Upload File

nist nvd rev 4 security controls online database analysis

4
NIST NVD 800 Rev4 Data Analysis Page 1 of 4 Priority 256 100% P3 12 4.7% P2 36 14.1% P1 122 47.7% 137 82 44 11 93 71 49 18 20 19 14 11 7 9 2 5 1 4 3 2 P0 54 21.1% Combined Count Control Count Enhance Count Level 1 Count Level 2 Count Level 3 Count Level 4 Count Level 5 Count Level 6 Count Level 7 Count Level 8 Count (blank) 32 12.5% 124 261 343 115 159 170 9 102 173 4 53 71 3 23 42 1 15 26 1 8 17 2 7 1 5 3 2 FAMILY ID SECURITY CONTROL TITLE P Low Mod High L M H L M H L M H L M H L M H L M H L M H L M H L M H L M H L M H AC AC-1 ACCESS CONTROL POLICY AND PROCEDURES P1 AC-1 AC-1 AC-1 1 1 1 1 1 1 AC AC-2 ACCOUNT MANAGEMENT P1 AC-2 AC-2 (1) (2) (3) (4) AC-2 (1) (2) (3) (4) (5) (11) (12) (13) 1 5 9 1 1 1 4 8 (1) (1) (2) (2) (3) (3) (4) (4) (5) (11) (12) (13) AC AC-3 ACCESS ENFORCEMENT P1 AC-3 AC-3 AC-3 1 1 1 1 1 1 AC AC-4 INFORMATION FLOW ENFORCEMENT P1 AC-4 AC-4 1 1 1 1 AC AC-5 SEPARATION OF DUTIES P1 AC-5 AC-5 1 1 1 1 AC AC-6 LEAST PRIVILEGE P1 AC-6 (1) (2) (5) (9) (10) AC-6 (1) (2) (3) (5) (9) (10) 6 7 1 1 5 6 (1) (1) (2) (2) (5) (3) (9) (5) (10) (9) (10) AC AC-7 UNSUCCESSFUL LOGON ATTEMPTS P2 AC-7 AC-7 AC-7 1 1 1 1 1 1 AC AC-8 SYSTEM USE NOTIFICATION P1 AC-8 AC-8 AC-8 1 1 1 1 1 1 AC AC-9 PREVIOUS LOGON (ACCESS) NOTIFICATION P0 AC AC-10 CONCURRENT SESSION CONTROL P3 AC-10 1 1 AC AC-11 SESSION LOCK P3 AC-11 (1) AC-11 (1) 2 2 1 1 1 1 (1) (1) AC AC-12 SESSION TERMINATION P2 AC-12 AC-12 1 1 1 1 AC AC-13 SUPERVISION AND REVIEW - ACCESS CONTROL (blank) AC AC-14 PERMITTED ACTIONS WITHOUT IDENTIFICATION OR AUTHENTICATION P3 AC-14 AC-14 AC-14 1 1 1 1 1 1 AC AC-15 AUTOMATED MARKING (blank) AC AC-16 SECURITY ATTRIBUTES P0 AC AC-17 REMOTE ACCESS P1 AC-17 AC-17 (1) (2) (3) (4) AC-17 (1) (2) (3) (4) 1 5 5 1 1 1 4 4 (1) (1) (2) (2) (3) (3) (4) (4) AC AC-18 WIRELESS ACCESS P1 AC-18 AC-18 (1) AC-18 (1) (4) (5) 1 2 4 1 1 1 1 3 (1) (1) (4) (5) AC AC-19 ACCESS CONTROL FOR MOBILE DEVICES P1 AC-19 AC-19 (5) AC-19 (5) 1 2 2 1 1 1 1 1 (5) (5) AC AC-20 USE OF EXTERNAL INFORMATION SYSTEMS P1 AC-20 AC-20 (1) (2) AC-20 (1) (2) 1 3 3 1 1 1 2 2 (1) (1) (2) (2) AC AC-21 INFORMATION SHARING P2 AC-21 AC-21 1 1 1 1 AC AC-22 PUBLICLY ACCESSIBLE CONTENT P3 AC-22 AC-22 AC-22 1 1 1 1 1 1 AC AC-23 DATA MINING PROTECTION P0 AC AC-24 ACCESS CONTROL DECISIONS P0 AC AC-25 REFERENCE MONITOR P0 AT AT-1 SECURITY AWARENESS AND TRAINING POLICY AND PROCEDURES P1 AT-1 AT-1 AT-1 1 1 1 1 1 1 AT AT-2 SECURITY AWARENESS TRAINING P1 AT-2 AT-2 (2) AT-2 (2) 1 2 2 1 1 1 1 1 (2) (2) AT AT-3 ROLE-BASED SECURITY TRAINING P1 AT-3 AT-3 AT-3 1 1 1 1 1 1 AT AT-4 SECURITY TRAINING RECORDS P3 AT-4 AT-4 AT-4 1 1 1 1 1 1 AT AT-5 CONTACTS WITH SECURITY GROUPS AND ASSOCIATIONS (blank) AU AU-1 AUDIT AND ACCOUNTABILITY POLICY AND PROCEDURES P1 AU-1 AU-1 AU-1 1 1 1 1 1 1 AU AU-2 AUDIT EVENTS P1 AU-2 AU-2 (3) AU-2 (3) 1 2 2 1 1 1 1 1 (3) (3) AU AU-3 CONTENT OF AUDIT RECORDS P1 AU-3 AU-3 (1) AU-3 (1) (2) 1 2 3 1 1 1 1 2 (1) (1) (2) AU AU-4 AUDIT STORAGE CAPACITY P1 AU-4 AU-4 AU-4 1 1 1 1 1 1 AU AU-5 RESPONSE TO AUDIT PROCESSING FAILURES P1 AU-5 AU-5 AU-5 (1) (2) 1 1 3 1 1 1 2 (1) (2) AU AU-6 AUDIT REVIEW, ANALYSIS, AND REPORTING P1 AU-6 AU-6 (1) (3) AU-6 (1) (3) (5) (6) 1 3 5 1 1 1 2 4 (1) (1) (3) (3) (5) (6) AU AU-7 AUDIT REDUCTION AND REPORT GENERATION P2 AU-7 (1) AU-7 (1) 2 2 1 1 1 1 (1) (1) AU AU-8 TIME STAMPS P1 AU-8 AU-8 (1) AU-8 (1) 1 2 2 1 1 1 1 1 (1) (1) AU AU-9 PROTECTION OF AUDIT INFORMATION P1 AU-9 AU-9 (4) AU-9 (2) (3) (4) 1 2 4 1 1 1 1 3 (4) (2) (3) (4) AU AU-10 NON-REPUDIATION P2 AU-10 1 1 AU AU-11 AUDIT RECORD RETENTION P3 AU-11 AU-11 AU-11 1 1 1 1 1 1 AU AU-12 AUDIT GENERATION P1 AU-12 AU-12 AU-12 (1) (3) 1 1 3 1 1 1 2 (1) (3) AU AU-13 MONITORING FOR INFORMATION DISCLOSURE P0 AU AU-14 SESSION AUDIT P0 AU AU-15 ALTERNATE AUDIT CAPABILITY P0 AU AU-16 CROSS-ORGANIZATIONAL AUDITING P0 CA CA-1 SECURITY ASSESSMENT AND AUTHORIZATION POLICY AND PROCEDURES P1 CA-1 CA-1 CA-1 1 1 1 1 1 1 CA CA-2 SECURITY ASSESSMENTS P2 CA-2 CA-2 (1) CA-2 (1) (2) 1 2 3 1 1 1 1 2 (1) (1) (2) CA CA-3 SYSTEM INTERCONNECTIONS P1 CA-3 CA-3 (5) CA-3 (5) 1 2 2 1 1 1 1 1 (5) (5) CA CA-4 SECURITY CERTIFICATION (blank) CA CA-5 PLAN OF ACTION AND MILESTONES P3 CA-5 CA-5 CA-5 1 1 1 1 1 1 CA CA-6 SECURITY AUTHORIZATION P2 CA-6 CA-6 CA-6 1 1 1 1 1 1 CA CA-7 CONTINUOUS MONITORING P2 CA-7 CA-7 (1) CA-7 (1) 1 2 2 1 1 1 1 1 (1) (1) CA CA-8 PENETRATION TESTING P2 CA-8 1 1 CA CA-9 INTERNAL SYSTEM CONNECTIONS P2 CA-9 CA-9 CA-9 1 1 1 1 1 1 CM CM-1 CONFIGURATION MANAGEMENT POLICY AND PROCEDURES P1 CM-1 CM-1 CM-1 1 1 1 1 1 1 CM CM-2 BASELINE CONFIGURATION P1 CM-2 CM-2 (1) (3) (7) CM-2 (1) (2) (3) (7) 1 4 5 1 1 1 3 4 (1) (1) (3) (2) (7) (3) (7) CM CM-3 CONFIGURATION CHANGE CONTROL P1 CM-3 (2) CM-3 (1) (2) 2 3 1 1 1 2 (2) (1) (2) CM CM-4 SECURITY IMPACT ANALYSIS P2 CM-4 CM-4 CM-4 (1) 1 1 2 1 1 1 1 (1) CM CM-5 ACCESS RESTRICTIONS FOR CHANGE P1 CM-5 CM-5 (1) (2) (3) 1 4 1 1 3 (1) (2) (3) CM CM-6 CONFIGURATION SETTINGS P1 CM-6 CM-6 CM-6 (1) (2) 1 1 3 1 1 1 2 (1) (2) CM CM-7 LEAST FUNCTIONALITY P1 CM-7 CM-7 (1) (2) (4) CM-7 (1) (2) (5) 1 4 4 1 1 1 3 3 (1) (1) (2) (2) (4) (5) CM CM-8 INFORMATION SYSTEM COMPONENT INVENTORY P1 CM-8 CM-8 (1) (3) (5) CM-8 (1) (2) (3) (4) (5) 1 4 6 1 1 1 3 5 (1) (1) (3) (2) (5) (3) (4) (5) CM CM-9 CONFIGURATION MANAGEMENT PLAN P1 CM-9 CM-9 1 1 1 1

