27002 and PCI DSS available soon.

Using the filter gives you a quick way to hunt through the catalog e.g. 'PS-' gives you all the Personnel Security Family.

List of articles in category 11.02 Control Catalog
Title	Hits
13-05 All Controls	Hits: 28122
13-05 Control mapping (NIST 800-53 vs ISO 17799 / PCI-DSS v2 / COBIT 4.1	Hits: 69949
13-05 Controls catalog SQL export	Hits: 9790
AC-01 Access Control Policies and Procedures	Hits: 44684
AC-02 Account Management	Hits: 28586
AC-03 Access Enforcement	Hits: 31968
AC-04 Information Flow Enforcement	Hits: 33059
AC-05 Separation Of Duties	Hits: 18132
AC-06 Least Privilege	Hits: 18048
AC-07 Unsuccessful Login Attempts	Hits: 17014
AC-08 System Use Notification	Hits: 14669
AC-09 Previous Logon Notification	Hits: 12744
AC-10 Concurrent Session Control	Hits: 14206
AC-11 Session Lock	Hits: 16518
AC-12 Session Termination	Hits: 15200
AC-13 Supervision And Review -- Access Control	Hits: 11119
AC-14 Permitted Actions Without Identification Or Authentication	Hits: 9995
AC-15 Automated Marking	Hits: 8469
AC-16 Automated Labeling	Hits: 7901
AC-17 Remote Access	Hits: 16576
AC-18 Wireless Access Restrictions	Hits: 15339
AC-19 Access Control For Portable And Mobile Devices	Hits: 15017
AC-20 Use Of External Information Systems	Hits: 14887
AT-01 Security Awareness And Training Policy And Procedures	Hits: 17117
AT-02 Security Awareness	Hits: 15342
AT-03 Security Training	Hits: 14801
AT-04 Security Training Records	Hits: 10201
AT-05 Contacts With Security Groups And Associations	Hits: 8412
AU-01 Audit And Accountability Policy And Procedures	Hits: 18491
AU-02 Auditable Events	Hits: 24141
AU-03 Content Of Audit Records	Hits: 14851
AU-04 Audit Storage Capacity	Hits: 12076
AU-05 Response To Audit Processing Failures	Hits: 15079
AU-06 Audit Monitoring, Analysis, And Reporting	Hits: 30686
AU-07 Audit Reduction And Report Generation	Hits: 15130
AU-08 Time Stamps	Hits: 11777
AU-09 Protection Of Audit Information	Hits: 14994
AU-10 Non-Repudiation	Hits: 15935
AU-11 Audit Record Retention	Hits: 13607
CA-01 Certification, Accreditation, And Security Assessment Policies And Procedures	Hits: 15107
CA-02 Security Assessments	Hits: 18805
CA-03 Information System Connections	Hits: 11095
CA-04 Security Certification	Hits: 13805
CA-05 Plan Of Action And Milestones	Hits: 9995
CA-06 Security Accreditation	Hits: 11611
CA-07 Continuous Monitoring	Hits: 17185
CM-01 Configuration Management Policy And Procedures	Hits: 16387
CM-02 Baseline Configuration	Hits: 18854
CM-03 Configuration Change Control	Hits: 16991
CM-04 Monitoring Configuration Changes	Hits: 11523
CM-05 Access Restrictions For Change	Hits: 14602
CM-06 Configuration Settings	Hits: 14062
CM-07 Least Functionality	Hits: 21338
CM-08 Information System Component Inventory	Hits: 15200
CP-01 Contingency Planning Policy And Procedures	Hits: 11763
CP-02 Contingency Plan	Hits: 11880
CP-03 Contingency Training	Hits: 9877
CP-04 Contingency Plan Testing And Exercises	Hits: 17247
CP-05 Contingency Plan Update	Hits: 9023
CP-06 Alternate Storage Site	Hits: 10282
CP-07 Alternate Processing Site	Hits: 12555
CP-08 Telecommunications Services	Hits: 7520
CP-09 Information System Backup	Hits: 15087
CP-10 Information System Recovery And Reconstitution	Hits: 14205
IA-01 Identification And Authentication Policy And Procedures	Hits: 17863
IA-02 User Identification And Authentication	Hits: 24279
IA-03 Device Identification And Authentication	Hits: 20689
IA-04 Identifier Management	Hits: 14459
IA-05 Authenticator Management	Hits: 17491
IA-06 Authenticator Feedback	Hits: 12058
IA-07 Cryptographic Module Authentication	Hits: 17773
IR-01 Incident Response Policy And Procedures	Hits: 13178
IR-02 Incident Response Training	Hits: 11279
IR-03 Incident Response Testing And Exercises	Hits: 13657
IR-04 Incident Handling	Hits: 20762
IR-05 Incident Monitoring	Hits: 11435
IR-06 Incident Reporting	Hits: 11372
IR-07 Incident Response Assistance	Hits: 11675
MA-01 System Maintenance Policy And Procedures	Hits: 11883
MA-02 Controlled Maintenance	Hits: 12509
MA-03 Maintenance Tools	Hits: 10894
MA-04 Remote Maintenance	Hits: 12452
MA-05 Maintenance Personnel	Hits: 8912
MA-06 Timely Maintenance	Hits: 9994
