Control Catalogue

11.02 Control Catalog

We're on control catalog release 11.02 at the moment, and things have stabilised for this release. The whole control catalog is now in place, but we have ideas to enhance and refine the control format during 2012 to align to the latest release of 800-53. Of course we'd welcome any comments or ideas you may have.

Controls are based on NIST 800-53, and there is a mapping to ISO17799 and COBIT 4.1, with ISO 27002 and PCI DSS available soon.

Using the filter gives you a quick way to hunt through the catalog e.g. 'PS-' gives you all the Personnel Security Family.

List of articles in category 11.02 Control Catalog
Title	Hits
13-05 All Controls	Hits: 28253
13-05 Control mapping (NIST 800-53 vs ISO 17799 / PCI-DSS v2 / COBIT 4.1	Hits: 70135
13-05 Controls catalog SQL export	Hits: 9849
AC-01 Access Control Policies and Procedures	Hits: 44910
AC-02 Account Management	Hits: 28773
AC-03 Access Enforcement	Hits: 32168
AC-04 Information Flow Enforcement	Hits: 33255
AC-05 Separation Of Duties	Hits: 18252
AC-06 Least Privilege	Hits: 18139
AC-07 Unsuccessful Login Attempts	Hits: 17101
AC-08 System Use Notification	Hits: 14749
AC-09 Previous Logon Notification	Hits: 12799
AC-10 Concurrent Session Control	Hits: 14272
AC-11 Session Lock	Hits: 16602
AC-12 Session Termination	Hits: 15302
AC-13 Supervision And Review -- Access Control	Hits: 11178
AC-14 Permitted Actions Without Identification Or Authentication	Hits: 10030
AC-15 Automated Marking	Hits: 8521
AC-16 Automated Labeling	Hits: 7962
AC-17 Remote Access	Hits: 16674
AC-18 Wireless Access Restrictions	Hits: 15424
AC-19 Access Control For Portable And Mobile Devices	Hits: 15081
AC-20 Use Of External Information Systems	Hits: 14952
AT-01 Security Awareness And Training Policy And Procedures	Hits: 17185
AT-02 Security Awareness	Hits: 15431
AT-03 Security Training	Hits: 14885
AT-04 Security Training Records	Hits: 10260
AT-05 Contacts With Security Groups And Associations	Hits: 8469
AU-01 Audit And Accountability Policy And Procedures	Hits: 18576
AU-02 Auditable Events	Hits: 24284
AU-03 Content Of Audit Records	Hits: 14949
AU-04 Audit Storage Capacity	Hits: 12148
AU-05 Response To Audit Processing Failures	Hits: 15157
AU-06 Audit Monitoring, Analysis, And Reporting	Hits: 30965
AU-07 Audit Reduction And Report Generation	Hits: 15206
AU-08 Time Stamps	Hits: 11849
AU-09 Protection Of Audit Information	Hits: 15101
AU-10 Non-Repudiation	Hits: 16004
AU-11 Audit Record Retention	Hits: 13673
CA-01 Certification, Accreditation, And Security Assessment Policies And Procedures	Hits: 15191
CA-02 Security Assessments	Hits: 18906
CA-03 Information System Connections	Hits: 11157
CA-04 Security Certification	Hits: 13875
CA-05 Plan Of Action And Milestones	Hits: 10047
CA-06 Security Accreditation	Hits: 11679
CA-07 Continuous Monitoring	Hits: 17289
CM-01 Configuration Management Policy And Procedures	Hits: 16470
CM-02 Baseline Configuration	Hits: 18947
CM-03 Configuration Change Control	Hits: 17172
CM-04 Monitoring Configuration Changes	Hits: 11592
CM-05 Access Restrictions For Change	Hits: 14669
CM-06 Configuration Settings	Hits: 14157
CM-07 Least Functionality	Hits: 21451
CM-08 Information System Component Inventory	Hits: 15304
CP-01 Contingency Planning Policy And Procedures	Hits: 11813
CP-02 Contingency Plan	Hits: 11945
CP-03 Contingency Training	Hits: 9925
CP-04 Contingency Plan Testing And Exercises	Hits: 17302
CP-05 Contingency Plan Update	Hits: 9058
CP-06 Alternate Storage Site	Hits: 10332
CP-07 Alternate Processing Site	Hits: 12597
CP-08 Telecommunications Services	Hits: 7559
CP-09 Information System Backup	Hits: 15165
CP-10 Information System Recovery And Reconstitution	Hits: 14280
IA-01 Identification And Authentication Policy And Procedures	Hits: 17928
IA-02 User Identification And Authentication	Hits: 24388
IA-03 Device Identification And Authentication	Hits: 20815
IA-04 Identifier Management	Hits: 14574
IA-05 Authenticator Management	Hits: 17556
IA-06 Authenticator Feedback	Hits: 12136
IA-07 Cryptographic Module Authentication	Hits: 17840
IR-01 Incident Response Policy And Procedures	Hits: 13225
IR-02 Incident Response Training	Hits: 11348
IR-03 Incident Response Testing And Exercises	Hits: 13720
IR-04 Incident Handling	Hits: 20915
IR-05 Incident Monitoring	Hits: 11506
IR-06 Incident Reporting	Hits: 11446
IR-07 Incident Response Assistance	Hits: 11742