Upload: james-w-de-rienzo

Post on 13-Jul-2015

147 views

Category:

Data & Analytics


0 download

Report

TRANSCRIPT

Page 1: NIST NVD REV 4 Security Controls Online Database Analysis

NIST NVD 800 Rev4 Data Analysis

Page 1 of 4

Priority 256 100%

P3 12 4.7%

P2 36 14.1%P1 122 47.7% 137 82 44 11 93 71 49 18 20 19 14 11 7 9 2 5 1 4 3 2

P0 54 21.1% Combined Count Control Count Enhance Count Level 1 Count Level 2 Count Level 3 Count Level 4 Count Level 5 Count Level 6 Count Level 7 Count Level 8 Count(blank) 32 12.5% 124 261 343 115 159 170 9 102 173 4 53 71 3 23 42 1 15 26 1 8 17 2 7 1 5 3 2

FAMILY ID SECURITY CONTROL TITLE P Low Mod High L M H L M H L M H L M H L M H L M H L M H L M H L M H L M H L M H

AC AC-1 ACCESS CONTROL POLICY AND PROCEDURES P1 AC-1 AC-1 AC-1 1 1 1 1 1 1

AC AC-2 ACCOUNT MANAGEMENT P1 AC-2 AC-2 (1) (2) (3) (4) AC-2 (1) (2) (3) (4) (5) (11) (12) (13) 1 5 9 1 1 1 4 8 (1) (1) (2) (2) (3) (3) (4) (4) (5) (11) (12) (13)

AC AC-3 ACCESS ENFORCEMENT P1 AC-3 AC-3 AC-3 1 1 1 1 1 1

AC AC-4 INFORMATION FLOW ENFORCEMENT P1 AC-4 AC-4 1 1 1 1

AC AC-5 SEPARATION OF DUTIES P1 AC-5 AC-5 1 1 1 1

AC AC-6 LEAST PRIVILEGE P1 AC-6 (1) (2) (5) (9) (10) AC-6 (1) (2) (3) (5) (9) (10) 6 7 1 1 5 6 (1) (1) (2) (2) (5) (3) (9) (5) (10) (9) (10)

AC AC-7 UNSUCCESSFUL LOGON ATTEMPTS P2 AC-7 AC-7 AC-7 1 1 1 1 1 1

AC AC-8 SYSTEM USE NOTIFICATION P1 AC-8 AC-8 AC-8 1 1 1 1 1 1

AC AC-9 PREVIOUS LOGON (ACCESS) NOTIFICATION P0

AC AC-10 CONCURRENT SESSION CONTROL P3 AC-10 1 1

AC AC-11 SESSION LOCK P3 AC-11 (1) AC-11 (1) 2 2 1 1 1 1 (1) (1)

AC AC-12 SESSION TERMINATION P2 AC-12 AC-12 1 1 1 1

AC AC-13 SUPERVISION AND REVIEW - ACCESS CONTROL (blank)

