Control Catalogue

11.02 Control Catalog

We're on control catalog release 11.02 at the moment, and things have stabilised for this release. The whole control catalog is now in place, but we have ideas to enhance and refine the control format during 2012 to align to the latest release of 800-53. Of course we'd welcome any comments or ideas you may have.

Controls are based on NIST 800-53, and there is a mapping to ISO17799 and COBIT 4.1, with ISO 27002 and PCI DSS available soon.

Using the filter gives you a quick way to hunt through the catalog e.g. 'PS-' gives you all the Personnel Security Family.

List of articles in category 11.02 Control Catalog
Title	Hits
13-05 All Controls	Hits: 32259
13-05 Control mapping (NIST 800-53 vs ISO 17799 / PCI-DSS v2 / COBIT 4.1	Hits: 76963
13-05 Controls catalog SQL export	Hits: 11628
AC-01 Access Control Policies and Procedures	Hits: 50952
AC-02 Account Management	Hits: 35287
AC-03 Access Enforcement	Hits: 38456
AC-04 Information Flow Enforcement	Hits: 40746
AC-05 Separation Of Duties	Hits: 21757
AC-06 Least Privilege	Hits: 21664
AC-07 Unsuccessful Login Attempts	Hits: 20154
AC-08 System Use Notification	Hits: 18565
AC-09 Previous Logon Notification	Hits: 14784
AC-10 Concurrent Session Control	Hits: 16432
AC-11 Session Lock	Hits: 19146
AC-12 Session Termination	Hits: 18348
AC-13 Supervision And Review -- Access Control	Hits: 13497
AC-14 Permitted Actions Without Identification Or Authentication	Hits: 11623
AC-15 Automated Marking	Hits: 10481
AC-16 Automated Labeling	Hits: 9661
AC-17 Remote Access	Hits: 19828
AC-18 Wireless Access Restrictions	Hits: 18282
AC-19 Access Control For Portable And Mobile Devices	Hits: 18098
AC-20 Use Of External Information Systems	Hits: 17530
AT-01 Security Awareness And Training Policy And Procedures	Hits: 20161
AT-02 Security Awareness	Hits: 18208
AT-03 Security Training	Hits: 17695
AT-04 Security Training Records	Hits: 12273
AT-05 Contacts With Security Groups And Associations	Hits: 9948
AU-01 Audit And Accountability Policy And Procedures	Hits: 20960
AU-02 Auditable Events	Hits: 28892
AU-03 Content Of Audit Records	Hits: 18057
AU-04 Audit Storage Capacity	Hits: 14393
AU-05 Response To Audit Processing Failures	Hits: 17731
AU-06 Audit Monitoring, Analysis, And Reporting	Hits: 38346
AU-07 Audit Reduction And Report Generation	Hits: 17263
AU-08 Time Stamps	Hits: 14277
AU-09 Protection Of Audit Information	Hits: 18598
AU-10 Non-Repudiation	Hits: 18390
AU-11 Audit Record Retention	Hits: 16067
CA-01 Certification, Accreditation, And Security Assessment Policies And Procedures	Hits: 18508
CA-02 Security Assessments	Hits: 22198
CA-03 Information System Connections	Hits: 13056
CA-04 Security Certification	Hits: 16632
CA-05 Plan Of Action And Milestones	Hits: 12395
CA-06 Security Accreditation	Hits: 13918
CA-07 Continuous Monitoring	Hits: 20617
CM-01 Configuration Management Policy And Procedures	Hits: 19126
CM-02 Baseline Configuration	Hits: 22220
CM-03 Configuration Change Control	Hits: 21056
CM-04 Monitoring Configuration Changes	Hits: 14345
CM-05 Access Restrictions For Change	Hits: 17304
CM-06 Configuration Settings	Hits: 20365
CM-07 Least Functionality	Hits: 24643
CM-08 Information System Component Inventory	Hits: 18479
CP-01 Contingency Planning Policy And Procedures	Hits: 13589
CP-02 Contingency Plan	Hits: 14221
CP-03 Contingency Training	Hits: 11651
CP-04 Contingency Plan Testing And Exercises	Hits: 19688
CP-05 Contingency Plan Update	Hits: 10631
CP-06 Alternate Storage Site	Hits: 12306
CP-07 Alternate Processing Site	Hits: 14591
CP-08 Telecommunications Services	Hits: 8896
CP-09 Information System Backup	Hits: 17731
CP-10 Information System Recovery And Reconstitution	Hits: 16625
IA-01 Identification And Authentication Policy And Procedures	Hits: 20954
IA-02 User Identification And Authentication	Hits: 28941
IA-03 Device Identification And Authentication	Hits: 24846
IA-04 Identifier Management	Hits: 18176
IA-05 Authenticator Management	Hits: 20067
IA-06 Authenticator Feedback	Hits: 14728
IA-07 Cryptographic Module Authentication	Hits: 20780
IR-01 Incident Response Policy And Procedures	Hits: 15291
IR-02 Incident Response Training	Hits: 13558
IR-03 Incident Response Testing And Exercises	Hits: 15648
IR-04 Incident Handling	Hits: 25349
IR-05 Incident Monitoring	Hits: 13700
IR-06 Incident Reporting	Hits: 13530
IR-07 Incident Response Assistance	Hits: 14096
