Control Catalogue

11.02 Control Catalog

We're on control catalog release 11.02 at the moment, and things have stabilised for this release. The whole control catalog is now in place, but we have ideas to enhance and refine the control format during 2012 to align to the latest release of 800-53. Of course we'd welcome any comments or ideas you may have.

Controls are based on NIST 800-53, and there is a mapping to ISO17799 and COBIT 4.1, with ISO 27002 and PCI DSS available soon.

Using the filter gives you a quick way to hunt through the catalog e.g. 'PS-' gives you all the Personnel Security Family.

List of articles in category 11.02 Control Catalog
Title	Hits
13-05 All Controls	Hits: 28156
13-05 Control mapping (NIST 800-53 vs ISO 17799 / PCI-DSS v2 / COBIT 4.1	Hits: 70143
13-05 Controls catalog SQL export	Hits: 9892
AC-01 Access Control Policies and Procedures	Hits: 44858
AC-02 Account Management	Hits: 28787
AC-03 Access Enforcement	Hits: 32175
AC-04 Information Flow Enforcement	Hits: 33426
AC-05 Separation Of Duties	Hits: 18291
AC-06 Least Privilege	Hits: 18190
AC-07 Unsuccessful Login Attempts	Hits: 17154
AC-08 System Use Notification	Hits: 14759
AC-09 Previous Logon Notification	Hits: 12835
AC-10 Concurrent Session Control	Hits: 14338
AC-11 Session Lock	Hits: 16607
AC-12 Session Termination	Hits: 15342
AC-13 Supervision And Review -- Access Control	Hits: 11232
AC-14 Permitted Actions Without Identification Or Authentication	Hits: 10041
AC-15 Automated Marking	Hits: 8603
AC-16 Automated Labeling	Hits: 8007
AC-17 Remote Access	Hits: 16685
AC-18 Wireless Access Restrictions	Hits: 15484
AC-19 Access Control For Portable And Mobile Devices	Hits: 15161
AC-20 Use Of External Information Systems	Hits: 14983
AT-01 Security Awareness And Training Policy And Procedures	Hits: 17270
AT-02 Security Awareness	Hits: 15486
AT-03 Security Training	Hits: 14960
AT-04 Security Training Records	Hits: 10312
AT-05 Contacts With Security Groups And Associations	Hits: 8509
AU-01 Audit And Accountability Policy And Procedures	Hits: 18630
AU-02 Auditable Events	Hits: 24329
AU-03 Content Of Audit Records	Hits: 14989
AU-04 Audit Storage Capacity	Hits: 12207
AU-05 Response To Audit Processing Failures	Hits: 15204
AU-06 Audit Monitoring, Analysis, And Reporting	Hits: 31303
AU-07 Audit Reduction And Report Generation	Hits: 15262
AU-08 Time Stamps	Hits: 11944
AU-09 Protection Of Audit Information	Hits: 15230
AU-10 Non-Repudiation	Hits: 16069
AU-11 Audit Record Retention	Hits: 13730
CA-01 Certification, Accreditation, And Security Assessment Policies And Procedures	Hits: 15280
CA-02 Security Assessments	Hits: 18972
CA-03 Information System Connections	Hits: 11206
CA-04 Security Certification	Hits: 13973
CA-05 Plan Of Action And Milestones	Hits: 10083
CA-06 Security Accreditation	Hits: 11762
CA-07 Continuous Monitoring	Hits: 17351
CM-01 Configuration Management Policy And Procedures	Hits: 16538
CM-02 Baseline Configuration	Hits: 19004
CM-03 Configuration Change Control	Hits: 17256
CM-04 Monitoring Configuration Changes	Hits: 11684
CM-05 Access Restrictions For Change	Hits: 14767
CM-06 Configuration Settings	Hits: 14198
CM-07 Least Functionality	Hits: 21481
CM-08 Information System Component Inventory	Hits: 15336
CP-01 Contingency Planning Policy And Procedures	Hits: 11872
CP-02 Contingency Plan	Hits: 12031
CP-03 Contingency Training	Hits: 9966
CP-04 Contingency Plan Testing And Exercises	Hits: 17329
CP-05 Contingency Plan Update	Hits: 9110
CP-06 Alternate Storage Site	Hits: 10370
CP-07 Alternate Processing Site	Hits: 12649
CP-08 Telecommunications Services	Hits: 7575
CP-09 Information System Backup	Hits: 15263
CP-10 Information System Recovery And Reconstitution	Hits: 14353
IA-01 Identification And Authentication Policy And Procedures	Hits: 18022
IA-02 User Identification And Authentication	Hits: 24432
IA-03 Device Identification And Authentication	Hits: 20978
IA-04 Identifier Management	Hits: 14659
IA-05 Authenticator Management	Hits: 17605
IA-06 Authenticator Feedback	Hits: 12153
IA-07 Cryptographic Module Authentication	Hits: 17902
IR-01 Incident Response Policy And Procedures	Hits: 13287
IR-02 Incident Response Training	Hits: 11449
IR-03 Incident Response Testing And Exercises	Hits: 13796
IR-04 Incident Handling	Hits: 21146
IR-05 Incident Monitoring	Hits: 11577
IR-06 Incident Reporting	Hits: 11516
IR-07 Incident Response Assistance	Hits: 11828
