(1a) map csc 5 to nist sp 800 53 rev 4 (security control table portrait) 20140804
DESCRIPTION
Map Critical Security Controls (CSC) V5 to NIST SP 800-53 Revision 4 (portrait) 20140804TRANSCRIPT
MAP CSC 5.0 to NIST SP 800‐53 Revision 4 Security Controls01: I 06: A 11: L 16: A
02: I 07: W 12: C 17: D
03: S 08: D 13: B 18: I
04: C 09: S 14: M 19: S
05: M 10: S 15: C 20: P
203 7 10 16 6 6 15 10 3 9 12 11 9 11 17 10 11 13 9 9 9
FAMILY CTRL-ID
CTRL-TITLE PRI
BASELINE-IMPACT
ENHANCE-ID
ENHANCEMENT-TITLE
Len 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
FAMILY CTRL-ID
(ENH)
ACCESS CONTROL 9 ACCESS CONTROL
AC-01 ACCESS CONTROL POLICY AND PROCEDURES 23 • AC-01
AC-02 ACCOUNT MANAGEMENT 49 • • • AC-02
AC-03 ACCESS ENFORCEMENT 26 • • • AC-03
AC-04 INFORMATION FLOW ENFORCEMENT 26 • • • • • AC-04
AC-05 SEPARATION OF DUTIES 20 AC-05
AC-06 LEAST PRIVILEGE 55 • • AC-06
AC-07 UNSUCCESSFUL LOGON ATTEMPTS 34 • AC-07
AC-08 SYSTEM USE NOTIFICATION 41 AC-08
AC-09 PREVIOUS LOGON (ACCESS) NOTIFICATION 40 AC-09
AC-10 CONCURRENT SESSION CONTROL 17 AC-10
AC-11 SESSION LOCK 2 • AC-11
AC-12 SESSION TERMINATION 2 • AC-12
AC-13 SUPERVISION AND REVIEW ' ACCESS CONTROL 63 AC-13
AC-14 PERMITTED ACTIONS WITHOUT IDENTIFICATION OR AUTHENTICATION 2 AC-14
AC-15 AUTOMATED MARKING 24 AC-15
AC-16 SECURITY ATTRIBUTES 58 AC-16
AC-17 REMOTE ACCESS 67 • • AC-17
AC-18 WIRELESS ACCESS 44 • AC-18
AC-19 ACCESS CONTROL FOR MOBILE DEVICES 57 • • AC-19
AC-20 USE OF EXTERNAL INFORMATION SYSTEMS 33 • AC-20
AC-21 INFORMATION SHARING 41 AC-21
AC-22 PUBLICLY ACCESSIBLE CONTENT 27 AC-22
AC-23 DATA MINING PROTECTION 29 • • AC-23
AC-24 ACCESS CONTROL DECISIONS 36 • AC-24
AC-25 REFERENCE MONITOR AC-25
AUDIT AND ACCOUNTABILITY 9 AUDIT AND ACCOUNTABILITY
AU-01 AUDIT AND ACCOUNTABILITY POLICY AND PROCEDURES 32 AU-01
AU-02 AUDIT EVENTS 22 • AU-02
AU-03 CONTENT OF AUDIT RECORDS 63 • AU-03
AU-04 AUDIT STORAGE CAPACITY 51 • AU-04
AU-05 RESPONSE TO AUDIT PROCESSING FAILURES 24 • AU-05
AU-06 AUDIT REVIEW, ANALYSIS, AND REPORTING 27 • AU-06
AU-07 AUDIT REDUCTION AND REPORT GENERATION 24 • AU-07
AU-08 TIME STAMPS 42 • AU-08
AU-09 PROTECTION OF AUDIT INFORMATION 35 • AU-09
AU-10 NON-REPUDIATION 42 • AU-10
AU-11 AUDIT RECORD RETENTION 2 • AU-11
AU-12 AUDIT GENERATION 62 • AU-12
AU-13 MONITORING FOR INFORMATION DISCLOSURE 2 • AU-13
AU-14 SESSION AUDIT 25 • AU-14
AU-15 ALTERNATE AUDIT CAPABILITY 46 AU-15
AU-16 CROSS-ORGANIZATIONAL AUDITING 21 AU-16
AWARENESS AND TRAINING 42 AWARENESS AND TRAINING
