Control Catalogue

11.02 Control Catalog

We're on control catalog release 11.02 at the moment, and things have stabilised for this release. The whole control catalog is now in place, but we have ideas to enhance and refine the control format during 2012 to align to the latest release of 800-53. Of course we'd welcome any comments or ideas you may have.

Controls are based on NIST 800-53, and there is a mapping to ISO17799 and COBIT 4.1, with ISO 27002 and PCI DSS available soon.

Using the filter gives you a quick way to hunt through the catalog e.g. 'PS-' gives you all the Personnel Security Family.

List of articles in category 11.02 Control Catalog
Title	Hits
13-05 All Controls	Hits: 32162
13-05 Control mapping (NIST 800-53 vs ISO 17799 / PCI-DSS v2 / COBIT 4.1	Hits: 76743
13-05 Controls catalog SQL export	Hits: 11545
AC-01 Access Control Policies and Procedures	Hits: 50728
AC-02 Account Management	Hits: 35035
AC-03 Access Enforcement	Hits: 38237
AC-04 Information Flow Enforcement	Hits: 40363
AC-05 Separation Of Duties	Hits: 21585
AC-06 Least Privilege	Hits: 21490
AC-07 Unsuccessful Login Attempts	Hits: 20011
AC-08 System Use Notification	Hits: 18376
AC-09 Previous Logon Notification	Hits: 14687
AC-10 Concurrent Session Control	Hits: 16309
AC-11 Session Lock	Hits: 18999
AC-12 Session Termination	Hits: 18187
AC-13 Supervision And Review -- Access Control	Hits: 13389
AC-14 Permitted Actions Without Identification Or Authentication	Hits: 11555
AC-15 Automated Marking	Hits: 10393
AC-16 Automated Labeling	Hits: 9551
AC-17 Remote Access	Hits: 19684
AC-18 Wireless Access Restrictions	Hits: 18150
AC-19 Access Control For Portable And Mobile Devices	Hits: 17943
AC-20 Use Of External Information Systems	Hits: 17405
AT-01 Security Awareness And Training Policy And Procedures	Hits: 20000
AT-02 Security Awareness	Hits: 18071
AT-03 Security Training	Hits: 17563
AT-04 Security Training Records	Hits: 12164
AT-05 Contacts With Security Groups And Associations	Hits: 9870
AU-01 Audit And Accountability Policy And Procedures	Hits: 20837
AU-02 Auditable Events	Hits: 28697
AU-03 Content Of Audit Records	Hits: 17898
AU-04 Audit Storage Capacity	Hits: 14270
AU-05 Response To Audit Processing Failures	Hits: 17587
AU-06 Audit Monitoring, Analysis, And Reporting	Hits: 37918
AU-07 Audit Reduction And Report Generation	Hits: 17164
AU-08 Time Stamps	Hits: 14150
AU-09 Protection Of Audit Information	Hits: 18407
AU-10 Non-Repudiation	Hits: 18252
AU-11 Audit Record Retention	Hits: 15924
CA-01 Certification, Accreditation, And Security Assessment Policies And Procedures	Hits: 18374
CA-02 Security Assessments	Hits: 22044
CA-03 Information System Connections	Hits: 12960
CA-04 Security Certification	Hits: 16501
CA-05 Plan Of Action And Milestones	Hits: 12258
CA-06 Security Accreditation	Hits: 13799
CA-07 Continuous Monitoring	Hits: 20451
CM-01 Configuration Management Policy And Procedures	Hits: 18978
CM-02 Baseline Configuration	Hits: 22072
CM-03 Configuration Change Control	Hits: 20899
CM-04 Monitoring Configuration Changes	Hits: 14195
CM-05 Access Restrictions For Change	Hits: 17185
CM-06 Configuration Settings	Hits: 20052
CM-07 Least Functionality	Hits: 24511
CM-08 Information System Component Inventory	Hits: 18349
CP-01 Contingency Planning Policy And Procedures	Hits: 13490
CP-02 Contingency Plan	Hits: 14091
CP-03 Contingency Training	Hits: 11540
CP-04 Contingency Plan Testing And Exercises	Hits: 19562
CP-05 Contingency Plan Update	Hits: 10548
CP-06 Alternate Storage Site	Hits: 12198
CP-07 Alternate Processing Site	Hits: 14484
CP-08 Telecommunications Services	Hits: 8812
CP-09 Information System Backup	Hits: 17608
CP-10 Information System Recovery And Reconstitution	Hits: 16501
IA-01 Identification And Authentication Policy And Procedures	Hits: 20814
IA-02 User Identification And Authentication	Hits: 28751
IA-03 Device Identification And Authentication	Hits: 24621
IA-04 Identifier Management	Hits: 17979
IA-05 Authenticator Management	Hits: 19957
IA-06 Authenticator Feedback	Hits: 14619
IA-07 Cryptographic Module Authentication	Hits: 20652
IR-01 Incident Response Policy And Procedures	Hits: 15175
IR-02 Incident Response Training	Hits: 13431
IR-03 Incident Response Testing And Exercises	Hits: 15534
IR-04 Incident Handling	Hits: 25101
IR-05 Incident Monitoring	Hits: 13590
IR-06 Incident Reporting	Hits: 13422
IR-07 Incident Response Assistance	Hits: 13982