AC AC-14 PERMITTED ACTIONS WITHOUT IDENTIFICATION OR AUTHENTICATION P3 AC-14 AC-14 AC-14 1 1 1 1 1 1

AC AC-15 AUTOMATED MARKING (blank)

AC AC-16 SECURITY ATTRIBUTES P0

AC AC-17 REMOTE ACCESS P1 AC-17 AC-17 (1) (2) (3) (4) AC-17 (1) (2) (3) (4) 1 5 5 1 1 1 4 4 (1) (1) (2) (2) (3) (3) (4) (4)

AC AC-18 WIRELESS ACCESS P1 AC-18 AC-18 (1) AC-18 (1) (4) (5) 1 2 4 1 1 1 1 3 (1) (1) (4) (5)

AC AC-19 ACCESS CONTROL FOR MOBILE DEVICES P1 AC-19 AC-19 (5) AC-19 (5) 1 2 2 1 1 1 1 1 (5) (5)

AC AC-20 USE OF EXTERNAL INFORMATION SYSTEMS P1 AC-20 AC-20 (1) (2) AC-20 (1) (2) 1 3 3 1 1 1 2 2 (1) (1) (2) (2)

AC AC-21 INFORMATION SHARING P2 AC-21 AC-21 1 1 1 1

AC AC-22 PUBLICLY ACCESSIBLE CONTENT P3 AC-22 AC-22 AC-22 1 1 1 1 1 1

AC AC-23 DATA MINING PROTECTION P0

AC AC-24 ACCESS CONTROL DECISIONS P0

AC AC-25 REFERENCE MONITOR P0

AT AT-1 SECURITY AWARENESS AND TRAINING POLICY AND PROCEDURES P1 AT-1 AT-1 AT-1 1 1 1 1 1 1

AT AT-2 SECURITY AWARENESS TRAINING P1 AT-2 AT-2 (2) AT-2 (2) 1 2 2 1 1 1 1 1 (2) (2)

AT AT-3 ROLE-BASED SECURITY TRAINING P1 AT-3 AT-3 AT-3 1 1 1 1 1 1

AT AT-4 SECURITY TRAINING RECORDS P3 AT-4 AT-4 AT-4 1 1 1 1 1 1

AT AT-5 CONTACTS WITH SECURITY GROUPS AND ASSOCIATIONS (blank)

AU AU-1 AUDIT AND ACCOUNTABILITY POLICY AND PROCEDURES P1 AU-1 AU-1 AU-1 1 1 1 1 1 1

AU AU-2 AUDIT EVENTS P1 AU-2 AU-2 (3) AU-2 (3) 1 2 2 1 1 1 1 1 (3) (3)

AU AU-3 CONTENT OF AUDIT RECORDS P1 AU-3 AU-3 (1) AU-3 (1) (2) 1 2 3 1 1 1 1 2 (1) (1) (2)

AU AU-4 AUDIT STORAGE CAPACITY P1 AU-4 AU-4 AU-4 1 1 1 1 1 1

AU AU-5 RESPONSE TO AUDIT PROCESSING FAILURES P1 AU-5 AU-5 AU-5 (1) (2) 1 1 3 1 1 1 2 (1) (2)

AU AU-6 AUDIT REVIEW, ANALYSIS, AND REPORTING P1 AU-6 AU-6 (1) (3) AU-6 (1) (3) (5) (6) 1 3 5 1 1 1 2 4 (1) (1) (3) (3) (5) (6)

AU AU-7 AUDIT REDUCTION AND REPORT GENERATION P2 AU-7 (1) AU-7 (1) 2 2 1 1 1 1 (1) (1)

AU AU-8 TIME STAMPS P1 AU-8 AU-8 (1) AU-8 (1) 1 2 2 1 1 1 1 1 (1) (1)

AU AU-9 PROTECTION OF AUDIT INFORMATION P1 AU-9 AU-9 (4) AU-9 (2) (3) (4) 1 2 4 1 1 1 1 3 (4) (2) (3) (4)

AU AU-10 NON-REPUDIATION P2 AU-10 1 1

AU AU-11 AUDIT RECORD RETENTION P3 AU-11 AU-11 AU-11 1 1 1 1 1 1

AU AU-12 AUDIT GENERATION P1 AU-12 AU-12 AU-12 (1) (3) 1 1 3 1 1 1 2 (1) (3)

AU AU-13 MONITORING FOR INFORMATION DISCLOSURE P0

AU AU-14 SESSION AUDIT P0

AU AU-15 ALTERNATE AUDIT CAPABILITY P0

AU AU-16 CROSS-ORGANIZATIONAL AUDITING P0

CA CA-1 SECURITY ASSESSMENT AND AUTHORIZATION POLICY AND PROCEDURES P1 CA-1 CA-1 CA-1 1 1 1 1 1 1

CA CA-2 SECURITY ASSESSMENTS P2 CA-2 CA-2 (1) CA-2 (1) (2) 1 2 3 1 1 1 1 2 (1) (1) (2)

CA CA-3 SYSTEM INTERCONNECTIONS P1 CA-3 CA-3 (5) CA-3 (5) 1 2 2 1 1 1 1 1 (5) (5)

CA CA-4 SECURITY CERTIFICATION (blank)

CA CA-5 PLAN OF ACTION AND MILESTONES P3 CA-5 CA-5 CA-5 1 1 1 1 1 1

CA CA-6 SECURITY AUTHORIZATION P2 CA-6 CA-6 CA-6 1 1 1 1 1 1

CA CA-7 CONTINUOUS MONITORING P2 CA-7 CA-7 (1) CA-7 (1) 1 2 2 1 1 1 1 1 (1) (1)

CA CA-8 PENETRATION TESTING P2 CA-8 1 1

CA CA-9 INTERNAL SYSTEM CONNECTIONS P2 CA-9 CA-9 CA-9 1 1 1 1 1 1

CM CM-1 CONFIGURATION MANAGEMENT POLICY AND PROCEDURES P1 CM-1 CM-1 CM-1 1 1 1 1 1 1

CM CM-2 BASELINE CONFIGURATION P1 CM-2 CM-2 (1) (3) (7) CM-2 (1) (2) (3) (7) 1 4 5 1 1 1 3 4 (1) (1) (3) (2) (7) (3) (7)

CM CM-3 CONFIGURATION CHANGE CONTROL P1 CM-3 (2) CM-3 (1) (2) 2 3 1 1 1 2 (2) (1) (2)