AT-01 SECURITY AWARENESS AND TRAINING POLICY AND PROCEDURES 35 • AT-01
AT-02 SECURITY AWARENESS TRAINING 2 • AT-02
AT-03 ROLE-BASED SECURITY TRAINING 35 • AT-03
AT-04 SECURITY TRAINING RECORDS 37 • AT-04
AT-05 CONTACTS WITH SECURITY GROUPS AND ASSOCIATIONS AT-05
CONFIGURATION MANAGEMENT 9 CONFIGURATION MANAGEMENT
CM-01 CONFIGURATION MANAGEMENT POLICY AND PROCEDURES 25 CM-01
CM-02 BASELINE CONFIGURATION 31 • • • • • • CM-02
CM-03 CONFIGURATION CHANGE CONTROL 2 • • CM-03
CM-04 SECURITY IMPACT ANALYSIS 26 CM-04
CM-05 ACCESS RESTRICTIONS FOR CHANGE 2 • • CM-05
CM-06 CONFIGURATION SETTINGS 24 • • • CM-06
CM-07 LEAST FUNCTIONALITY 44 • CM-07
CM-08 INFORMATION SYSTEM COMPONENT INVENTORY 78 • • • • • CM-08
CM-09 CONFIGURATION MANAGEMENT PLAN 35 • CM-09
CM-10 SOFTWARE USAGE RESTRICTIONS 25 • CM-10
CM-11 USER-INSTALLED SOFTWARE 32 • • CM-11
CONTINGENCY PLANNING 39 CONTINGENCY PLANNING
Cou
nt
CONTROL TABLE PORTRAIT Page 1 of 5
MAP CSC 5.0 to NIST SP 800‐53 Revision 4 Security Controls01: I 06: A 11: L 16: A
02: I 07: W 12: C 17: D
03: S 08: D 13: B 18: I
04: C 09: S 14: M 19: S
05: M 10: S 15: C 20: P
203 7 10 16 6 6 15 10 3 9 12 11 9 11 17 10 11 13 9 9 9
FAMILY CTRL-ID
CTRL-TITLE PRI
BASELINE-IMPACT
ENHANCE-ID
ENHANCEMENT-TITLE
Len 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
FAMILY CTRL-ID
(ENH)
Cou
nt
CP-01 CONTINGENCY PLANNING POLICY AND PROCEDURES 37 CP-01
CP-02 CONTINGENCY PLAN 2 CP-02
CP-03 CONTINGENCY TRAINING 29 CP-03
CP-04 CONTINGENCY PLAN TESTING 53 CP-04
CP-05 CONTINGENCY PLAN UPDATE 48 CP-05
CP-06 ALTERNATE STORAGE SITE 32 CP-06
CP-07 ALTERNATE PROCESSING SITE 56 CP-07
CP-08 TELECOMMUNICATIONS SERVICES 25 CP-08
CP-09 INFORMATION SYSTEM BACKUP 2 • CP-09
CP-10 INFORMATION SYSTEM RECOVERY AND RECONSTITUTION 38 • CP-10
CP-11 ALTERNATE COMMUNICATIONS PROTOCOLS 2 CP-11
CP-12 SAFE MODE 48 CP-12
CP-13 ALTERNATIVE SECURITY MECHANISMS 27 CP-13
IDENTIFICATION AND AUTHENTICATION 43 IDENTIFICATION AND AUTHENTICATION
IA-01 IDENTIFICATION AND AUTHENTICATION POLICY AND PROCEDURES 2 IA-01
IA-02 IDENTIFICATION AND AUTHENTICATION (ORGANIZATIONAL USERS) 50 • IA-02
IA-03 DEVICE IDENTIFICATION AND AUTHENTICATION 51 • • IA-03
IA-04 IDENTIFIER MANAGEMENT 29 • IA-04
IA-05 AUTHENTICATOR MANAGEMENT 33 • • IA-05
IA-06 AUTHENTICATOR FEEDBACK 2 IA-06
IA-07 CRYPTOGRAPHIC MODULE AUTHENTICATION 62 IA-07
IA-08 IDENTIFICATION AND AUTHENTICATION (NON-ORGANIZATIONAL USERS) 34 IA-08
IA-09 SERVICE IDENTIFICATION AND AUTHENTICATION 28 IA-09
