Page Index - NIST-SP-800-53-R5/NIST-SP-800-53-R5.github.io GitHub Wiki

360 page(s) in this GitHub Wiki:

Home
3 .17 SYSTEM AND SERVICES ACQUISITION
3.1 ACCESS CONTROL
3.10 MEDIA PROTECTION
3.12 PLANNING
3.13 PROGRAM MANAGEMENT
3.14 PERSONNEL SECURITY
3.15 PERSONALLY IDENTIFIABLE INFORMATION PROCESSING AND TRANSPARENCY
3.16 RISK ASSESSMENT
3.18 SYSTEM AND COMMUNICATIONS PROTECTION
3.19 SYSTEM AND INFORMATION INTEGRITY
3.2 AWARENESS AND TRAINING
3.20 SUPPLY CHAIN RISK MANAGEMENT
3.3 AUDIT AND ACCOUNTABILITY
3.4 ASSESSMENT, AUTHORIZATION, AND MONITORING
3.5 CONFIGURATION MANAGEMENT
3.6 CONTINGENCY PLANNING
3.7 IDENTIFICATION AND AUTHENTICATION
3.8 INCIDENT RESPONSE
3.9 MAINTENANCE
AC 1 POLICY AND PROCEDURES
AC 10 CONCURRENT SESSION CONTROL
AC 11 DEVICE LOCK
AC 12 SESSION TERMINATION
AC 13 SUPERVISION AND REVIEW — ACCESS CONTROL
AC 14 PERMITTED ACTIONS WITHOUT IDENTIFICATION OR AUTHENTICATION
AC 15 AUTOMATED MARKING
AC 16 SECURITY AND PRIVACY ATTRIBUTES
AC 17 REMOTE ACCESS
AC 18 WIRELESS ACCESS
AC 19 ACCESS CONTROL FOR MOBILE DEVICES
AC 2 ACCOUNT MANAGEMENT
AC 20 USE OF EXTERNAL SYSTEMS
AC 21 INFORMATION SHARING
AC 22 PUBLICLY ACCESSIBLE CONTENT
AC 23 DATA MINING PROTECTION
AC 24 ACCESS CONTROL DECISIONS
AC 25 REFERENCE MONITOR
AC 3 ACCESS ENFORCEMENT
AC 4 INFORMATION FLOW ENFORCEMENT
AC 5 SEPARATION OF DUTIES
AC 6 LEAST PRIVILEGE
AC 7 UNSUCCESSFUL LOGON ATTEMPTS
AC 8 SYSTEM USE NOTIFICATION
AC 9 PREVIOUS LOGON NOTIFICATION
Appendex A GLOSSARY
APPENDIX B ACRONYMS
APPENDIX C CONTROL SUMMARIES
AT 1 POLICY AND PROCEDURES
AT 2 LITERACY TRAINING AND AWARENESS
AT 3 ROLE BASED TRAINING
AT 4 TRAINING RECORDS
AT 5 CONTACTS WITH SECURITY GROUPS AND ASSOCIATIONS
AT 6 TRAINING FEEDBACK
AU 1 POLICY AND PROCEDURES
AU 10 NON REPUDIATION
AU 11 AUDIT RECORD RETENTION
AU 12 AUDIT RECORD GENERATION
AU 13 MONITORING FOR INFORMATION DISCLOSURE
AU 14 SESSION AUDIT
AU 15 ALTERNATE AUDIT LOGGING CAPABILITY
AU 16 CROSS ORGANIZATIONAL AUDIT LOGGING
AU 2 EVENT LOGGING
AU 3 CONTENT OF AUDIT RECORDS
AU 4 AUDIT LOG STORAGE CAPACITY
AU 5 RESPONSE TO AUDIT LOGGING PROCESS FAILURES
AU 6 AUDIT RECORD REVIEW, ANALYSIS, AND REPORTING
AU 7 AUDIT RECORD REDUCTION AND REPORT GENERATION
AU 8 TIME STAMPS
AU 9 PROTECTION OF AUDIT INFORMATION
CA 1 POLICY AND PROCEDURES
CA 2 CONTROL ASSESSMENTS
CA 3 INFORMATION EXCHANGE