CM CM-4 SECURITY IMPACT ANALYSIS P2 CM-4 CM-4 CM-4 (1) 1 1 2 1 1 1 1 (1)

CM CM-5 ACCESS RESTRICTIONS FOR CHANGE P1 CM-5 CM-5 (1) (2) (3) 1 4 1 1 3 (1) (2) (3)

CM CM-6 CONFIGURATION SETTINGS P1 CM-6 CM-6 CM-6 (1) (2) 1 1 3 1 1 1 2 (1) (2)

CM CM-7 LEAST FUNCTIONALITY P1 CM-7 CM-7 (1) (2) (4) CM-7 (1) (2) (5) 1 4 4 1 1 1 3 3 (1) (1) (2) (2) (4) (5)

CM CM-8 INFORMATION SYSTEM COMPONENT INVENTORY P1 CM-8 CM-8 (1) (3) (5) CM-8 (1) (2) (3) (4) (5) 1 4 6 1 1 1 3 5 (1) (1) (3) (2) (5) (3) (4) (5)

CM CM-9 CONFIGURATION MANAGEMENT PLAN P1 CM-9 CM-9 1 1 1 1

http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=AC-1
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=AC-2
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=AC-3
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=AC-4
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=AC-5
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=AC-6
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=AC-7
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=AC-8
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=AC-9
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=AC-10
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=AC-11
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=AC-11#enhancement-1�
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=AC-11#enhancement-1�
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=AC-12
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=AC-13
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=AC-14
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=AC-15
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=AC-16
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=AC-17
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=AC-18
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=AC-18#enhancement-1�
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=AC-19
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=AC-19#enhancement-5�
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=AC-19#enhancement-5�
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=AC-20
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=AC-21
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=AC-22
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=AC-23
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=AC-24
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=AC-25
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=AT-1
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=AT-2
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=AT-2#enhancement-2�
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=AT-2#enhancement-2�
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=AT-3
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=AT-4
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=AT-5
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=AU-1
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=AU-2
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=AU-2#enhancement-3�
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=AU-2#enhancement-3�
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=AU-3
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=AU-3#enhancement-1�
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=AU-4
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=AU-5
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=AU-6
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=AU-7
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=AU-7#enhancement-1�
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=AU-7#enhancement-1�
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=AU-8
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=AU-8#enhancement-1�
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=AU-8#enhancement-1�
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=AU-9
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=AU-9#enhancement-4�
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=AU-10
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=AU-11
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=AU-12
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=AU-13
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=AU-14
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=AU-15
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=AU-16
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=CA-1
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=CA-2
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=CA-2#enhancement-1�
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=CA-3
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=CA-3#enhancement-5�
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=CA-3#enhancement-5�
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=CA-4
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=CA-5
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=CA-6
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=CA-7
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=CA-7#enhancement-1�
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=CA-7#enhancement-1�
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=CA-8
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=CA-9
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=CM-1
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=CM-2
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=CM-3
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=CM-3#enhancement-2�
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=CM-4
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=CM-4#enhancement-1�
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=CM-5
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=CM-6
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=CM-7
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=CM-8
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=CM-9
Page 2: NIST NVD REV 4 Security Controls Online Database Analysis

NIST NVD 800 Rev4 Data Analysis

Page 2 of 4

Priority 256 100%

P3 12 4.7%

P2 36 14.1%P1 122 47.7% 137 82 44 11 93 71 49 18 20 19 14 11 7 9 2 5 1 4 3 2

P0 54 21.1% Combined Count Control Count Enhance Count Level 1 Count Level 2 Count Level 3 Count Level 4 Count Level 5 Count Level 6 Count Level 7 Count Level 8 Count(blank) 32 12.5% 124 261 343 115 159 170 9 102 173 4 53 71 3 23 42 1 15 26 1 8 17 2 7 1 5 3 2

FAMILY ID SECURITY CONTROL TITLE P Low Mod High L M H L M H L M H L M H L M H L M H L M H L M H L M H L M H L M H

CM CM-10 SOFTWARE USAGE RESTRICTIONS P2 CM-10 CM-10 CM-10 1 1 1 1 1 1

CM CM-11 USER-INSTALLED SOFTWARE P1 CM-11 CM-11 CM-11 1 1 1 1 1 1

CP CP-1 CONTINGENCY PLANNING POLICY AND PROCEDURES P1 CP-1 CP-1 CP-1 1 1 1 1 1 1

CP CP-2 CONTINGENCY PLAN P1 CP-2 CP-2 (1) (3) (8) CP-2 (1) (2) (3) (4) (5) (8) 1 4 7 1 1 1 3 6 (1) (1) (3) (2) (8) (3) (4) (5) (8)

CP CP-3 CONTINGENCY TRAINING P2 CP-3 CP-3 CP-3 (1) 1 1 2 1 1 1 1 (1)

CP CP-4 CONTINGENCY PLAN TESTING P2 CP-4 CP-4 (1) CP-4 (1) (2) 1 2 3 1 1 1 1 2 (1) (1) (2)

CP CP-5 CONTINGENCY PLAN UPDATE (blank)

CP CP-6 ALTERNATE STORAGE SITE P1 CP-6 (1) (3) CP-6 (1) (2) (3) 3 4 1 1 2 3 (1) (1) (3) (2) (3)

CP CP-7 ALTERNATE PROCESSING SITE P1 CP-7 (1) (2) (3) CP-7 (1) (2) (3) (4) 4 5 1 1 3 4 (1) (1) (2) (2) (3) (3) (4)

CP CP-8 TELECOMMUNICATIONS SERVICES P1 CP-8 (1) (2) CP-8 (1) (2) (3) (4) 3 5 1 1 2 4 (1) (1) (2) (2) (3) (4)

CP CP-9 INFORMATION SYSTEM BACKUP P1 CP-9 CP-9 (1) CP-9 (1) (2) (3) (5) 1 2 5 1 1 1 1 4 (1) (1) (2) (3) (5)

CP CP-10 INFORMATION SYSTEM RECOVERY AND RECONSTITUTION P1 CP-10 CP-10 (2) CP-10 (2) (4) 1 2 3 1 1 1 1 2 (2) (2) (4)

CP CP-11 ALTERNATE COMMUNICATIONS PROTOCOLS P0

CP CP-12 SAFE MODE P0

CP CP-13 ALTERNATIVE SECURITY MECHANISMS P0

IA IA-1 IDENTIFICATION AND AUTHENTICATION POLICY AND PROCEDURES P1 IA-1 IA-1 IA-1 1 1 1 1 1 1

IA IA-2 IDENTIFICATION AND AUTHENTICATION (ORGANIZATIONAL USERS) P1 IA-2 (1) (12) IA-2 (1) (2) (3) (8) (11) (12) IA-2 (1) (2) (3) (4) (8) (9) (11) (12) 3 7 9 1 1 1 2 6 8 (1) (1) (1) (12) (2) (2) (3) (3) (8) (4) (11) (8) (12) (9) (11) (12)