IA-10 ADAPTIVE IDENTIFICATION AND AUTHENTICATION 2 • • IA-10
IA-11 RE-AUTHENTICATION 44 IA-11
INCIDENT RESPONSE 62 INCIDENT RESPONSE
IR-01 INCIDENT RESPONSE POLICY AND PROCEDURES 47 • IR-01
IR-02 INCIDENT RESPONSE TRAINING 53 • IR-02
IR-03 INCIDENT RESPONSE TESTING 44 • IR-03
IR-04 INCIDENT HANDLING 45 • IR-04
IR-05 INCIDENT MONITORING 2 • IR-05
IR-06 INCIDENT REPORTING 33 • IR-06
IR-07 INCIDENT RESPONSE ASSISTANCE 6 • IR-07
IR-08 INCIDENT RESPONSE PLAN 9 • IR-08
IR-09 INFORMATION SPILLAGE RESPONSE 31 • IR-09
IR-10 INTEGRATED INFORMATION SECURITY ANALYSIS TEAM 2 • IR-10
MAINTENANCE 31 MAINTENANCE
MA-01 SYSTEM MAINTENANCE POLICY AND PROCEDURES 32 MA-01
MA-02 CONTROLLED MAINTENANCE 49 MA-02
MA-03 MAINTENANCE TOOLS 35 MA-03
MA-04 NONLOCAL MAINTENANCE 23 • • MA-04
MA-05 MAINTENANCE PERSONNEL 27 MA-05
MA-06 TIMELY MAINTENANCE 2 MA-06
MEDIA PROTECTION 9 MEDIA PROTECTION
MP-01 MEDIA PROTECTION POLICY AND PROCEDURES 27 MP-01
MP-02 MEDIA ACCESS 40 MP-02
MP-03 MEDIA MARKING 21 • MP-03
MP-04 MEDIA STORAGE 27 • MP-04
MP-05 MEDIA TRANSPORT 37 • MP-05
MP-06 MEDIA SANITIZATION 2 MP-06
MP-07 MEDIA USE 30 MP-07
MP-08 MEDIA DOWNGRADING 16 MP-08
PERSONNEL SECURITY 18 PERSONNEL SECURITY
PS-01 PERSONNEL SECURITY POLICY AND PROCEDURES 14 PS-01
PS-02 POSITION RISK DESIGNATION 44 PS-02
PS-03 PERSONNEL SCREENING 2 PS-03
PS-04 PERSONNEL TERMINATION 32 PS-04
PS-05 PERSONNEL TRANSFER 25 PS-05
PS-06 ACCESS AGREEMENTS 43 PS-06
PS-07 THIRD-PARTY PERSONNEL SECURITY 2 PS-07
PS-08 PERSONNEL SANCTIONS 41 PS-08
PHYSICAL AND ENVIRONMENTAL PROTECTION 22 PHYSICAL AND ENVIRONMENTAL PROTECTION
CONTROL TABLE PORTRAIT Page 2 of 5
MAP CSC 5.0 to NIST SP 800‐53 Revision 4 Security Controls01: I 06: A 11: L 16: A
02: I 07: W 12: C 17: D
03: S 08: D 13: B 18: I
04: C 09: S 14: M 19: S
05: M 10: S 15: C 20: P
203 7 10 16 6 6 15 10 3 9 12 11 9 11 17 10 11 13 9 9 9
FAMILY CTRL-ID
CTRL-TITLE PRI
BASELINE-IMPACT
ENHANCE-ID
ENHANCEMENT-TITLE
Len 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
FAMILY CTRL-ID
(ENH)
Cou
nt
PE-01 PHYSICAL AND ENVIRONMENTAL PROTECTION POLICY AND PROCEDURES 36 PE-01
PE-02 PHYSICAL ACCESS AUTHORIZATIONS 43 PE-02
PE-03 PHYSICAL ACCESS CONTROL 64 PE-03
PE-04 ACCESS CONTROL FOR TRANSMISSION MEDIUM 40 PE-04
PE-05 ACCESS CONTROL FOR OUTPUT DEVICES 47 PE-05
PE-06 MONITORING PHYSICAL ACCESS 43 PE-06
PE-07 VISITOR CONTROL 2 PE-07
PE-08 VISITOR ACCESS RECORDS 56 PE-08
PE-09 POWER EQUIPMENT AND CABLING 2 PE-09
PE-10 EMERGENCY SHUTOFF 53 PE-10