CA 4 SECURITY CERTIFICATION
CA 5 PLAN OF ACTION AND MILESTONES
CA 6 AUTHORIZATION
CA 7 CONTINUOUS MONITORING
CA 8 PENETRATION TESTING
CA 9 INTERNAL SYSTEM CONNECTIONS
CHAPTER ONE, INTRODUCTION
CHAPTER THREE, THE CONTROLS
CHAPTER TWO, THE FUNDAMENTALS
CM 1 POLICY AND PROCEDURES
CM 10 SOFTWARE USAGE RESTRICTIONS
CM 11 USER INSTALLED SOFTWARE
CM 12 INFORMATION LOCATION
CM 13 DATA ACTION MAPPING
CM 14 SIGNED COMPONENTS
CM 2 BASELINE CONFIGURATION
CM 3 CONFIGURATION CHANGE CONTROL
CM 4 IMPACT ANALYSES
CM 5 ACCESS RESTRICTIONS FOR CHANGE
CM 6 CONFIGURATION SETTINGS
CM 7 LEAST FUNCTIONALITY
CM 8 SYSTEM COMPONENT INVENTORY
CM 9 CONFIGURATION MANAGEMENT PLAN
CP 1 POLICY AND PROCEDURES
CP 10 SYSTEM RECOVERY AND RECONSTITUTION
CP 11 ALTERNATE COMMUNICATIONS PROTOCOLS
CP 12 SAFE MODE
CP 13 ALTERNATIVE SECURITY MECHANISMS
CP 2 CONTINGENCY PLAN
CP 3 CONTINGENCY TRAINING
CP 4 CONTINGENCY PLAN TESTING
CP 5 CONTINGENCY PLAN UPDATE
CP 6 ALTERNATE STORAGE SITE
CP 7 ALTERNATE PROCESSING SITE
CP 8 TELECOMMUNICATIONS SERVICES
CP 9 SYSTEM BACKUP
Draft
DRAFT 3.7 ~
Draft , 268 392
Draft 150 267
Errata
Executive Summary
IA 1 POLICY AND PROCEDURES
IA 10 ADAPTIVE AUTHENTICATION
IA 11 RE AUTHENTICATION
IA 12 IDENTITY PROOFING
IA 2 IDENTIFICATION AND AUTHENTICATION (ORGANIZATIONAL USERS)
IA 3 DEVICE IDENTIFICATION AND AUTHENTICATION
IA 4 IDENTIFIER MANAGEMENT
IA 5 AUTHENTICATOR MANAGEMENT
IA 6 AUTHENTICATION FEEDBACK
IA 7 CRYPTOGRAPHIC MODULE AUTHENTICATION
IA 8 IDENTIFICATION AND AUTHENTICATION (NON ORGANIZATIONAL USERS)
IA 9 SERVICE IDENTIFICATION AND AUTHENTICATION
Index
IR 1 POLICY AND PROCEDURES
IR 10 INCIDENT ANALYSIS
IR 2 INCIDENT RESPONSE TRAINING
IR 3 INCIDENT RESPONSE TESTING
IR 4 INCIDENT HANDLING
IR 5 INCIDENT MONITORING
IR 6 INCIDENT REPORTING
IR 7 INCIDENT RESPONSE ASSISTANCE
IR 8 INCIDENT RESPONSE PLAN
IR 9 INFORMATION SPILLAGE RESPONSE
MA 1 POLICY AND PROCEDURES
MA 2 CONTROLLED MAINTENANCE
MA 3 MAINTENANCE TOOLS
MA 4 NONLOCAL MAINTENANCE
MA 5 MAINTENANCE PERSONNEL
MA 6 TIMELY MAINTENANCE
MA 7 FIELD MAINTENANCE
MP 1 POLICY AND PROCEDURES
MP 2 MEDIA ACCESS
MP 3 MEDIA MARKING
MP 4 MEDIA STORAGE
MP 5 MEDIA TRANSPORT
MP 6 MEDIA SANITIZATION
MP 7 MEDIA USE
MP 8 MEDIA DOWNGRADING
PE 1 POLICY AND PROCEDURES
PE 10 EMERGENCY SHUTOFF
PE 11 EMERGENCY POWER
PE 12 EMERGENCY LIGHTING