MA-01 System Maintenance Policy And Procedures	Hits: 13535
MA-02 Controlled Maintenance	Hits: 14905
MA-03 Maintenance Tools	Hits: 12686
MA-04 Remote Maintenance	Hits: 14948
MA-05 Maintenance Personnel	Hits: 10529
MA-06 Timely Maintenance	Hits: 11562
MP-01 Media Protection Policy And Procedures	Hits: 13224
MP-02 Media Access	Hits: 13757
MP-03 Media Labeling	Hits: 9790
MP-04 Media Storage	Hits: 10298
MP-05 Media Transport	Hits: 10411
MP-06 Media Sanitization And Disposal	Hits: 11500
PE-01 Physical And Environmental Protection Policy And Procedures	Hits: 12720
PE-02 Physical Access Authorizations	Hits: 11304
PE-03 Physical Access Control	Hits: 15105
PE-04 Access Control For Transmission Medium	Hits: 10972
PE-05 Access Control For Display Medium	Hits: 10101
PE-06 Monitoring Physical Access	Hits: 13128
PE-07 Visitor Control	Hits: 8989
PE-08 Access Records	Hits: 7744
PE-09 Power Equipment And Power Cabling	Hits: 10556
PE-10 Emergency Shutoff	Hits: 10324
PE-11 Emergency Power	Hits: 9760
PE-12 Emergency Lighting	Hits: 9778
PE-13 Fire Protection	Hits: 10270
PE-14 Temperature And Humidity Controls	Hits: 9605
PE-15 Water Damage Protection	Hits: 10061
PE-16 Delivery And Removal	Hits: 10153
PE-17 Alternate Work Site	Hits: 7896
PE-18 Location Of Information System Components	Hits: 7944
PE-19 Information Leakage	Hits: 9872
PL-01 Security Planning Policy And Procedures	Hits: 17408
PL-02 System Security Plan	Hits: 12820
PL-03 System Security Plan Update	Hits: 7240
PL-04 Rules Of Behavior	Hits: 14206
PL-05 Privacy Impact Assessment	Hits: 9585
PL-06 Security-Related Activity Planning	Hits: 7501
PS-01 Personnel Security Policy And Procedures	Hits: 14389
PS-02 Position Categorization	Hits: 8279
PS-03 Personnel Screening	Hits: 9186
PS-04 Personnel Termination	Hits: 7697
PS-05 Personnel Transfer	Hits: 7222
PS-06 Access Agreements	Hits: 13363
PS-07 Third-Party Personnel Security	Hits: 12599
PS-08 Personnel Sanctions	Hits: 9092
RA-01 Risk Assessment Policy And Procedures	Hits: 13225
RA-02 Security Categorization	Hits: 16249
RA-03 Risk Assessment	Hits: 18620
RA-04 Risk Assessment Update	Hits: 12711
RA-05 Vulnerability Scanning	Hits: 22378
SA-01 System And Services Acquisition Policy And Procedures	Hits: 17969
SA-02 Allocation Of Resources	Hits: 14311
SA-03 Life Cycle Support	Hits: 16473
SA-04 Acquisitions	Hits: 15474
SA-05 Information System Documentation	Hits: 26369
SA-06 Software Usage Restrictions	Hits: 12466
SA-07 User Installed Software	Hits: 12136
SA-08 Security Engineering Principles	Hits: 19818
SA-09 External Information System Services	Hits: 14788
SA-10 Developer Configuration Management	Hits: 13613
SA-11 Developer Security Testing	Hits: 11687
SC-01 System And Communications Protection Policy And Procedures	Hits: 15778
SC-02 Application Partitioning	Hits: 15258
SC-03 Security Function Isolation	Hits: 18501
SC-04 Information Remnance	Hits: 19237
SC-05 Denial Of Service Protection	Hits: 18435
SC-06 Resource Priority	Hits: 12589
SC-07 Boundary Protection	Hits: 31120
SC-08 Transmission Integrity	Hits: 21155
SC-09 Transmission Confidentiality	Hits: 19829
SC-10 Network Disconnect	Hits: 13243
SC-11 Trusted Path	Hits: 15983
SC-12 Cryptographic Key Establishment And Management	Hits: 17397
SC-13 Use Of Cryptography	Hits: 19385
SC-14 Public Access Protections	Hits: 10912
SC-15 Collaborative Computing	Hits: 13681
SC-16 Transmission Of Security Parameters	Hits: 8332
SC-17 Public Key Infrastructure Certificates	Hits: 9465
SC-18 Mobile Code	Hits: 19779
SC-19 Voice Over Internet Protocol	Hits: 7891
SC-20 Secure Name / Address Resolution Service (Authoritative Source)	Hits: 19362
SC-21 Secure Name / Address Resolution Service (Recursive Or Caching Resolver)	Hits: 10771
SC-22 Architecture And Provisioning For Name / Address Resolution Service	Hits: 10592
SC-23 Session Authenticity	Hits: 20156
SI-01 System And Information Integrity Policy And Procedures	Hits: 14276
SI-02 Flaw Remediation	Hits: 27737
SI-03 Malicious Code Protection	Hits: 24073
SI-04 Information System Monitoring Tools And Techniques	Hits: 26899
SI-05 Security Alerts And Advisories	Hits: 14904
SI-06 Security Functionality Verification	Hits: 20624
SI-07 Software And Information Integrity	Hits: 19057
SI-08 Spam Protection	Hits: 9611
SI-09 Information Input Restrictions	Hits: 9771
SI-10 Information Accuracy, Completeness, Validity, And Authenticity	Hits: 19023
SI-11 Error Handling	Hits: 14887
SI-12 Information Output Handling And Retention	Hits: 11403