PE-11 EMERGENCY POWER 32 PE-11
PE-12 EMERGENCY LIGHTING 22 PE-12
PE-13 FIRE PROTECTION 20 PE-13
PE-14 TEMPERATURE AND HUMIDITY CONTROLS 2 PE-14
PE-15 WATER DAMAGE PROTECTION 35 PE-15
PE-16 DELIVERY AND REMOVAL 38 PE-16
PE-17 ALTERNATE WORK SITE 47 PE-17
PE-18 LOCATION OF INFORMATION SYSTEM COMPONENTS 28 PE-18
PE-19 INFORMATION LEAKAGE 25 PE-19
PE-20 ASSET MONITORING AND TRACKING 14 PE-20
PLANNING 2 PLANNING
PL-01 SECURITY PLANNING POLICY AND PROCEDURES 24 PL-01
PL-02 SYSTEM SECURITY PLAN 2 PL-02
PL-03 SYSTEM SECURITY PLAN UPDATE 44 PL-03
PL-04 RULES OF BEHAVIOR 25 PL-04
PL-05 PRIVACY IMPACT ASSESSMENT 60 PL-05
PL-06 SECURITY-RELATED ACTIVITY PLANNING 32 PL-06
PL-07 SECURITY CONCEPT OF OPERATIONS 22 PL-07
PL-08 INFORMATION SECURITY ARCHITECTURE 2 PL-08
PL-09 CENTRAL MANAGEMENT 4 PL-09
Program Management 38 Program Management
PM-01 INFORMATION SECURITY PROGRAM PLAN 36 PM-01
PM-02 SENIOR INFORMATION SECURITY OFFICER 2 PM-02
PM-03 INFORMATION SECURITY RESOURCES 6 PM-03
PM-04 PLAN OF ACTION AND MILESTONES PROCESS 18 PM-04
PM-05 INFORMATION SYSTEM INVENTORY 4 • • PM-05
PM-06 INFORMATION SECURITY MEASURES OF PERFORMANCE 4 • PM-06
PM-07 ENTERPRISE ARCHITECTURE 4 PM-07
PM-08 CRITICAL INFRASTRUCTURE PLAN 4 PM-08
PM-09 RISK MANAGEMENT STRATEGY 4 PM-09
PM-10 SECURITY AUTHORIZATION PROCESS 4 PM-10
PM-11 MISSION/BUSINESS PROCESS DEFINITION 4 PM-11
PM-12 INSIDER THREAT PROGRAM 4 PM-12
PM-13 INFORMATION SECURITY WORKFORCE 4 • PM-13
PM-14 TESTING, TRAINING, AND MONITORING 4 • • PM-14
PM-15 CONTACTS WITH SECURITY GROUPS AND ASSOCIATIONS 4 PM-15
PM-16 THREAT AWARENESS PROGRAM 4 • • PM-16
RISK ASSESSMENT 38 RISK ASSESSMENT
RA-01 RISK ASSESSMENT POLICY AND PROCEDURES 4 RA-01
RA-02 SECURITY CATEGORIZATION 4 • RA-02
RA-03 RISK ASSESSMENT 4 RA-03
RA-04 RISK ASSESSMENT UPDATE 18 RA-04
RA-05 VULNERABILITY SCANNING 9 • • • RA-05
RA-06 TECHNICAL SURVEILLANCE COUNTERMEASURES SURVEY 23 • RA-06
SECURITY ASSESSMENT AND AUTHORIZATION 55 SECURITY ASSESSMENT AND AUTHORIZATION
CA-01 SECURITY ASSESSMENT AND AUTHORIZATION POLICY AND PROCEDURES 59 CA-01
CA-02 SECURITY ASSESSMENTS 2 • • CA-02
CA-03 SYSTEM INTERCONNECTIONS • • • • CA-03
CA-04 SECURITY CERTIFICATION 9 CA-04
CA-05 PLAN OF ACTION AND MILESTONES 4 • CA-05
CA-06 SECURITY AUTHORIZATION 65 • CA-06
CA-07 CONTINUOUS MONITORING 32 • • • • • • • • • • • • • • CA-07
CONTROL TABLE PORTRAIT Page 3 of 5
MAP CSC 5.0 to NIST SP 800‐53 Revision 4 Security Controls01: I 06: A 11: L 16: A
