Control Catalogue

11.02 Control Catalog

We're on control catalog release 11.02 at the moment, and things have stabilised for this release. The whole control catalog is now in place, but we have ideas to enhance and refine the control format during 2012 to align to the latest release of 800-53. Of course we'd welcome any comments or ideas you may have.

Controls are based on NIST 800-53, and there is a mapping to ISO17799 and COBIT 4.1, with ISO 27002 and PCI DSS available soon.

Using the filter gives you a quick way to hunt through the catalog e.g. 'PS-' gives you all the Personnel Security Family.

List of articles in category 11.02 Control Catalog
Title	Hits
13-05 All Controls	Hits: 28145
13-05 Control mapping (NIST 800-53 vs ISO 17799 / PCI-DSS v2 / COBIT 4.1	Hits: 70124
13-05 Controls catalog SQL export	Hits: 9868
AC-01 Access Control Policies and Procedures	Hits: 44826
AC-02 Account Management	Hits: 28739
AC-03 Access Enforcement	Hits: 32134
AC-04 Information Flow Enforcement	Hits: 33353
AC-05 Separation Of Duties	Hits: 18262
AC-06 Least Privilege	Hits: 18159
AC-07 Unsuccessful Login Attempts	Hits: 17126
AC-08 System Use Notification	Hits: 14740
AC-09 Previous Logon Notification	Hits: 12817
AC-10 Concurrent Session Control	Hits: 14320
AC-11 Session Lock	Hits: 16588
AC-12 Session Termination	Hits: 15313
AC-13 Supervision And Review -- Access Control	Hits: 11207
AC-14 Permitted Actions Without Identification Or Authentication	Hits: 10031
AC-15 Automated Marking	Hits: 8584
AC-16 Automated Labeling	Hits: 7988
AC-17 Remote Access	Hits: 16663
AC-18 Wireless Access Restrictions	Hits: 15455
AC-19 Access Control For Portable And Mobile Devices	Hits: 15132
AC-20 Use Of External Information Systems	Hits: 14960
AT-01 Security Awareness And Training Policy And Procedures	Hits: 17233
AT-02 Security Awareness	Hits: 15456
AT-03 Security Training	Hits: 14924
AT-04 Security Training Records	Hits: 10293
AT-05 Contacts With Security Groups And Associations	Hits: 8490
AU-01 Audit And Accountability Policy And Procedures	Hits: 18602
AU-02 Auditable Events	Hits: 24286
AU-03 Content Of Audit Records	Hits: 14959
AU-04 Audit Storage Capacity	Hits: 12178
AU-05 Response To Audit Processing Failures	Hits: 15175
AU-06 Audit Monitoring, Analysis, And Reporting	Hits: 31186
AU-07 Audit Reduction And Report Generation	Hits: 15232
AU-08 Time Stamps	Hits: 11914
AU-09 Protection Of Audit Information	Hits: 15177
AU-10 Non-Repudiation	Hits: 16043
AU-11 Audit Record Retention	Hits: 13700
CA-01 Certification, Accreditation, And Security Assessment Policies And Procedures	Hits: 15244
CA-02 Security Assessments	Hits: 18938
CA-03 Information System Connections	Hits: 11181
CA-04 Security Certification	Hits: 13936
CA-05 Plan Of Action And Milestones	Hits: 10062
CA-06 Security Accreditation	Hits: 11732
CA-07 Continuous Monitoring	Hits: 17317
CM-01 Configuration Management Policy And Procedures	Hits: 16507
CM-02 Baseline Configuration	Hits: 18968
CM-03 Configuration Change Control	Hits: 17218
CM-04 Monitoring Configuration Changes	Hits: 11652
CM-05 Access Restrictions For Change	Hits: 14734
CM-06 Configuration Settings	Hits: 14171
CM-07 Least Functionality	Hits: 21450
CM-08 Information System Component Inventory	Hits: 15308
CP-01 Contingency Planning Policy And Procedures	Hits: 11846
CP-02 Contingency Plan	Hits: 12002
CP-03 Contingency Training	Hits: 9948
CP-04 Contingency Plan Testing And Exercises	Hits: 17309
CP-05 Contingency Plan Update	Hits: 9091
CP-06 Alternate Storage Site	Hits: 10351
CP-07 Alternate Processing Site	Hits: 12630
CP-08 Telecommunications Services	Hits: 7566
CP-09 Information System Backup	Hits: 15216
CP-10 Information System Recovery And Reconstitution	Hits: 14321
IA-01 Identification And Authentication Policy And Procedures	Hits: 17988
IA-02 User Identification And Authentication	Hits: 24395
IA-03 Device Identification And Authentication	Hits: 20919
IA-04 Identifier Management	Hits: 14613
IA-05 Authenticator Management	Hits: 17581
IA-06 Authenticator Feedback	Hits: 12135
IA-07 Cryptographic Module Authentication	Hits: 17875
IR-01 Incident Response Policy And Procedures	Hits: 13266
IR-02 Incident Response Training	Hits: 11418
IR-03 Incident Response Testing And Exercises	Hits: 13769
IR-04 Incident Handling	Hits: 21067
IR-05 Incident Monitoring	Hits: 11548
IR-06 Incident Reporting	Hits: 11489
IR-07 Incident Response Assistance	Hits: 11796
