Control Catalogue

11.02 Control Catalog

We're on control catalog release 11.02 at the moment, and things have stabilised for this release. The whole control catalog is now in place, but we have ideas to enhance and refine the control format during 2012 to align to the latest release of 800-53. Of course we'd welcome any comments or ideas you may have.

Controls are based on NIST 800-53, and there is a mapping to ISO17799 and COBIT 4.1, with ISO 27002 and PCI DSS available soon.

Using the filter gives you a quick way to hunt through the catalog e.g. 'PS-' gives you all the Personnel Security Family.

List of articles in category 11.02 Control Catalog
Title	Hits
13-05 All Controls	Hits: 32429
13-05 Control mapping (NIST 800-53 vs ISO 17799 / PCI-DSS v2 / COBIT 4.1	Hits: 77335
13-05 Controls catalog SQL export	Hits: 11765
AC-01 Access Control Policies and Procedures	Hits: 51247
AC-02 Account Management	Hits: 35650
AC-03 Access Enforcement	Hits: 38793
AC-04 Information Flow Enforcement	Hits: 41237
AC-05 Separation Of Duties	Hits: 21993
AC-06 Least Privilege	Hits: 21927
AC-07 Unsuccessful Login Attempts	Hits: 20356
AC-08 System Use Notification	Hits: 18841
AC-09 Previous Logon Notification	Hits: 14918
AC-10 Concurrent Session Control	Hits: 16608
AC-11 Session Lock	Hits: 19311
AC-12 Session Termination	Hits: 18552
AC-13 Supervision And Review -- Access Control	Hits: 13645
AC-14 Permitted Actions Without Identification Or Authentication	Hits: 11724
AC-15 Automated Marking	Hits: 10610
AC-16 Automated Labeling	Hits: 9789
AC-17 Remote Access	Hits: 20045
AC-18 Wireless Access Restrictions	Hits: 18489
AC-19 Access Control For Portable And Mobile Devices	Hits: 18287
AC-20 Use Of External Information Systems	Hits: 17681
AT-01 Security Awareness And Training Policy And Procedures	Hits: 20404
AT-02 Security Awareness	Hits: 18376
AT-03 Security Training	Hits: 17857
AT-04 Security Training Records	Hits: 12405
AT-05 Contacts With Security Groups And Associations	Hits: 10058
AU-01 Audit And Accountability Policy And Procedures	Hits: 21151
AU-02 Auditable Events	Hits: 29174
AU-03 Content Of Audit Records	Hits: 18245
AU-04 Audit Storage Capacity	Hits: 14541
AU-05 Response To Audit Processing Failures	Hits: 17907
AU-06 Audit Monitoring, Analysis, And Reporting	Hits: 38946
AU-07 Audit Reduction And Report Generation	Hits: 17409
AU-08 Time Stamps	Hits: 14450
AU-09 Protection Of Audit Information	Hits: 18837
AU-10 Non-Repudiation	Hits: 18548
AU-11 Audit Record Retention	Hits: 16247
CA-01 Certification, Accreditation, And Security Assessment Policies And Procedures	Hits: 18677
CA-02 Security Assessments	Hits: 22417
CA-03 Information System Connections	Hits: 13187
CA-04 Security Certification	Hits: 16804
CA-05 Plan Of Action And Milestones	Hits: 12534
CA-06 Security Accreditation	Hits: 14081
CA-07 Continuous Monitoring	Hits: 20825
CM-01 Configuration Management Policy And Procedures	Hits: 19312
CM-02 Baseline Configuration	Hits: 22431
CM-03 Configuration Change Control	Hits: 21288
CM-04 Monitoring Configuration Changes	Hits: 14545
CM-05 Access Restrictions For Change	Hits: 17474
CM-06 Configuration Settings	Hits: 20823
CM-07 Least Functionality	Hits: 24843
CM-08 Information System Component Inventory	Hits: 18698
CP-01 Contingency Planning Policy And Procedures	Hits: 13722
CP-02 Contingency Plan	Hits: 14395
CP-03 Contingency Training	Hits: 11781
CP-04 Contingency Plan Testing And Exercises	Hits: 19861
CP-05 Contingency Plan Update	Hits: 10762
CP-06 Alternate Storage Site	Hits: 12463
CP-07 Alternate Processing Site	Hits: 14754
CP-08 Telecommunications Services	Hits: 8998
CP-09 Information System Backup	Hits: 17908
CP-10 Information System Recovery And Reconstitution	Hits: 16820
IA-01 Identification And Authentication Policy And Procedures	Hits: 21168
IA-02 User Identification And Authentication	Hits: 29221
IA-03 Device Identification And Authentication	Hits: 25133
IA-04 Identifier Management	Hits: 18433
IA-05 Authenticator Management	Hits: 20244
IA-06 Authenticator Feedback	Hits: 14880
IA-07 Cryptographic Module Authentication	Hits: 20969
IR-01 Incident Response Policy And Procedures	Hits: 15454
IR-02 Incident Response Training	Hits: 13714
IR-03 Incident Response Testing And Exercises	Hits: 15828
IR-04 Incident Handling	Hits: 25692
IR-05 Incident Monitoring	Hits: 13860
IR-06 Incident Reporting	Hits: 13697
IR-07 Incident Response Assistance	Hits: 14257