02: I 07: W 12: C 17: D
03: S 08: D 13: B 18: I
04: C 09: S 14: M 19: S
05: M 10: S 15: C 20: P
203 7 10 16 6 6 15 10 3 9 12 11 9 11 17 10 11 13 9 9 9
FAMILY CTRL-ID
CTRL-TITLE PRI
BASELINE-IMPACT
ENHANCE-ID
ENHANCEMENT-TITLE
Len 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
FAMILY CTRL-ID
(ENH)
Cou
nt
CA-08 PENETRATION TESTING 40 • CA-08
CA-09 INTERNAL SYSTEM CONNECTIONS 6 • • • • • CA-09
SYSTEM AND COMMUNICATIONS PROTECTION 9 SYSTEM AND COMMUNICATIONS PROTECTION
SC-01 SYSTEM AND COMMUNICATIONS PROTECTION POLICY AND PROCEDURES 28 SC-01
SC-02 APPLICATION PARTITIONING 34 SC-02
SC-03 SECURITY FUNCTION ISOLATION 57 SC-03
SC-04 INFORMATION IN SHARED RESOURCES 34 SC-04
SC-05 DENIAL OF SERVICE PROTECTION 37 SC-05
SC-06 RESOURCE AVAILABILITY 19 SC-06
SC-07 BOUNDARY PROTECTION 32 • SC-07
SC-08 TRANSMISSION CONFIDENTIALITY AND INTEGRITY 28 • • • SC-08
SC-09 TRANSMISSION CONFIDENTIALITY 28 SC-09
SC-10 NETWORK DISCONNECT 25 SC-10
SC-11 TRUSTED PATH 31 SC-11
SC-12 CRYPTOGRAPHIC KEY ESTABLISHMENT AND MANAGEMENT 61 SC-12
SC-13 CRYPTOGRAPHIC PROTECTION 35 SC-13
SC-14 PUBLIC ACCESS PROTECTIONS 69 SC-14
SC-15 COLLABORATIVE COMPUTING DEVICES 46 • SC-15
SC-16 TRANSMISSION OF SECURITY ATTRIBUTES 31 • SC-16
SC-17 PUBLIC KEY INFRASTRUCTURE CERTIFICATES 25 • • SC-17
SC-18 MOBILE CODE 48 • SC-18
SC-19 VOICE OVER INTERNET PROTOCOL 30 SC-19
SC-20 SECURE NAME / ADDRESS RESOLUTION SERVICE (AUTHORITATIVE SOURCE) 35 • • SC-20
SC-21 SECURE NAME / ADDRESS RESOLUTION SERVICE (RECURSIVE OR CACHING RESOLVER) 36 • • SC-21
SC-22 ARCHITECTURE AND PROVISIONING FOR NAME / ADDRESS RESOLUTION SERVICE 2 • • SC-22
SC-23 SESSION AUTHENTICITY 38 • SC-23
SC-24 FAIL IN KNOWN STATE 24 • SC-24
SC-25 THIN NODES 2 SC-25
SC-26 HONEYPOTS 54 SC-26
SC-27 PLATFORM-INDEPENDENT APPLICATIONS 36 SC-27
SC-28 PROTECTION OF INFORMATION AT REST 9 • SC-28
SC-29 HETEROGENEITY 32 SC-29
SC-30 CONCEALMENT AND MISDIRECTION 42 SC-30
SC-31 COVERT CHANNEL ANALYSIS 2 • SC-31
SC-32 INFORMATION SYSTEM PARTITIONING 2 • SC-32
SC-33 TRANSMISSION PREPARATION INTEGRITY 6 SC-33
SC-34 NON-MODIFIABLE EXECUTABLE PROGRAMS 47 • • • SC-34
SC-35 HONEYCLIENTS 39 SC-35
SC-36 DISTRIBUTED PROCESSING AND STORAGE 52 SC-36
SC-37 OUT-OF-BAND CHANNELS 49 • SC-37
SC-38 OPERATIONS SECURITY 59 SC-38
SC-39 PROCESS ISOLATION 50 • • SC-39
SC-40 WIRELESS LINK PROTECTION 40 • SC-40
SC-41 PORT AND I/O DEVICE ACCESS 66 • • SC-41
SC-42 SENSOR CAPABILITY AND DATA 54 SC-42
SC-43 USAGE RESTRICTIONS 23 SC-43