PE 13 FIRE PROTECTION
PE 14 ENVIRONMENTAL CONTROLS
PE 15 WATER DAMAGE PROTECTION
PE 16 DELIVERY AND REMOVAL
PE 17 ALTERNATE WORK SITE
PE 18 LOCATION OF SYSTEM COMPONENTS
PE 19 INFORMATION LEAKAGE
PE 2 PHYSICAL ACCESS AUTHORIZATIONS
PE 20 ASSET MONITORING AND TRACKING
PE 21 ELECTROMAGNETIC PULSE PROTECTION
PE 22 COMPONENT MARKING
PE 23 FACILITY LOCATION
PE 3 PHYSICAL ACCESS CONTROL
PE 4 ACCESS CONTROL FOR TRANSMISSION
PE 5 ACCESS CONTROL FOR OUTPUT DEVICES
PE 6 MONITORING PHYSICAL ACCESS
PE 7 VISITOR CONTROL
PE 8 VISITOR ACCESS RECORDS
PE 9 POWER EQUIPMENT AND CABLING
PL 1 POLICY AND PROCEDURES
PL 10 BASELINE SELECTION
PL 11 BASELINE TAILORING
PL 2 SYSTEM SECURITY AND PRIVACY PLANS
PL 3 SYSTEM SECURITY PLAN UPDATE
PL 4 RULES OF BEHAVIOR
PL 5 PRIVACY IMPACT ASSESSMENT
PL 6 SECURITY RELATED ACTIVITY PLANNING
PL 7 CONCEPT OF OPERATIONS
PL 8 SECURITY AND PRIVACY ARCHITECTURES
PL 9 CENTRAL MANAGEMENT
PM 1 INFORMATION SECURITY PROGRAM PLAN
PM 10 AUTHORIZATION PROCESS
PM 11 MISSION AND BUSINESS PROCESS DEFINITION
PM 12 INSIDER THREAT PROGRAM
PM 13 SECURITY AND PRIVACY WORKFORCE
PM 14 TESTING, TRAINING, AND MONITORING
PM 15 SECURITY AND PRIVACY GROUPS AND ASSOCIATIONS
PM 16 THREAT AWARENESS PROGRAM
PM 17 PROTECTING CONTROLLED UNCLASSIFIED INFORMATION ON EXTERNAL SYSTEMS
PM 18 PRIVACY PROGRAM PLAN
PM 19 PRIVACY PROGRAM LEADERSHIP ROLE
PM 2 INFORMATION SECURITY PROGRAM LEADERSHIP ROLE
PM 20 DISSEMINATION OF PRIVACY PROGRAM INFORMATION
PM 21 ACCOUNTING OF DISCLOSURES
PM 22 PERSONALLY IDENTIFIABLE INFORMATION QUALITY MANAGEMENT
PM 23 DATA GOVERNANCE BODY
PM 24 DATA INTEGRITY BOARD
PM 25 MINIMIZATION OF PERSONALLY IDENTIFIABLE INFORMATION USED IN TESTING, TRAINING, AND RESEARCH
PM 26 COMPLAINT MANAGEMENT
PM 27 PRIVACY REPORTING
PM 28 RISK FRAMING
PM 29 RISK MANAGEMENT PROGRAM LEADERSHIP ROLES
PM 3 INFORMATION SECURITY AND PRIVACY RESOURCES
PM 30 SUPPLY CHAIN RISK MANAGEMENT STRATEGY
PM 31 CONTINUOUS MONITORING STRATEGY
PM 32 PURPOSING
PM 4 PLAN OF ACTION AND MILESTONES PROCESS
PM 5 SYSTEM INVENTORY
PM 6 MEASURES OF PERFORMANCE
PM 7 ENTERPRISE ARCHITECTURE
PM 8 CRITICAL INFRASTRUCTURE PLAN
PM 9 RISK MANAGEMENT STRATEGY
Prologue
PS 1 POLICY AND PROCEDURES
PS 2 POSITION RISK DESIGNATION
PS 3 PERSONNEL SCREENING
PS 4 PERSONNEL TERMINATION
PS 5 PERSONNEL TRANSFER
PS 6 ACCESS AGREEMENTS