MA-01 System Maintenance Policy And Procedures	Hits: 13662
MA-02 Controlled Maintenance	Hits: 15070
MA-03 Maintenance Tools	Hits: 12827
MA-04 Remote Maintenance	Hits: 15117
MA-05 Maintenance Personnel	Hits: 10660
MA-06 Timely Maintenance	Hits: 11698
MP-01 Media Protection Policy And Procedures	Hits: 13355
MP-02 Media Access	Hits: 13921
MP-03 Media Labeling	Hits: 9904
MP-04 Media Storage	Hits: 10425
MP-05 Media Transport	Hits: 10548
MP-06 Media Sanitization And Disposal	Hits: 11650
PE-01 Physical And Environmental Protection Policy And Procedures	Hits: 12872
PE-02 Physical Access Authorizations	Hits: 11457
PE-03 Physical Access Control	Hits: 15298
PE-04 Access Control For Transmission Medium	Hits: 11086
PE-05 Access Control For Display Medium	Hits: 10222
PE-06 Monitoring Physical Access	Hits: 13278
PE-07 Visitor Control	Hits: 9127
PE-08 Access Records	Hits: 7845
PE-09 Power Equipment And Power Cabling	Hits: 10680
PE-10 Emergency Shutoff	Hits: 10464
PE-11 Emergency Power	Hits: 9881
PE-12 Emergency Lighting	Hits: 9899
PE-13 Fire Protection	Hits: 10417
PE-14 Temperature And Humidity Controls	Hits: 9735
PE-15 Water Damage Protection	Hits: 10197
PE-16 Delivery And Removal	Hits: 10293
PE-17 Alternate Work Site	Hits: 7990
PE-18 Location Of Information System Components	Hits: 8044
PE-19 Information Leakage	Hits: 9987
PL-01 Security Planning Policy And Procedures	Hits: 17546
PL-02 System Security Plan	Hits: 13001
PL-03 System Security Plan Update	Hits: 7333
PL-04 Rules Of Behavior	Hits: 14371
PL-05 Privacy Impact Assessment	Hits: 9710
PL-06 Security-Related Activity Planning	Hits: 7588
PS-01 Personnel Security Policy And Procedures	Hits: 14554
PS-02 Position Categorization	Hits: 8373
PS-03 Personnel Screening	Hits: 9306
PS-04 Personnel Termination	Hits: 7801
PS-05 Personnel Transfer	Hits: 7318
PS-06 Access Agreements	Hits: 13529
PS-07 Third-Party Personnel Security	Hits: 12736
PS-08 Personnel Sanctions	Hits: 9192
RA-01 Risk Assessment Policy And Procedures	Hits: 13348
RA-02 Security Categorization	Hits: 16427
RA-03 Risk Assessment	Hits: 18823
RA-04 Risk Assessment Update	Hits: 12864
RA-05 Vulnerability Scanning	Hits: 22625
SA-01 System And Services Acquisition Policy And Procedures	Hits: 18127
SA-02 Allocation Of Resources	Hits: 14509
SA-03 Life Cycle Support	Hits: 16640
SA-04 Acquisitions	Hits: 15654
SA-05 Information System Documentation	Hits: 26701
SA-06 Software Usage Restrictions	Hits: 12625
SA-07 User Installed Software	Hits: 12290
SA-08 Security Engineering Principles	Hits: 19990
SA-09 External Information System Services	Hits: 14913
SA-10 Developer Configuration Management	Hits: 13787
SA-11 Developer Security Testing	Hits: 11816
SC-01 System And Communications Protection Policy And Procedures	Hits: 15914
SC-02 Application Partitioning	Hits: 15421
SC-03 Security Function Isolation	Hits: 18690
SC-04 Information Remnance	Hits: 19394
SC-05 Denial Of Service Protection	Hits: 18624
SC-06 Resource Priority	Hits: 12744
SC-07 Boundary Protection	Hits: 31486
SC-08 Transmission Integrity	Hits: 21346
SC-09 Transmission Confidentiality	Hits: 20010
SC-10 Network Disconnect	Hits: 13401
SC-11 Trusted Path	Hits: 16164
SC-12 Cryptographic Key Establishment And Management	Hits: 17603
SC-13 Use Of Cryptography	Hits: 19623
SC-14 Public Access Protections	Hits: 11035
SC-15 Collaborative Computing	Hits: 13831
SC-16 Transmission Of Security Parameters	Hits: 8419
SC-17 Public Key Infrastructure Certificates	Hits: 9575
SC-18 Mobile Code	Hits: 19981
SC-19 Voice Over Internet Protocol	Hits: 7987
SC-20 Secure Name / Address Resolution Service (Authoritative Source)	Hits: 19594
SC-21 Secure Name / Address Resolution Service (Recursive Or Caching Resolver)	Hits: 10928
SC-22 Architecture And Provisioning For Name / Address Resolution Service	Hits: 10731
SC-23 Session Authenticity	Hits: 20344
SI-01 System And Information Integrity Policy And Procedures	Hits: 14400
SI-02 Flaw Remediation	Hits: 28096
SI-03 Malicious Code Protection	Hits: 24278
SI-04 Information System Monitoring Tools And Techniques	Hits: 27141
SI-05 Security Alerts And Advisories	Hits: 15080
SI-06 Security Functionality Verification	Hits: 20808
SI-07 Software And Information Integrity	Hits: 19235
SI-08 Spam Protection	Hits: 9744
SI-09 Information Input Restrictions	Hits: 9876
SI-10 Information Accuracy, Completeness, Validity, And Authenticity	Hits: 19200
SI-11 Error Handling	Hits: 15052
SI-12 Information Output Handling And Retention	Hits: 11516