IA IA-3 DEVICE IDENTIFICATION AND AUTHENTICATION P1 IA-3 IA-3 1 1 1 1

IA IA-4 IDENTIFIER MANAGEMENT P1 IA-4 IA-4 IA-4 1 1 1 1 1 1

IA IA-5 AUTHENTICATOR MANAGEMENT P1 IA-5 (1) (11) IA-5 (1) (2) (3) (11) IA-5 (1) (2) (3) (11) 3 5 5 1 1 1 2 4 4 (1) (1) (1) (11) (2) (2) (3) (3) (11) (11)

IA IA-6 AUTHENTICATOR FEEDBACK P2 IA-6 IA-6 IA-6 1 1 1 1 1 1

IA IA-7 CRYPTOGRAPHIC MODULE AUTHENTICATION P1 IA-7 IA-7 IA-7 1 1 1 1 1 1

IA IA-8 IDENTIFICATION AND AUTHENTICATION (NON-ORGANIZATIONAL USERS) P1 IA-8 (1) (2) (3) (4) IA-8 (1) (2) (3) (4) IA-8 (1) (2) (3) (4) 5 5 5 1 1 1 4 4 4 (1) (1) (1) (2) (2) (2) (3) (3) (3) (4) (4) (4)

IA IA-9 SERVICE IDENTIFICATION AND AUTHENTICATION P0

IA IA-10 ADAPTIVE IDENTIFICATION AND AUTHENTICATION P0

IA IA-11 RE-AUTHENTICATION P0

IR IR-1 INCIDENT RESPONSE POLICY AND PROCEDURES P1 IR-1 IR-1 IR-1 1 1 1 1 1 1

IR IR-2 INCIDENT RESPONSE TRAINING P2 IR-2 IR-2 IR-2 (1) (2) 1 1 3 1 1 1 2 (1) (2)

IR IR-3 INCIDENT RESPONSE TESTING P2 IR-3 (2) IR-3 (2) 2 2 1 1 1 1 (2) (2)

IR IR-4 INCIDENT HANDLING P1 IR-4 IR-4 (1) IR-4 (1) (4) 1 2 3 1 1 1 1 2 (1) (1) (4)

IR IR-5 INCIDENT MONITORING P1 IR-5 IR-5 IR-5 (1) 1 1 2 1 1 1 1 (1)

IR IR-6 INCIDENT REPORTING P1 IR-6 IR-6 (1) IR-6 (1) 1 2 2 1 1 1 1 1 (1) (1)

IR IR-7 INCIDENT RESPONSE ASSISTANCE P2 IR-7 IR-7 (1) IR-7 (1) 1 2 2 1 1 1 1 1 (1) (1)

IR IR-8 INCIDENT RESPONSE PLAN P1 IR-8 IR-8 IR-8 1 1 1 1 1 1

IR IR-9 INFORMATION SPILLAGE RESPONSE P0

IR IR-10 INTEGRATED INFORMATION SECURITY ANALYSIS TEAM P0

MA MA-1 SYSTEM MAINTENANCE POLICY AND PROCEDURES P1 MA-1 MA-1 MA-1 1 1 1 1 1 1

MA MA-2 CONTROLLED MAINTENANCE P2 MA-2 MA-2 MA-2 (2) 1 1 2 1 1 1 1 (2)

MA MA-3 MAINTENANCE TOOLS P3 MA-3 (1) (2) MA-3 (1) (2) (3) 3 4 1 1 2 3 (1) (1) (2) (2) (3)

MA MA-4 NONLOCAL MAINTENANCE P2 MA-4 MA-4 (2) MA-4 (2) (3) 1 2 3 1 1 1 1 2 (2) (2) (3)

MA MA-5 MAINTENANCE PERSONNEL P2 MA-5 MA-5 MA-5 (1) 1 1 2 1 1 1 1 (1)

MA MA-6 TIMELY MAINTENANCE P2 MA-6 MA-6 1 1 1 1

MP MP-1 MEDIA PROTECTION POLICY AND PROCEDURES P1 MP-1 MP-1 MP-1 1 1 1 1 1 1

MP MP-2 MEDIA ACCESS P1 MP-2 MP-2 MP-2 1 1 1 1 1 1

MP MP-3 MEDIA MARKING P2 MP-3 MP-3 1 1 1 1

MP MP-4 MEDIA STORAGE P1 MP-4 MP-4 1 1 1 1

MP MP-5 MEDIA TRANSPORT P1 MP-5 (4) MP-5 (4) 2 2 1 1 1 1 (4) (4)

MP MP-6 MEDIA SANITIZATION P1 MP-6 MP-6 MP-6 (1) (2) (3) 1 1 4 1 1 1 3 (1) (2) (3)

MP MP-7 MEDIA USE P1 MP-7 MP-7 (1) MP-7 (1) 1 2 2 1 1 1 1 1 (1) (1)

MP MP-8 MEDIA DOWNGRADING P0

PE PE-1 PHYSICAL AND ENVIRONMENTAL PROTECTION POLICY AND PROCEDURES P1 PE-1 PE-1 PE-1 1 1 1 1 1 1

PE PE-2 PHYSICAL ACCESS AUTHORIZATIONS P1 PE-2 PE-2 PE-2 1 1 1 1 1 1

PE PE-3 PHYSICAL ACCESS CONTROL P1 PE-3 PE-3 PE-3 (1) 1 1 2 1 1 1 1 (1)

PE PE-4 ACCESS CONTROL FOR TRANSMISSION MEDIUM P1 PE-4 PE-4 1 1 1 1

PE PE-5 ACCESS CONTROL FOR OUTPUT DEVICES P2 PE-5 PE-5 1 1 1 1

PE PE-6 MONITORING PHYSICAL ACCESS P1 PE-6 PE-6 (1) PE-6 (1) (4) 1 2 3 1 1 1 1 2 (1) (1) (4)

PE PE-7 VISITOR CONTROL (blank)

PE PE-8 VISITOR ACCESS RECORDS P3 PE-8 PE-8 PE-8 (1) 1 1 2 1 1 1 1 (1)