PS 7 EXTERNAL PERSONNEL SECURITY
PS 8 PERSONNEL SANCTIONS
PS 9 POSITION DESCRIPTIONS
PT 1 POLICY AND PROCEDURES
PT 2 AUTHORITY TO PROCESS PERSONALLY IDENTIFIABLE INFORMATION
PT 3 PERSONALLY IDENTIFIABLE INFORMATION PROCESSING PURPOSES
PT 4 CONSENT
PT 5 PRIVACY NOTICE
PT 6 SYSTEM OF RECORDS NOTICE
PT 7 SPECIFIC CATEGORIES OF PERSONALLY IDENTIFIABLE INFORMATION
PT 8 COMPUTER MATCHING REQUIREMENTS
RA 1 POLICY AND PROCEDURES
RA 10 THREAT HUNTING
RA 2 SECURITY CATEGORIZATION
RA 3 RISK ASSESSMENT
RA 4 RISK ASSESSMENT UPDATE
RA 5 VULNERABILITY MONITORING AND SCANNING
RA 6 TECHNICAL SURVEILLANCE COUNTERMEASURES SURVEY
RA 7 RISK RESPONSE
RA 8 PRIVACY IMPACT ASSESSMENTS
RA 9 CRITICALITY ANALYSIS
REFERENCES
SA 1 POLICY AND PROCEDURES
SA 10 DEVELOPER CONFIGURATION MANAGEMENT
SA 11 DEVELOPER TESTING AND EVALUATION
SA 12 SUPPLY CHAIN PROTECTION
SA 13 TRUSTWORTHINESS
SA 14 CRITICALITY ANALYSIS
SA 15 DEVELOPMENT PROCESS, STANDARDS, AND TOOLS
SA 16 DEVELOPER PROVIDED TRAINING
SA 17 DEVELOPER SECURITY AND PRIVACY ARCHITECTURE AND DESIGN
SA 18 TAMPER RESISTANCE AND DETECTION
SA 19 COMPONENT AUTHENTICITY
SA 2 ALLOCATION OF RESOURCES
SA 20 CUSTOMIZED DEVELOPMENT OF CRITICAL COMPONENTS
SA 21 DEVELOPER SCREENING
SA 22 UNSUPPORTED SYSTEM COMPONENTS
SA 23 SPECIALIZATION
SA 3 SYSTEM DEVELOPMENT LIFE CYCLE
SA 4 ACQUISITION PROCESS
SA 5 SYSTEM DOCUMENTATION
SA 6 SOFTWARE USAGE RESTRICTIONS
SA 7 USER INSTALLED SOFTWARE
SA 8 SECURITY AND PRIVACY ENGINEERING PRINCIPLES
SA 9 EXTERNAL SYSTEM SERVICES
SC 1 POLICY AND PROCEDURES
SC 10 NETWORK DISCONNECT
SC 11 TRUSTED PATH
SC 12 CRYPTOGRAPHIC KEY ESTABLISHMENT AND MANAGEMENT
SC 13 CRYPTOGRAPHIC PROTECTION
SC 14 PUBLIC ACCESS PROTECTIONS
SC 15 COLLABORATIVE COMPUTING DEVICES AND APPLICATIONS
SC 16 TRANSMISSION OF SECURITY AND PRIVACY ATTRIBUTES
SC 17 PUBLIC KEY INFRASTRUCTURE CERTIFICATES
SC 18 MOBILE CODE
SC 19 VOICE OVER INTERNET PROTOCOL
SC 2 SEPARATION OF SYSTEM AND USER FUNCTIONALITY
SC 20 SECURE NAME ADDRESS RESOLUTION SERVICE (AUTHORITATIVE SOURCE)
SC 21 SECURE NAME ADDRESS RESOLUTION SERVICE (RECURSIVE OR CACHING RESOLVER)
SC 22 ARCHITECTURE AND PROVISIONING FOR NAME ADDRESS RESOLUTION SERVICE
SC 23 SESSION AUTHENTICITY
SC 24 FAIL IN KNOWN STATE
SC 25 THIN NODES
SC 26 DECOYS
SC 27 PLATFORM INDEPENDENT APPLICATIONS
SC 28 PROTECTION OF INFORMATION AT REST