SC-44 DETONATION CHAMBERS 17 • SC-44
SYSTEM AND INFORMATION INTEGRITY 51 SYSTEM AND INFORMATION INTEGRITY
SI-01 SYSTEM AND INFORMATION INTEGRITY POLICY AND PROCEDURES 28 SI-01
SI-02 FLAW REMEDIATION 24 • SI-02
SI-03 MALICIOUS CODE PROTECTION 27 • SI-03
SI-04 INFORMATION SYSTEM MONITORING 2 • • • • • • • • • • • • • • SI-04
SI-05 SECURITY ALERTS, ADVISORIES, AND DIRECTIVES 40 SI-05
SI-06 SECURITY FUNCTION VERIFICATION 10 • SI-06
SI-07 SOFTWARE, FIRMWARE, AND INFORMATION INTEGRITY 2 • SI-07
SI-08 SPAM PROTECTION 52 • SI-08
SI-09 INFORMATION INPUT RESTRICTIONS 6 SI-09
SI-10 INFORMATION INPUT VALIDATION 4 • SI-10
SI-11 ERROR HANDLING 6 • SI-11
SI-12 INFORMATION HANDLING AND RETENTION 31 SI-12
SI-13 PREDICTABLE FAILURE PREVENTION 25 SI-13
SI-14 NON-PERSISTENCE 25 SI-14
CONTROL TABLE PORTRAIT Page 4 of 5
MAP CSC 5.0 to NIST SP 800‐53 Revision 4 Security Controls01: I 06: A 11: L 16: A
02: I 07: W 12: C 17: D
03: S 08: D 13: B 18: I
04: C 09: S 14: M 19: S
05: M 10: S 15: C 20: P
203 7 10 16 6 6 15 10 3 9 12 11 9 11 17 10 11 13 9 9 9
FAMILY CTRL-ID
CTRL-TITLE PRI
BASELINE-IMPACT
ENHANCE-ID
ENHANCEMENT-TITLE
Len 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
FAMILY CTRL-ID
(ENH)
Cou
nt
SI-15 INFORMATION OUTPUT FILTERING 41 • SI-15
SI-16 MEMORY PROTECTION 59 • SI-16
SI-17 FAIL-SAFE PROCEDURES 2 SI-17
SYSTEM AND SERVICES ACQUISITION 31 SYSTEM AND SERVICES ACQUISITION
SA-01 SYSTEM AND SERVICES ACQUISITION POLICY AND PROCEDURES 57 SA-01
SA-02 ALLOCATION OF RESOURCES 32 SA-02
SA-03 SYSTEM DEVELOPMENT LIFE CYCLE 23 • SA-03
SA-04 ACQUISITION PROCESS 24 • • • SA-04
SA-05 INFORMATION SYSTEM DOCUMENTATION 59 SA-05
SA-06 SOFTWARE USAGE RESTRICTIONS 32 SA-06
SA-07 USER-INSTALLED SOFTWARE 36 SA-07
SA-08 SECURITY ENGINEERING PRINCIPLES 36 • SA-08
SA-09 EXTERNAL INFORMATION SYSTEM SERVICES 2 • SA-09
SA-10 DEVELOPER CONFIGURATION MANAGEMENT 37 • SA-10
SA-11 DEVELOPER SECURITY TESTING AND EVALUATION 37 • • SA-11
SA-12 SUPPLY CHAIN PROTECTION 33 SA-12
SA-13 TRUSTWORTHINESS 45 • SA-13
SA-14 CRITICALITY ANALYSIS 27 SA-14
SA-15 DEVELOPMENT PROCESS, STANDARDS, AND TOOLS 31 • SA-15
SA-16 DEVELOPER-PROVIDED TRAINING 33 • • SA-16
SA-17 DEVELOPER SECURITY ARCHITECTURE AND DESIGN 38 • • SA-17
SA-18 TAMPER RESISTANCE AND DETECTION 35 • SA-18
SA-19 COMPONENT AUTHENTICITY 54 SA-19
SA-20 CUSTOMIZED DEVELOPMENT OF CRITICAL COMPONENTS 33 • SA-20
SA-21 DEVELOPER SCREENING 22 • SA-21
SA-22 UNSUPPORTED SYSTEM COMPONENTS 6 SA-22
CONTROL TABLE PORTRAIT Page 5 of 5