MA-01 System Maintenance Policy And Procedures	Hits: 11981
MA-02 Controlled Maintenance	Hits: 12646
MA-03 Maintenance Tools	Hits: 10999
MA-04 Remote Maintenance	Hits: 12590
MA-05 Maintenance Personnel	Hits: 9007
MA-06 Timely Maintenance	Hits: 10072
MP-01 Media Protection Policy And Procedures	Hits: 11595
MP-02 Media Access	Hits: 11506
MP-03 Media Labeling	Hits: 8288
MP-04 Media Storage	Hits: 8726
MP-05 Media Transport	Hits: 8891
MP-06 Media Sanitization And Disposal	Hits: 9771
PE-01 Physical And Environmental Protection Policy And Procedures	Hits: 11169
PE-02 Physical Access Authorizations	Hits: 9741
PE-03 Physical Access Control	Hits: 12569
PE-04 Access Control For Transmission Medium	Hits: 9506
PE-05 Access Control For Display Medium	Hits: 8698
PE-06 Monitoring Physical Access	Hits: 11305
PE-07 Visitor Control	Hits: 7711
PE-08 Access Records	Hits: 6666
PE-09 Power Equipment And Power Cabling	Hits: 9141
PE-10 Emergency Shutoff	Hits: 8632
PE-11 Emergency Power	Hits: 8253
PE-12 Emergency Lighting	Hits: 8395
PE-13 Fire Protection	Hits: 8762
PE-14 Temperature And Humidity Controls	Hits: 8304
PE-15 Water Damage Protection	Hits: 8399
PE-16 Delivery And Removal	Hits: 8709
PE-17 Alternate Work Site	Hits: 6855
PE-18 Location Of Information System Components	Hits: 6862
PE-19 Information Leakage	Hits: 8444
PL-01 Security Planning Policy And Procedures	Hits: 15341
PL-02 System Security Plan	Hits: 10465
PL-03 System Security Plan Update	Hits: 6163
PL-04 Rules Of Behavior	Hits: 11752
PL-05 Privacy Impact Assessment	Hits: 8261
PL-06 Security-Related Activity Planning	Hits: 6450
PS-01 Personnel Security Policy And Procedures	Hits: 12598
PS-02 Position Categorization	Hits: 7165
PS-03 Personnel Screening	Hits: 7864
PS-04 Personnel Termination	Hits: 6555
PS-05 Personnel Transfer	Hits: 6165
PS-06 Access Agreements	Hits: 11164
PS-07 Third-Party Personnel Security	Hits: 10884
PS-08 Personnel Sanctions	Hits: 7914
RA-01 Risk Assessment Policy And Procedures	Hits: 11564
RA-02 Security Categorization	Hits: 14005
RA-03 Risk Assessment	Hits: 15914
RA-04 Risk Assessment Update	Hits: 10732
RA-05 Vulnerability Scanning	Hits: 18294
SA-01 System And Services Acquisition Policy And Procedures	Hits: 15889
SA-02 Allocation Of Resources	Hits: 11930
SA-03 Life Cycle Support	Hits: 14017
SA-04 Acquisitions	Hits: 13110
SA-05 Information System Documentation	Hits: 21965
SA-06 Software Usage Restrictions	Hits: 10622
SA-07 User Installed Software	Hits: 10345
SA-08 Security Engineering Principles	Hits: 17547
SA-09 External Information System Services	Hits: 12869
SA-10 Developer Configuration Management	Hits: 11523
SA-11 Developer Security Testing	Hits: 10126
SC-01 System And Communications Protection Policy And Procedures	Hits: 13979
SC-02 Application Partitioning	Hits: 13049
SC-03 Security Function Isolation	Hits: 15653
SC-04 Information Remnance	Hits: 16802
SC-05 Denial Of Service Protection	Hits: 15508
SC-06 Resource Priority	Hits: 10654
SC-07 Boundary Protection	Hits: 26306
SC-08 Transmission Integrity	Hits: 18003
SC-09 Transmission Confidentiality	Hits: 16824
SC-10 Network Disconnect	Hits: 11174
SC-11 Trusted Path	Hits: 13647
SC-12 Cryptographic Key Establishment And Management	Hits: 14782
SC-13 Use Of Cryptography	Hits: 15714
SC-14 Public Access Protections	Hits: 9431
SC-15 Collaborative Computing	Hits: 12043
SC-16 Transmission Of Security Parameters	Hits: 7148
SC-17 Public Key Infrastructure Certificates	Hits: 8033
SC-18 Mobile Code	Hits: 16428
SC-19 Voice Over Internet Protocol	Hits: 6802
SC-20 Secure Name / Address Resolution Service (Authoritative Source)	Hits: 15958
SC-21 Secure Name / Address Resolution Service (Recursive Or Caching Resolver)	Hits: 9154
SC-22 Architecture And Provisioning For Name / Address Resolution Service	Hits: 8792
SC-23 Session Authenticity	Hits: 17111
SI-01 System And Information Integrity Policy And Procedures	Hits: 12640
SI-02 Flaw Remediation	Hits: 22629
SI-03 Malicious Code Protection	Hits: 21007
SI-04 Information System Monitoring Tools And Techniques	Hits: 23036
SI-05 Security Alerts And Advisories	Hits: 12421
SI-06 Security Functionality Verification	Hits: 17598
SI-07 Software And Information Integrity	Hits: 16659
SI-08 Spam Protection	Hits: 8023
SI-09 Information Input Restrictions	Hits: 8269
SI-10 Information Accuracy, Completeness, Validity, And Authenticity	Hits: 16992
SI-11 Error Handling	Hits: 12417
SI-12 Information Output Handling And Retention	Hits: 9874