MA-01 System Maintenance Policy And Procedures	Hits: 13461
MA-02 Controlled Maintenance	Hits: 14797
MA-03 Maintenance Tools	Hits: 12596
MA-04 Remote Maintenance	Hits: 14838
MA-05 Maintenance Personnel	Hits: 10451
MA-06 Timely Maintenance	Hits: 11474
MP-01 Media Protection Policy And Procedures	Hits: 13115
MP-02 Media Access	Hits: 13644
MP-03 Media Labeling	Hits: 9712
MP-04 Media Storage	Hits: 10200
MP-05 Media Transport	Hits: 10317
MP-06 Media Sanitization And Disposal	Hits: 11411
PE-01 Physical And Environmental Protection Policy And Procedures	Hits: 12603
PE-02 Physical Access Authorizations	Hits: 11219
PE-03 Physical Access Control	Hits: 14980
PE-04 Access Control For Transmission Medium	Hits: 10883
PE-05 Access Control For Display Medium	Hits: 10024
PE-06 Monitoring Physical Access	Hits: 13025
PE-07 Visitor Control	Hits: 8896
PE-08 Access Records	Hits: 7672
PE-09 Power Equipment And Power Cabling	Hits: 10479
PE-10 Emergency Shutoff	Hits: 10221
PE-11 Emergency Power	Hits: 9657
PE-12 Emergency Lighting	Hits: 9690
PE-13 Fire Protection	Hits: 10176
PE-14 Temperature And Humidity Controls	Hits: 9523
PE-15 Water Damage Protection	Hits: 9958
PE-16 Delivery And Removal	Hits: 10041
PE-17 Alternate Work Site	Hits: 7836
PE-18 Location Of Information System Components	Hits: 7873
PE-19 Information Leakage	Hits: 9803
PL-01 Security Planning Policy And Procedures	Hits: 17316
PL-02 System Security Plan	Hits: 12696
PL-03 System Security Plan Update	Hits: 7179
PL-04 Rules Of Behavior	Hits: 14089
PL-05 Privacy Impact Assessment	Hits: 9506
PL-06 Security-Related Activity Planning	Hits: 7443
PS-01 Personnel Security Policy And Procedures	Hits: 14302
PS-02 Position Categorization	Hits: 8221
PS-03 Personnel Screening	Hits: 9121
PS-04 Personnel Termination	Hits: 7621
PS-05 Personnel Transfer	Hits: 7162
PS-06 Access Agreements	Hits: 13250
PS-07 Third-Party Personnel Security	Hits: 12506
PS-08 Personnel Sanctions	Hits: 9032
RA-01 Risk Assessment Policy And Procedures	Hits: 13134
RA-02 Security Categorization	Hits: 16133
RA-03 Risk Assessment	Hits: 18488
RA-04 Risk Assessment Update	Hits: 12596
RA-05 Vulnerability Scanning	Hits: 22202
SA-01 System And Services Acquisition Policy And Procedures	Hits: 17863
SA-02 Allocation Of Resources	Hits: 14187
SA-03 Life Cycle Support	Hits: 16345
SA-04 Acquisitions	Hits: 15344
SA-05 Information System Documentation	Hits: 26113
SA-06 Software Usage Restrictions	Hits: 12365
SA-07 User Installed Software	Hits: 12015
SA-08 Security Engineering Principles	Hits: 19689
SA-09 External Information System Services	Hits: 14694
SA-10 Developer Configuration Management	Hits: 13492
SA-11 Developer Security Testing	Hits: 11594
SC-01 System And Communications Protection Policy And Procedures	Hits: 15678
SC-02 Application Partitioning	Hits: 15135
SC-03 Security Function Isolation	Hits: 18353
SC-04 Information Remnance	Hits: 19131
SC-05 Denial Of Service Protection	Hits: 18279
SC-06 Resource Priority	Hits: 12482
SC-07 Boundary Protection	Hits: 30861
SC-08 Transmission Integrity	Hits: 21014
SC-09 Transmission Confidentiality	Hits: 19701
SC-10 Network Disconnect	Hits: 13133
SC-11 Trusted Path	Hits: 15863
SC-12 Cryptographic Key Establishment And Management	Hits: 17254
SC-13 Use Of Cryptography	Hits: 19221
SC-14 Public Access Protections	Hits: 10836
SC-15 Collaborative Computing	Hits: 13582
SC-16 Transmission Of Security Parameters	Hits: 8271
SC-17 Public Key Infrastructure Certificates	Hits: 9383
SC-18 Mobile Code	Hits: 19629
SC-19 Voice Over Internet Protocol	Hits: 7831
SC-20 Secure Name / Address Resolution Service (Authoritative Source)	Hits: 19167
SC-21 Secure Name / Address Resolution Service (Recursive Or Caching Resolver)	Hits: 10664
SC-22 Architecture And Provisioning For Name / Address Resolution Service	Hits: 10499
SC-23 Session Authenticity	Hits: 20020
SI-01 System And Information Integrity Policy And Procedures	Hits: 14198
SI-02 Flaw Remediation	Hits: 27484
SI-03 Malicious Code Protection	Hits: 23901
SI-04 Information System Monitoring Tools And Techniques	Hits: 26728
SI-05 Security Alerts And Advisories	Hits: 14787
SI-06 Security Functionality Verification	Hits: 20494
SI-07 Software And Information Integrity	Hits: 18942
SI-08 Spam Protection	Hits: 9516
SI-09 Information Input Restrictions	Hits: 9695
SI-10 Information Accuracy, Completeness, Validity, And Authenticity	Hits: 18911
SI-11 Error Handling	Hits: 14777
SI-12 Information Output Handling And Retention	Hits: 11324