SC 29 HETEROGENEITY
SC 3 SECURITY FUNCTION ISOLATION
SC 30 CONCEALMENT AND MISDIRECTION
SC 31 COVERT CHANNEL ANALYSIS
SC 32 SYSTEM PARTITIONING
SC 33 TRANSMISSION PREPARATION INTEGRITY
SC 34 NON MODIFIABLE EXECUTABLE PROGRAMS
SC 35 EXTERNAL MALICIOUS CODE IDENTIFICATION
SC 36 DISTRIBUTED PROCESSING AND STORAGE
SC 37 OUT OF BAND CHANNELS
SC 38 OPERATIONS SECURITY
SC 39 PROCESS ISOLATION
SC 4 INFORMATION IN SHARED SYSTEM RESOURCES
SC 40 WIRELESS LINK PROTECTION
SC 41 PORT AND I O DEVICE ACCESS
SC 42 SENSOR CAPABILITY AND DATA
SC 43 USAGE RESTRICTIONS
SC 44 DETONATION CHAMBERS
SC 45 SYSTEM TIME SYNCHRONIZATION
SC 46 CROSS DOMAIN POLICY ENFORCEMENT
SC 47 ALTERNATE COMMUNICATIONS PATHS
SC 48 SENSOR RELOCATION
SC 49 HARDWARE ENFORCED SEPARATION AND POLICY ENFORCEMENT
SC 5 DENIAL OF SERVICE PROTECTION
SC 50 SOFTWARE ENFORCED SEPARATION AND POLICY ENFORCEMENT
SC 51 HARDWARE BASED PROTECTION
SC 6 RESOURCE AVAILABILITY
SC 7 BOUNDARY PROTECTION
SC 8 TRANSMISSION CONFIDENTIALITY AND INTEGRITY
SC 9 TRANSMISSION CONFIDENTIALITY
Security and Privacy Controls for Information Systems and Organizations
SI 1 POLICY AND PROCEDURES
SI 10 INFORMATION INPUT VALIDATION
SI 11 ERROR HANDLING
SI 12 INFORMATION MANAGEMENT AND RETENTION
SI 13 PREDICTABLE FAILURE PREVENTION
SI 14 NON PERSISTENCE
SI 15 INFORMATION OUTPUT FILTERING
SI 16 MEMORY PROTECTION
SI 17 FAIL SAFE PROCEDURES
SI 18 PERSONALLY IDENTIFIABLE INFORMATION QUALITY OPERATIONS
SI 19 DE IDENTIFICATION
SI 2 FLAW REMEDIATION
SI 20 TAINTING
SI 21 INFORMATION REFRESH
SI 22 INFORMATION DIVERSITY
SI 23 INFORMATION FRAGMENTATION
SI 3 MALICIOUS CODE PROTECTION
SI 4 SYSTEM MONITORING
SI 5 SECURITY ALERTS, ADVISORIES, AND DIRECTIVES
SI 6 SECURITY AND PRIVACY FUNCTION VERIFICATION
SI 7 SOFTWARE, FIRMWARE, AND INFORMATION INTEGRITY
SI 8 SPAM PROTECTION
SI 9 INFORMATION INPUT RESTRICTIONS
SR 1 POLICY AND PROCEDURES
SR 10 INSPECTION OF SYSTEMS OR COMPONENTS
SR 11 COMPONENT AUTHENTICITY
SR 12 COMPONENT DISPOSAL
SR 2 SUPPLY CHAIN RISK MANAGEMENT PLAN
SR 3 SUPPLY CHAIN CONTROLS AND PROCESSES
SR 4 PROVENANCE
SR 5 ACQUISITION STRATEGIES, TOOLS, AND METHODS
SR 6 SUPPLIER ASSESSMENTS AND REVIEWS
SR 7 SUPPLY CHAIN OPERATIONS SECURITY
SR 8 NOTIFICATION AGREEMENTS
SR 9 TAMPER RESISTANCE AND DETECTION
TABLE C 1: ACCESS CONTROL FAMILY
Table of Contents