MP-01 Media Protection Policy And Procedures	Hits: 11499
MP-02 Media Access	Hits: 11337
MP-03 Media Labeling	Hits: 8186
MP-04 Media Storage	Hits: 8621
MP-05 Media Transport	Hits: 8800
MP-06 Media Sanitization And Disposal	Hits: 9671
PE-01 Physical And Environmental Protection Policy And Procedures	Hits: 11071
PE-02 Physical Access Authorizations	Hits: 9656
PE-03 Physical Access Control	Hits: 12418
PE-04 Access Control For Transmission Medium	Hits: 9398
PE-05 Access Control For Display Medium	Hits: 8601
PE-06 Monitoring Physical Access	Hits: 11165
PE-07 Visitor Control	Hits: 7607
PE-08 Access Records	Hits: 6613
PE-09 Power Equipment And Power Cabling	Hits: 9057
PE-10 Emergency Shutoff	Hits: 8527
PE-11 Emergency Power	Hits: 8162
PE-12 Emergency Lighting	Hits: 8305
PE-13 Fire Protection	Hits: 8672
PE-14 Temperature And Humidity Controls	Hits: 8212
PE-15 Water Damage Protection	Hits: 8304
PE-16 Delivery And Removal	Hits: 8626
PE-17 Alternate Work Site	Hits: 6803
PE-18 Location Of Information System Components	Hits: 6820
PE-19 Information Leakage	Hits: 8341
PL-01 Security Planning Policy And Procedures	Hits: 15232
PL-02 System Security Plan	Hits: 10369
PL-03 System Security Plan Update	Hits: 6111
PL-04 Rules Of Behavior	Hits: 11628
PL-05 Privacy Impact Assessment	Hits: 8165
PL-06 Security-Related Activity Planning	Hits: 6404
PS-01 Personnel Security Policy And Procedures	Hits: 12507
PS-02 Position Categorization	Hits: 7114
PS-03 Personnel Screening	Hits: 7763
PS-04 Personnel Termination	Hits: 6495
PS-05 Personnel Transfer	Hits: 6116
PS-06 Access Agreements	Hits: 11023
PS-07 Third-Party Personnel Security	Hits: 10774
PS-08 Personnel Sanctions	Hits: 7858
RA-01 Risk Assessment Policy And Procedures	Hits: 11458
RA-02 Security Categorization	Hits: 13870
RA-03 Risk Assessment	Hits: 15749
RA-04 Risk Assessment Update	Hits: 10579
RA-05 Vulnerability Scanning	Hits: 18146
SA-01 System And Services Acquisition Policy And Procedures	Hits: 15800
SA-02 Allocation Of Resources	Hits: 11771
SA-03 Life Cycle Support	Hits: 13838
SA-04 Acquisitions	Hits: 12968
SA-05 Information System Documentation	Hits: 21606
SA-06 Software Usage Restrictions	Hits: 10477
SA-07 User Installed Software	Hits: 10198
SA-08 Security Engineering Principles	Hits: 17412
SA-09 External Information System Services	Hits: 12765
SA-10 Developer Configuration Management	Hits: 11383
SA-11 Developer Security Testing	Hits: 10004
SC-01 System And Communications Protection Policy And Procedures	Hits: 13867
SC-02 Application Partitioning	Hits: 12894
SC-03 Security Function Isolation	Hits: 15510
SC-04 Information Remnance	Hits: 16637
SC-05 Denial Of Service Protection	Hits: 15334
SC-06 Resource Priority	Hits: 10502
SC-07 Boundary Protection	Hits: 26192
SC-08 Transmission Integrity	Hits: 17840
SC-09 Transmission Confidentiality	Hits: 16666
SC-10 Network Disconnect	Hits: 11039
SC-11 Trusted Path	Hits: 13493
SC-12 Cryptographic Key Establishment And Management	Hits: 14641
SC-13 Use Of Cryptography	Hits: 15571
SC-14 Public Access Protections	Hits: 9332
SC-15 Collaborative Computing	Hits: 11958
SC-16 Transmission Of Security Parameters	Hits: 7108
SC-17 Public Key Infrastructure Certificates	Hits: 7985
SC-18 Mobile Code	Hits: 16289
SC-19 Voice Over Internet Protocol	Hits: 6755
SC-20 Secure Name / Address Resolution Service (Authoritative Source)	Hits: 15820
SC-21 Secure Name / Address Resolution Service (Recursive Or Caching Resolver)	Hits: 9048
SC-22 Architecture And Provisioning For Name / Address Resolution Service	Hits: 8671
SC-23 Session Authenticity	Hits: 16951
SI-01 System And Information Integrity Policy And Procedures	Hits: 12535
SI-02 Flaw Remediation	Hits: 22477
SI-03 Malicious Code Protection	Hits: 20866
SI-04 Information System Monitoring Tools And Techniques	Hits: 22897
SI-05 Security Alerts And Advisories	Hits: 12282
SI-06 Security Functionality Verification	Hits: 17444
SI-07 Software And Information Integrity	Hits: 16512
SI-08 Spam Protection	Hits: 7927
SI-09 Information Input Restrictions	Hits: 8161
SI-10 Information Accuracy, Completeness, Validity, And Authenticity	Hits: 16848
SI-11 Error Handling	Hits: 12290
SI-12 Information Output Handling And Retention	Hits: 9776