PE PE-9 POWER EQUIPMENT AND CABLING P1 PE-9 PE-9 1 1 1 1

PE PE-10 EMERGENCY SHUTOFF P1 PE-10 PE-10 1 1 1 1

PE PE-11 EMERGENCY POWER P1 PE-11 PE-11 (1) 1 2 1 1 1 (1)

PE PE-12 EMERGENCY LIGHTING P1 PE-12 PE-12 PE-12 1 1 1 1 1 1

PE PE-13 FIRE PROTECTION P1 PE-13 PE-13 (3) PE-13 (1) (2) (3) 1 2 4 1 1 1 1 3 (3) (1) (2) (3)

PE PE-14 TEMPERATURE AND HUMIDITY CONTROLS P1 PE-14 PE-14 PE-14 1 1 1 1 1 1

http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=CM-10
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=CM-11
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=CP-1
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=CP-2
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=CP-3
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=CP-3#enhancement-1�
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=CP-4
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=CP-4#enhancement-1�
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=CP-5
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=CP-6
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=CP-7
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=CP-8
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=CP-9
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=CP-9#enhancement-1�
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=CP-10
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=CP-10#enhancement-2�
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=CP-11
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=CP-12
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=CP-13
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=IA-1
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=IA-2
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=IA-3
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=IA-4
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=IA-5
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=IA-6
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=IA-7
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=IA-8
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=IA-9
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=IA-10
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=IA-11
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=IR-1
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=IR-2
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=IR-3
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=IR-3#enhancement-2�
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=IR-3#enhancement-2�
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=IR-4
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=IR-4#enhancement-1�
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=IR-5
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=IR-5#enhancement-1�
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=IR-6
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=IR-6#enhancement-1�
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=IR-6#enhancement-1�
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=IR-7
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=IR-7#enhancement-1�
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=IR-7#enhancement-1�
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=IR-8
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=IR-9
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=IR-10
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=MA-1
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=MA-2
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=MA-2#enhancement-2�
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=MA-3
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=MA-4
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=MA-4#enhancement-2�
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=MA-5
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=MA-5#enhancement-1�
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=MA-6
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=MP-1
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=MP-2
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=MP-3
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=MP-4
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=MP-5
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=MP-5#enhancement-4�
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=MP-5#enhancement-4�
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=MP-6
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=MP-7
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=MP-7#enhancement-1�
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=MP-7#enhancement-1�
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=MP-8
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=PE-1
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=PE-2
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=PE-3
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=PE-3#enhancement-1�
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=PE-4
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=PE-5
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=PE-6
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=PE-6#enhancement-1�
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=PE-7
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=PE-8
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=PE-8#enhancement-1�
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=PE-9
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=PE-10
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=PE-11
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=PE-11#enhancement-1�
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=PE-12
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=PE-13
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=PE-13#enhancement-3�
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=PE-14
Page 3: NIST NVD REV 4 Security Controls Online Database Analysis

NIST NVD 800 Rev4 Data Analysis

Page 3 of 4

Priority 256 100%

P3 12 4.7%

P2 36 14.1%P1 122 47.7% 137 82 44 11 93 71 49 18 20 19 14 11 7 9 2 5 1 4 3 2

P0 54 21.1% Combined Count Control Count Enhance Count Level 1 Count Level 2 Count Level 3 Count Level 4 Count Level 5 Count Level 6 Count Level 7 Count Level 8 Count(blank) 32 12.5% 124 261 343 115 159 170 9 102 173 4 53 71 3 23 42 1 15 26 1 8 17 2 7 1 5 3 2

FAMILY ID SECURITY CONTROL TITLE P Low Mod High L M H L M H L M H L M H L M H L M H L M H L M H L M H L M H L M H

PE PE-15 WATER DAMAGE PROTECTION P1 PE-15 PE-15 PE-15 (1) 1 1 2 1 1 1 1 (1)

PE PE-16 DELIVERY AND REMOVAL P2 PE-16 PE-16 PE-16 1 1 1 1 1 1

PE PE-17 ALTERNATE WORK SITE P2 PE-17 PE-17 1 1 1 1

PE PE-18 LOCATION OF INFORMATION SYSTEM COMPONENTS P3 PE-18 1 1

PE PE-19 INFORMATION LEAKAGE P0

PE PE-20 ASSET MONITORING AND TRACKING P0

PL PL-1 SECURITY PLANNING POLICY AND PROCEDURES P1 PL-1 PL-1 PL-1 1 1 1 1 1 1

PL PL-2 SYSTEM SECURITY PLAN P1 PL-2 PL-2 (3) PL-2 (3) 1 2 2 1 1 1 1 1 (3) (3)

PL PL-3 SYSTEM SECURITY PLAN UPDATE (blank)

PL PL-4 RULES OF BEHAVIOR P2 PL-4 PL-4 (1) PL-4 (1) 1 2 2 1 1 1 1 1 (1) (1)

PL PL-5 PRIVACY IMPACT ASSESSMENT (blank)

PL PL-6 SECURITY-RELATED ACTIVITY PLANNING (blank)

PL PL-7 SECURITY CONCEPT OF OPERATIONS P0

PL PL-8 INFORMATION SECURITY ARCHITECTURE P1 PL-8 PL-8 1 1 1 1

PL PL-9 CENTRAL MANAGEMENT P0

PM PM-1 INFORMATION SECURITY PROGRAM PLAN (blank)

PM PM-2 SENIOR INFORMATION SECURITY OFFICER (blank)

PM PM-3 INFORMATION SECURITY RESOURCES (blank)

PM PM-4 PLAN OF ACTION AND MILESTONES PROCESS (blank)

PM PM-5 INFORMATION SYSTEM INVENTORY (blank)

PM PM-6 INFORMATION SECURITY MEASURES OF PERFORMANCE (blank)

PM PM-7 ENTERPRISE ARCHITECTURE (blank)

PM PM-8 CRITICAL INFRASTRUCTURE PLAN (blank)

PM PM-9 RISK MANAGEMENT STRATEGY (blank)

PM PM-10 SECURITY AUTHORIZATION PROCESS (blank)

PM PM-11 MISSION/BUSINESS PROCESS DEFINITION (blank)

PM PM-12 INSIDER THREAT PROGRAM (blank)

PM PM-13 INFORMATION SECURITY WORKFORCE (blank)

PM PM-14 TESTING, TRAINING, AND MONITORING (blank)

PM PM-15 CONTACTS WITH SECURITY GROUPS AND ASSOCIATIONS (blank)

PM PM-16 THREAT AWARENESS PROGRAM (blank)