MA-01 System Maintenance Policy And Procedures	Hits: 11921
MA-02 Controlled Maintenance	Hits: 12581
MA-03 Maintenance Tools	Hits: 10941
MA-04 Remote Maintenance	Hits: 12527
MA-05 Maintenance Personnel	Hits: 8954
MA-06 Timely Maintenance	Hits: 10043
MP-01 Media Protection Policy And Procedures	Hits: 11543
MP-02 Media Access	Hits: 11420
MP-03 Media Labeling	Hits: 8239
MP-04 Media Storage	Hits: 8670
MP-05 Media Transport	Hits: 8850
MP-06 Media Sanitization And Disposal	Hits: 9709
PE-01 Physical And Environmental Protection Policy And Procedures	Hits: 11111
PE-02 Physical Access Authorizations	Hits: 9708
PE-03 Physical Access Control	Hits: 12482
PE-04 Access Control For Transmission Medium	Hits: 9444
PE-05 Access Control For Display Medium	Hits: 8648
PE-06 Monitoring Physical Access	Hits: 11224
PE-07 Visitor Control	Hits: 7644
PE-08 Access Records	Hits: 6642
PE-09 Power Equipment And Power Cabling	Hits: 9103
PE-10 Emergency Shutoff	Hits: 8576
PE-11 Emergency Power	Hits: 8216
PE-12 Emergency Lighting	Hits: 8357
PE-13 Fire Protection	Hits: 8717
PE-14 Temperature And Humidity Controls	Hits: 8257
PE-15 Water Damage Protection	Hits: 8343
PE-16 Delivery And Removal	Hits: 8675
PE-17 Alternate Work Site	Hits: 6833
PE-18 Location Of Information System Components	Hits: 6838
PE-19 Information Leakage	Hits: 8398
PL-01 Security Planning Policy And Procedures	Hits: 15286
PL-02 System Security Plan	Hits: 10429
PL-03 System Security Plan Update	Hits: 6135
PL-04 Rules Of Behavior	Hits: 11710
PL-05 Privacy Impact Assessment	Hits: 8209
PL-06 Security-Related Activity Planning	Hits: 6430
PS-01 Personnel Security Policy And Procedures	Hits: 12560
PS-02 Position Categorization	Hits: 7148
PS-03 Personnel Screening	Hits: 7806
PS-04 Personnel Termination	Hits: 6533
PS-05 Personnel Transfer	Hits: 6149
PS-06 Access Agreements	Hits: 11092
PS-07 Third-Party Personnel Security	Hits: 10828
PS-08 Personnel Sanctions	Hits: 7884
RA-01 Risk Assessment Policy And Procedures	Hits: 11512
RA-02 Security Categorization	Hits: 13936
RA-03 Risk Assessment	Hits: 15827
RA-04 Risk Assessment Update	Hits: 10640
RA-05 Vulnerability Scanning	Hits: 18246
SA-01 System And Services Acquisition Policy And Procedures	Hits: 15860
SA-02 Allocation Of Resources	Hits: 11836
SA-03 Life Cycle Support	Hits: 13940
SA-04 Acquisitions	Hits: 13032
SA-05 Information System Documentation	Hits: 21768
SA-06 Software Usage Restrictions	Hits: 10536
SA-07 User Installed Software	Hits: 10262
SA-08 Security Engineering Principles	Hits: 17481
SA-09 External Information System Services	Hits: 12826
SA-10 Developer Configuration Management	Hits: 11449
SA-11 Developer Security Testing	Hits: 10057
SC-01 System And Communications Protection Policy And Procedures	Hits: 13918
SC-02 Application Partitioning	Hits: 12958
SC-03 Security Function Isolation	Hits: 15590
SC-04 Information Remnance	Hits: 16703
SC-05 Denial Of Service Protection	Hits: 15421
SC-06 Resource Priority	Hits: 10562
SC-07 Boundary Protection	Hits: 26323
SC-08 Transmission Integrity	Hits: 17940
SC-09 Transmission Confidentiality	Hits: 16748
SC-10 Network Disconnect	Hits: 11096
SC-11 Trusted Path	Hits: 13569
SC-12 Cryptographic Key Establishment And Management	Hits: 14708
SC-13 Use Of Cryptography	Hits: 15665
SC-14 Public Access Protections	Hits: 9393
SC-15 Collaborative Computing	Hits: 12002
SC-16 Transmission Of Security Parameters	Hits: 7135
SC-17 Public Key Infrastructure Certificates	Hits: 8025
SC-18 Mobile Code	Hits: 16381
SC-19 Voice Over Internet Protocol	Hits: 6785
SC-20 Secure Name / Address Resolution Service (Authoritative Source)	Hits: 15913
SC-21 Secure Name / Address Resolution Service (Recursive Or Caching Resolver)	Hits: 9092
SC-22 Architecture And Provisioning For Name / Address Resolution Service	Hits: 8727
SC-23 Session Authenticity	Hits: 17018
SI-01 System And Information Integrity Policy And Procedures	Hits: 12594
SI-02 Flaw Remediation	Hits: 22623
SI-03 Malicious Code Protection	Hits: 20955
SI-04 Information System Monitoring Tools And Techniques	Hits: 23009
SI-05 Security Alerts And Advisories	Hits: 12344
SI-06 Security Functionality Verification	Hits: 17539
SI-07 Software And Information Integrity	Hits: 16579
SI-08 Spam Protection	Hits: 7986
SI-09 Information Input Restrictions	Hits: 8206
SI-10 Information Accuracy, Completeness, Validity, And Authenticity	Hits: 16916
SI-11 Error Handling	Hits: 12367
SI-12 Information Output Handling And Retention	Hits: 9825