| Identifier |
Name |
Incorporated
|
| AC-3 (1) |
Restricted access to privileged functions |
AC-6
|
| AC-3 (6) |
Protection of user and system information |
MP-4, SC-28
|
| AC-4 (16) |
Information transfers on interconnected systems |
AC-4
|
| AC-7 (1) |
Automatic account lock |
AC-7
|
| AC-13 |
Supervision and review - access control |
AC-2, AU-6
|
| AC-14 (1) |
Necessary uses |
AC-14
|
| AC-15 |
Automated marking |
MP-3
|
| AC-17 (5) |
Monitoring for unauthorized connections |
SI-4
|
| AC-17 (7) |
Additional protection for security function access |
AC-3 (10)
|
| AC-17 (8) |
Disable nonsecure network protocols |
CM-7
|
| AC-18 (2) |
Monitoring unauthorized connections |
SI-4
|
| AC-19 (1) |
Use of writable / portable storage devices |
MP-7
|
| AC-19 (2) |
Use of personally owned portable storage devices |
MP-7
|
| AC-19 (3) |
Use of portable storage devices with no identifiable owner |
MP-7
|
| AT-5 |
Contacts with security groups and associations |
PM-15
|
| AU-2 (1) |
Compilation of audit records from multiple sources |
AU-12
|
| AU-2 (2) |
Selection of audit events by component |
AU-12
|
| AU-2 (4) |
Privileged functions |
AC-6 (9)
|
| AU-6 (2) |
Automated security alerts |
SI-4
|
| AU-10 (5) |
Digital signatures |
SI-7
|
| CA-4 |
Security certification |
CA-2
|
| CA-7 (2) |
Types of assessments |
CA-2
|
| CM-2 (4) |
Unauthorized software |
CM-7
|
| CM-2 (5) |
Authorized software |
CM-7
|
| CM-5 (7) |
Automatic implementation of security safeguards |
SI-7
|
| CM-6 (3) |
Unauthorized change detection |
SI-7
|
| CM-6 (4) |
Conformance demonstration |
CM-4
|
| CP-5 |
Contingency plan update |
CP-2
|
| CP-7 (5) |
Equivalent information security safeguards |
CP-7
|
| CP-9 (4) |
Protection from unauthorized modification |
CP-9
|
| CP-10 (1) |
Contingency plan testing |
CP-4
|
| CP-10 (3) |
Compensating security controls |
Chapter 3
|
| CP-10 (5) |
Failover capability |
SI-13
|
| IA-3 (2) |
Cryptographic bidirectional network authentication |
IA-3 (1)
|
| MA-2 (1) |
Record content |
MA-2
|
| MP-2 (1) |
Automated restricted access |
MP-4 (2)
|
| MP-2 (2) |
Cryptographic protection |
SC-28 (1)
|
| MP-4 (1) |
Cryptographic protection |
SC-28 (1)
|
| MP-5 (1) |
Protection outside of controlled areas |
MP-5
|
| MP-5 (2) |
Documentation of activities |
MP-5
|
| MP-6 (4) |
Controlled unclassified information |
MP-6
|
| MP-6 (5) |
Classified information |
MP-6
|
| MP-6 (6) |
Media destruction |
MP-6
|
| PE-7 |
Visitor control |
PE-2, PE-3
|
| PE-8 (2) |
Physical access records |
PE-2
|
| PE-10 (1) |
Accidental / unauthorized activation |
PE-10
|
| PL-2 (1) |
Concept of operations |
PL-7
|
| PL-2 (2) |
Functional architecture |
PL-8
|
| PL-3 |
System security plan update |
PL-2
|
| PL-5 |
Privacy impact assessment |
Appendix J, AR-2
|
| PL-6 |
Security-related activity planning |
PL-2
|
| PS-6 (1) |
Information requiring special protection |
PS-3
|
| RA-4 |
Risk assessment update |
RA-3
|
| RA-5 (7) |
Automated detection and notification of unauthorized components |
CM-8
|
| RA-5 (9) |
Penetration testing and analyses |
CA-8
|
| SA-4 (4) |
Assignment of components to systems |
CM-8 (9)
|
| SA-5 (1) |
Functional properties of security controls |
SA-4 (1)
|
| SA-5 (2) |
Security-relevant external system interfaces |
SA-4 (2)
|
| SA-5 (3) |
High-level design |
SA-4 (2)
|
| SA-5 (4) |
Low-level design |
SA-4 (2)
|
| SA-5 (5) |
Source code |
SA-4 (2)
|
| SA-6 |
Software usage restrictions |
CM-10, SI-7
|
| SA-7 |
User-installed software |
CM-11, SI-7
|
| SA-12 (3) |
Trusted shipping and warehousing |
SA-12 (1)
|
| SA-12 (4) |
Diversity of suppliers |
SA-12 (13)
|
| SA-12 (6) |
Minimizing procurement time |
SA-12 (1)
|
| SA-14 (1) |
Critical components with no viable alternative sourcing |
SA-20
|
| SC-4 (1) |
Security levels |
SC-4
|
| SC-7 (1) |
Physically separated subnetworks |
SC-7
|
| SC-7 (2) |
Public access |
SC-7
|
| SC-7 (6) |
Response to recognized failures |
SC-7 (18)
|
| SC-9 |
Transmission confidentiality |
SC-8
|
| SC-12 (4) |
Pki certificates |
SC-12
|
| SC-12 (5) |
Pki certificates / hardware tokens |
SC-12
|
| SC-13 (1) |
Fips-validated cryptography |
SC-13
|
| SC-13 (2) |
Nsa-approved cryptography |
SC-13
|
| SC-13 (3) |
Individuals without formal access approvals |
SC-13
|
| SC-13 (4) |
Digital signatures |
SC-13
|
| SC-14 |
Public access protections |
AC-2, AC-3, AC-5, AC-6, SI-3, SI-4, SI-5, SI-7, SI-10
|
| SC-15 (2) |
Blocking inbound / outbound communications traffic |
SC-7
|
| SC-20 (1) |
Child subspaces |
SC-20
|
| SC-21 (1) |
Data origin / integrity |
SC-21
|
| SC-23 (2) |
User-initiated logouts / message displays |
AC-12 (1)
|
| SC-23 (4) |
Unique session identifiers with randomization |
SC-23 (3)
|
| SC-26 (1) |
Detection of malicious code |
SC-35
|
| SC-30 (1) |
Virtualization techniques |
SC-29 (1)
|
| SC-33 |
Transmission preparation integrity |
SC-8
|
| SI-2 (4) |
Automated patch management tools |
SI-2
|
| SI-3 (3) |
Non-privileged users |
AC-6 (10)
|
| SI-3 (5) |
Portable storage devices |
MP-7
|
| SI-4 (6) |
Restrict non-privileged users |
AC-6 (10)
|
| SI-4 (8) |
Protection of monitoring information |
SI-4
|
| SI-6 (1) |
Notification of failed security tests |
SI-6
|
| SI-7 (4) |
Tamper-evident packaging |
SA-12
|
| SI-9 |
Information input restrictions |
AC-2, AC-3, AC-5, AC-6
|
| SI-13 (2) |
Time limit on process execution without supervision |
SI-7 (16)
|