PS PS-1 PERSONNEL SECURITY POLICY AND PROCEDURES P1 PS-1 PS-1 PS-1 1 1 1 1 1 1

PS PS-2 POSITION RISK DESIGNATION P1 PS-2 PS-2 PS-2 1 1 1 1 1 1

PS PS-3 PERSONNEL SCREENING P1 PS-3 PS-3 PS-3 1 1 1 1 1 1

PS PS-4 PERSONNEL TERMINATION P1 PS-4 PS-4 PS-4 (2) 1 1 2 1 1 1 1 (2)

PS PS-5 PERSONNEL TRANSFER P2 PS-5 PS-5 PS-5 1 1 1 1 1 1

PS PS-6 ACCESS AGREEMENTS P3 PS-6 PS-6 PS-6 1 1 1 1 1 1

PS PS-7 THIRD-PARTY PERSONNEL SECURITY P1 PS-7 PS-7 PS-7 1 1 1 1 1 1

PS PS-8 PERSONNEL SANCTIONS P3 PS-8 PS-8 PS-8 1 1 1 1 1 1

RA RA-1 RISK ASSESSMENT POLICY AND PROCEDURES P1 RA-1 RA-1 RA-1 1 1 1 1 1 1

RA RA-2 SECURITY CATEGORIZATION P1 RA-2 RA-2 RA-2 1 1 1 1 1 1

RA RA-3 RISK ASSESSMENT P1 RA-3 RA-3 RA-3 1 1 1 1 1 1

RA RA-4 RISK ASSESSMENT UPDATE (blank)

RA RA-5 VULNERABILITY SCANNING P1 RA-5 RA-5 (1) (2) (5) RA-5 (1) (2) (4) (5) 1 4 5 1 1 1 3 4 (1) (1) (2) (2) (5) (4) (5)

RA RA-6 TECHNICAL SURVEILLANCE COUNTERMEASURES SURVEY P0

SA SA-1 SYSTEM AND SERVICES ACQUISITION POLICY AND PROCEDURES P1 SA-1 SA-1 SA-1 1 1 1 1 1 1

SA SA-2 ALLOCATION OF RESOURCES P1 SA-2 SA-2 SA-2 1 1 1 1 1 1

SA SA-3 SYSTEM DEVELOPMENT LIFE CYCLE P1 SA-3 SA-3 SA-3 1 1 1 1 1 1

SA SA-4 ACQUISITION PROCESS P1 SA-4 (10) SA-4 (1) (2) (9) (10) SA-4 (1) (2) (9) (10) 2 5 5 1 1 1 1 4 4 (10) (1) (1) (2) (2) (9) (9) (10) (10)

SA SA-5 INFORMATION SYSTEM DOCUMENTATION P2 SA-5 SA-5 SA-5 1 1 1 1 1 1

SA SA-6 SOFTWARE USAGE RESTRICTIONS (blank)

SA SA-7 USER-INSTALLED SOFTWARE (blank)

SA SA-8 SECURITY ENGINEERING PRINCIPLES P1 SA-8 SA-8 1 1 1 1

SA SA-9 EXTERNAL INFORMATION SYSTEM SERVICES P1 SA-9 SA-9 (2) SA-9 (2) 1 2 2 1 1 1 1 1 (2) (2)

SA SA-10 DEVELOPER CONFIGURATION MANAGEMENT P1 SA-10 SA-10 1 1 1 1

SA SA-11 DEVELOPER SECURITY TESTING AND EVALUATION P1 SA-11 SA-11 1 1 1 1

SA SA-12 SUPPLY CHAIN PROTECTION P1 SA-12 1 1

SA SA-13 TRUSTWORTHINESS P0

SA SA-14 CRITICALITY ANALYSIS P0

SA SA-15 DEVELOPMENT PROCESS, STANDARDS, AND TOOLS P2 SA-15 1 1

SA SA-16 DEVELOPER-PROVIDED TRAINING P2 SA-16 1 1

SA SA-17 DEVELOPER SECURITY ARCHITECTURE AND DESIGN P1 SA-17 1 1

SA SA-18 TAMPER RESISTANCE AND DETECTION P0

SA SA-19 COMPONENT AUTHENTICITY P0

http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=PE-15
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=PE-15#enhancement-1�
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=PE-16
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=PE-17
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=PE-18
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=PE-19
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=PE-20
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=PL-1
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=PL-2
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=PL-2#enhancement-3�
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=PL-2#enhancement-3�
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=PL-3
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=PL-4
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=PL-4#enhancement-1�
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=PL-4#enhancement-1�
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=PL-5
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=PL-6
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=PL-7
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=PL-8
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=PL-9
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=PM-1
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=PM-2
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=PM-3
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=PM-4
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=PM-5
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=PM-6
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=PM-7
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=PM-8
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=PM-9
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=PM-10
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=PM-11
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=PM-12
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=PM-13
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=PM-14
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=PM-15
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=PM-16
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=PS-1
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=PS-2
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=PS-3
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=PS-4
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=PS-4#enhancement-2�
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=PS-5
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=PS-6
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=PS-7
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=PS-8
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=RA-1
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=RA-2
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=RA-3
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=RA-4
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=RA-5
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=RA-6
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=SA-1
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=SA-2
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=SA-3
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=SA-4
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=SA-5
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=SA-6
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=SA-7
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=SA-8
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=SA-9
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=SA-9#enhancement-2�
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=SA-9#enhancement-2�
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=SA-10
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=SA-11
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=SA-12
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=SA-13
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=SA-14
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=SA-15
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=SA-16
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=SA-17
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=SA-18
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=SA-19
Page 4: NIST NVD REV 4 Security Controls Online Database Analysis

NIST NVD 800 Rev4 Data Analysis

Page 4 of 4

Priority 256 100%

P3 12 4.7%

P2 36 14.1%P1 122 47.7% 137 82 44 11 93 71 49 18 20 19 14 11 7 9 2 5 1 4 3 2

P0 54 21.1% Combined Count Control Count Enhance Count Level 1 Count Level 2 Count Level 3 Count Level 4 Count Level 5 Count Level 6 Count Level 7 Count Level 8 Count(blank) 32 12.5% 124 261 343 115 159 170 9 102 173 4 53 71 3 23 42 1 15 26 1 8 17 2 7 1 5 3 2

