Identifier |
Name |
Incorporated
|
AC-3 (1) |
Restricted access to privileged functions |
AC-6
|
AC-3 (6) |
Protection of user and system information |
MP-4, SC-28
|
AC-4 (16) |
Information transfers on interconnected systems |
AC-4
|
AC-7 (1) |
Automatic account lock |
AC-7
|
AC-13 |
Supervision and review - access control |
AC-2, AU-6
|
AC-14 (1) |
Necessary uses |
AC-14
|
AC-15 |
Automated marking |
MP-3
|
AC-17 (5) |
Monitoring for unauthorized connections |
SI-4
|
AC-17 (7) |
Additional protection for security function access |
AC-3 (10)
|
AC-17 (8) |
Disable nonsecure network protocols |
CM-7
|
AC-18 (2) |
Monitoring unauthorized connections |
SI-4
|
AC-19 (1) |
Use of writable / portable storage devices |
MP-7
|
AC-19 (2) |
Use of personally owned portable storage devices |
MP-7
|
AC-19 (3) |
Use of portable storage devices with no identifiable owner |
MP-7
|
AT-5 |
Contacts with security groups and associations |
PM-15
|
AU-2 (1) |
Compilation of audit records from multiple sources |
AU-12
|
AU-2 (2) |
Selection of audit events by component |
AU-12
|
AU-2 (4) |
Privileged functions |
AC-6 (9)
|
AU-6 (2) |
Automated security alerts |
SI-4
|
AU-10 (5) |
Digital signatures |
SI-7
|
CA-4 |
Security certification |
CA-2
|
CA-7 (2) |
Types of assessments |
CA-2
|
CM-2 (4) |
Unauthorized software |
CM-7
|
CM-2 (5) |
Authorized software |
CM-7
|
CM-5 (7) |
Automatic implementation of security safeguards |
SI-7
|
CM-6 (3) |
Unauthorized change detection |
SI-7
|
CM-6 (4) |
Conformance demonstration |
CM-4
|
CP-5 |
Contingency plan update |
CP-2
|
CP-7 (5) |
Equivalent information security safeguards |
CP-7
|
CP-9 (4) |
Protection from unauthorized modification |
CP-9
|
CP-10 (1) |
Contingency plan testing |
CP-4
|
CP-10 (3) |
Compensating security controls |
Chapter 3
|
CP-10 (5) |
Failover capability |
SI-13
|
IA-3 (2) |
Cryptographic bidirectional network authentication |
IA-3 (1)
|
MA-2 (1) |
Record content |
MA-2
|
MP-2 (1) |
Automated restricted access |
MP-4 (2)
|
MP-2 (2) |
Cryptographic protection |
SC-28 (1)
|
MP-4 (1) |
Cryptographic protection |
SC-28 (1)
|
MP-5 (1) |
Protection outside of controlled areas |
MP-5
|
MP-5 (2) |
Documentation of activities |
MP-5
|
MP-6 (4) |
Controlled unclassified information |
MP-6
|
MP-6 (5) |
Classified information |
MP-6
|
MP-6 (6) |
Media destruction |
MP-6
|
PE-7 |
Visitor control |
PE-2, PE-3
|
PE-8 (2) |
Physical access records |
PE-2
|
PE-10 (1) |
Accidental / unauthorized activation |
PE-10
|
PL-2 (1) |
Concept of operations |
PL-7
|
PL-2 (2) |
Functional architecture |
PL-8
|
PL-3 |
System security plan update |
PL-2
|
PL-5 |
Privacy impact assessment |
Appendix J, AR-2
|
PL-6 |
Security-related activity planning |
PL-2
|
PS-6 (1) |
Information requiring special protection |
PS-3
|
RA-4 |
Risk assessment update |
RA-3
|
RA-5 (7) |
Automated detection and notification of unauthorized components |
CM-8
|
RA-5 (9) |
Penetration testing and analyses |
CA-8
|
SA-4 (4) |
Assignment of components to systems |
CM-8 (9)
|
SA-5 (1) |
Functional properties of security controls |
SA-4 (1)
|
SA-5 (2) |
Security-relevant external system interfaces |
SA-4 (2)
|
SA-5 (3) |
High-level design |
SA-4 (2)
|
SA-5 (4) |
Low-level design |
SA-4 (2)
|
SA-5 (5) |
Source code |
SA-4 (2)
|
SA-6 |
Software usage restrictions |
CM-10, SI-7
|
SA-7 |
User-installed software |
CM-11, SI-7
|
SA-12 (3) |
Trusted shipping and warehousing |
SA-12 (1)
|
SA-12 (4) |
Diversity of suppliers |
SA-12 (13)
|
SA-12 (6) |
Minimizing procurement time |
SA-12 (1)
|
SA-14 (1) |
Critical components with no viable alternative sourcing |
SA-20
|
SC-4 (1) |
Security levels |
SC-4
|
SC-7 (1) |
Physically separated subnetworks |
SC-7
|
SC-7 (2) |
Public access |
SC-7
|
SC-7 (6) |
Response to recognized failures |
SC-7 (18)
|
SC-9 |
Transmission confidentiality |
SC-8
|
SC-12 (4) |
Pki certificates |
SC-12
|
SC-12 (5) |
Pki certificates / hardware tokens |
SC-12
|
SC-13 (1) |
Fips-validated cryptography |
SC-13
|
SC-13 (2) |
Nsa-approved cryptography |
SC-13
|
SC-13 (3) |
Individuals without formal access approvals |
SC-13
|
SC-13 (4) |
Digital signatures |
SC-13
|
SC-14 |
Public access protections |
AC-2, AC-3, AC-5, AC-6, SI-3, SI-4, SI-5, SI-7, SI-10
|
SC-15 (2) |
Blocking inbound / outbound communications traffic |
SC-7
|
SC-20 (1) |
Child subspaces |
SC-20
|
SC-21 (1) |
Data origin / integrity |
SC-21
|
SC-23 (2) |
User-initiated logouts / message displays |
AC-12 (1)
|
SC-23 (4) |
Unique session identifiers with randomization |
SC-23 (3)
|
SC-26 (1) |
Detection of malicious code |
SC-35
|
SC-30 (1) |
Virtualization techniques |
SC-29 (1)
|
SC-33 |
Transmission preparation integrity |
SC-8
|
SI-2 (4) |
Automated patch management tools |
SI-2
|
SI-3 (3) |
Non-privileged users |
AC-6 (10)
|
SI-3 (5) |
Portable storage devices |
MP-7
|
SI-4 (6) |
Restrict non-privileged users |
AC-6 (10)
|
SI-4 (8) |
Protection of monitoring information |
SI-4
|
SI-6 (1) |
Notification of failed security tests |
SI-6
|
SI-7 (4) |
Tamper-evident packaging |
SA-12
|
SI-9 |
Information input restrictions |
AC-2, AC-3, AC-5, AC-6
|
SI-13 (2) |
Time limit on process execution without supervision |
SI-7 (16)
|