MA-01 System Maintenance Policy And Procedures	Hits: 11962
MA-02 Controlled Maintenance	Hits: 12616
MA-03 Maintenance Tools	Hits: 10979
MA-04 Remote Maintenance	Hits: 12561
MA-05 Maintenance Personnel	Hits: 8988
MA-06 Timely Maintenance	Hits: 10058
MP-01 Media Protection Policy And Procedures	Hits: 11576
MP-02 Media Access	Hits: 11477
MP-03 Media Labeling	Hits: 8271
MP-04 Media Storage	Hits: 8708
MP-05 Media Transport	Hits: 8873
MP-06 Media Sanitization And Disposal	Hits: 9751
PE-01 Physical And Environmental Protection Policy And Procedures	Hits: 11150
PE-02 Physical Access Authorizations	Hits: 9722
PE-03 Physical Access Control	Hits: 12539
PE-04 Access Control For Transmission Medium	Hits: 9484
PE-05 Access Control For Display Medium	Hits: 8679
PE-06 Monitoring Physical Access	Hits: 11275
PE-07 Visitor Control	Hits: 7692
PE-08 Access Records	Hits: 6656
PE-09 Power Equipment And Power Cabling	Hits: 9122
PE-10 Emergency Shutoff	Hits: 8613
PE-11 Emergency Power	Hits: 8234
PE-12 Emergency Lighting	Hits: 8375
PE-13 Fire Protection	Hits: 8743
PE-14 Temperature And Humidity Controls	Hits: 8283
PE-15 Water Damage Protection	Hits: 8381
PE-16 Delivery And Removal	Hits: 8691
PE-17 Alternate Work Site	Hits: 6846
PE-18 Location Of Information System Components	Hits: 6852
PE-19 Information Leakage	Hits: 8424
PL-01 Security Planning Policy And Procedures	Hits: 15313
PL-02 System Security Plan	Hits: 10446
PL-03 System Security Plan Update	Hits: 6153
PL-04 Rules Of Behavior	Hits: 11724
PL-05 Privacy Impact Assessment	Hits: 8240
PL-06 Security-Related Activity Planning	Hits: 6440
PS-01 Personnel Security Policy And Procedures	Hits: 12578
PS-02 Position Categorization	Hits: 7155
PS-03 Personnel Screening	Hits: 7845
PS-04 Personnel Termination	Hits: 6545
PS-05 Personnel Transfer	Hits: 6156
PS-06 Access Agreements	Hits: 11133
PS-07 Third-Party Personnel Security	Hits: 10859
PS-08 Personnel Sanctions	Hits: 7904
RA-01 Risk Assessment Policy And Procedures	Hits: 11544
RA-02 Security Categorization	Hits: 13978
RA-03 Risk Assessment	Hits: 15880
RA-04 Risk Assessment Update	Hits: 10697
RA-05 Vulnerability Scanning	Hits: 18266
SA-01 System And Services Acquisition Policy And Procedures	Hits: 15867
SA-02 Allocation Of Resources	Hits: 11895
SA-03 Life Cycle Support	Hits: 13981
SA-04 Acquisitions	Hits: 13076
SA-05 Information System Documentation	Hits: 21896
SA-06 Software Usage Restrictions	Hits: 10595
SA-07 User Installed Software	Hits: 10317
SA-08 Security Engineering Principles	Hits: 17518
SA-09 External Information System Services	Hits: 12844
SA-10 Developer Configuration Management	Hits: 11494
SA-11 Developer Security Testing	Hits: 10101
SC-01 System And Communications Protection Policy And Procedures	Hits: 13952
SC-02 Application Partitioning	Hits: 13014
SC-03 Security Function Isolation	Hits: 15624
SC-04 Information Remnance	Hits: 16768
SC-05 Denial Of Service Protection	Hits: 15474
SC-06 Resource Priority	Hits: 10620
SC-07 Boundary Protection	Hits: 26279
SC-08 Transmission Integrity	Hits: 17968
SC-09 Transmission Confidentiality	Hits: 16790
SC-10 Network Disconnect	Hits: 11145
SC-11 Trusted Path	Hits: 13618
SC-12 Cryptographic Key Establishment And Management	Hits: 14748
SC-13 Use Of Cryptography	Hits: 15684
SC-14 Public Access Protections	Hits: 9413
SC-15 Collaborative Computing	Hits: 12024
SC-16 Transmission Of Security Parameters	Hits: 7139
SC-17 Public Key Infrastructure Certificates	Hits: 8023
SC-18 Mobile Code	Hits: 16395
SC-19 Voice Over Internet Protocol	Hits: 6792
SC-20 Secure Name / Address Resolution Service (Authoritative Source)	Hits: 15929
SC-21 Secure Name / Address Resolution Service (Recursive Or Caching Resolver)	Hits: 9132
SC-22 Architecture And Provisioning For Name / Address Resolution Service	Hits: 8770
SC-23 Session Authenticity	Hits: 17079
SI-01 System And Information Integrity Policy And Procedures	Hits: 12621
SI-02 Flaw Remediation	Hits: 22595
SI-03 Malicious Code Protection	Hits: 20973
SI-04 Information System Monitoring Tools And Techniques	Hits: 23003
SI-05 Security Alerts And Advisories	Hits: 12389
SI-06 Security Functionality Verification	Hits: 17568
SI-07 Software And Information Integrity	Hits: 16630
SI-08 Spam Protection	Hits: 8002
SI-09 Information Input Restrictions	Hits: 8250
SI-10 Information Accuracy, Completeness, Validity, And Authenticity	Hits: 16965
SI-11 Error Handling	Hits: 12389
SI-12 Information Output Handling And Retention	Hits: 9855