FAMILY ID SECURITY CONTROL TITLE P Low Mod High L M H L M H L M H L M H L M H L M H L M H L M H L M H L M H L M H

SA SA-20 CUSTOMIZED DEVELOPMENT OF CRITICAL COMPONENTS P0

SA SA-21 DEVELOPER SCREENING P0

SA SA-22 UNSUPPORTED SYSTEM COMPONENTS P0

SC SC-1 SYSTEM AND COMMUNICATIONS PROTECTION POLICY AND PROCEDURES P1 SC-1 SC-1 SC-1 1 1 1 1 1 1

SC SC-2 APPLICATION PARTITIONING P1 SC-2 SC-2 1 1 1 1

SC SC-3 SECURITY FUNCTION ISOLATION P1 SC-3 1 1

SC SC-4 INFORMATION IN SHARED RESOURCES P1 SC-4 SC-4 1 1 1 1

SC SC-5 DENIAL OF SERVICE PROTECTION P1 SC-5 SC-5 SC-5 1 1 1 1 1 1

SC SC-6 RESOURCE AVAILABILITY P0

SC SC-7 BOUNDARY PROTECTION P1 SC-7 SC-7 (3) (4) (5) (7) SC-7 (3) (4) (5) (7) (8) (18) (21) 1 5 8 1 1 1 4 7 (3) (3) (4) (4) (5) (5) (7) (7) (8) (18) (21)

SC SC-8 TRANSMISSION CONFIDENTIALITY AND INTEGRITY P1 SC-8 (1) SC-8 (1) 2 2 1 1 1 1 (1) (1)

SC SC-9 TRANSMISSION CONFIDENTIALITY (blank)

SC SC-10 NETWORK DISCONNECT P2 SC-10 SC-10 1 1 1 1

SC SC-11 TRUSTED PATH P0

SC SC-12 CRYPTOGRAPHIC KEY ESTABLISHMENT AND MANAGEMENT P1 SC-12 SC-12 SC-12 (1) 1 1 2 1 1 1 1 (1)

SC SC-13 CRYPTOGRAPHIC PROTECTION P1 SC-13 SC-13 SC-13 1 1 1 1 1 1

SC SC-14 PUBLIC ACCESS PROTECTIONS (blank)

SC SC-15 COLLABORATIVE COMPUTING DEVICES P1 SC-15 SC-15 SC-15 1 1 1 1 1 1

SC SC-16 TRANSMISSION OF SECURITY ATTRIBUTES P0

SC SC-17 PUBLIC KEY INFRASTRUCTURE CERTIFICATES P1 SC-17 SC-17 1 1 1 1

SC SC-18 MOBILE CODE P2 SC-18 SC-18 1 1 1 1

SC SC-19 VOICE OVER INTERNET PROTOCOL P1 SC-19 SC-19 1 1 1 1

SC SC-20 SECURE NAME / ADDRESS RESOLUTION SERVICE (AUTHORITATIVE SOURCE) P1 SC-20 SC-20 SC-20 1 1 1 1 1 1

SC SC-21 SECURE NAME / ADDRESS RESOLUTION SERVICE (RECURSIVE OR CACHING RESOLVER) P1 SC-21 SC-21 SC-21 1 1 1 1 1 1

SC SC-22 ARCHITECTURE AND PROVISIONING FOR NAME / ADDRESS RESOLUTION SERVICE P1 SC-22 SC-22 SC-22 1 1 1 1 1 1

SC SC-23 SESSION AUTHENTICITY P1 SC-23 SC-23 1 1 1 1

SC SC-24 FAIL IN KNOWN STATE P1 SC-24 1 1

SC SC-25 THIN NODES P0

SC SC-26 HONEYPOTS P0

SC SC-27 PLATFORM-INDEPENDENT APPLICATIONS P0

SC SC-28 PROTECTION OF INFORMATION AT REST P1 SC-28 SC-28 1 1 1 1

SC SC-29 HETEROGENEITY P0

SC SC-30 CONCEALMENT AND MISDIRECTION P0

SC SC-31 COVERT CHANNEL ANALYSIS P0

SC SC-32 INFORMATION SYSTEM PARTITIONING P0

SC SC-33 TRANSMISSION PREPARATION INTEGRITY (blank)

SC SC-34 NON-MODIFIABLE EXECUTABLE PROGRAMS P0

SC SC-35 HONEYCLIENTS P0

SC SC-36 DISTRIBUTED PROCESSING AND STORAGE P0

SC SC-37 OUT-OF-BAND CHANNELS P0

SC SC-38 OPERATIONS SECURITY P0

SC SC-39 PROCESS ISOLATION P1 SC-39 SC-39 SC-39 1 1 1 1 1 1

SC SC-40 WIRELESS LINK PROTECTION P0

SC SC-41 PORT AND I/O DEVICE ACCESS P0

SC SC-42 SENSOR CAPABILITY AND DATA P0

SC SC-43 USAGE RESTRICTIONS P0

SC SC-44 DETONATION CHAMBERS P0

SI SI-1 SYSTEM AND INFORMATION INTEGRITY POLICY AND PROCEDURES P1 SI-1 SI-1 SI-1 1 1 1 1 1 1

SI SI-2 FLAW REMEDIATION P1 SI-2 SI-2 (2) SI-2 (1) (2) 1 2 3 1 1 1 1 2 (2) (1) (2)

SI SI-3 MALICIOUS CODE PROTECTION P1 SI-3 SI-3 (1) (2) SI-3 (1) (2) 1 3 3 1 1 1 2 2 (1) (1) (2) (2)

SI SI-4 INFORMATION SYSTEM MONITORING P1 SI-4 SI-4 (2) (4) (5) SI-4 (2) (4) (5) 1 4 4 1 1 1 3 3 (2) (2) (4) (4) (5) (5)

SI SI-5 SECURITY ALERTS, ADVISORIES, AND DIRECTIVES P1 SI-5 SI-5 SI-5 (1) 1 1 2 1 1 1 1 (1)

SI SI-6 SECURITY FUNCTION VERIFICATION P1 SI-6 1 1

SI SI-7 SOFTWARE, FIRMWARE, AND INFORMATION INTEGRITY P1 SI-7 (1) (7) SI-7 (1) (2) (5) (7) (14) 3 6 1 1 2 5 (1) (1) (7) (2) (5) (7) (14)

SI SI-8 SPAM PROTECTION P2 SI-8 (1) (2) SI-8 (1) (2) 3 3 1 1 2 2 (1) (1) (2) (2)

SI SI-9 INFORMATION INPUT RESTRICTIONS (blank)

SI SI-10 INFORMATION INPUT VALIDATION P1 SI-10 SI-10 1 1 1 1

SI SI-11 ERROR HANDLING P2 SI-11 SI-11 1 1 1 1

SI SI-12 INFORMATION HANDLING AND RETENTION P2 SI-12 SI-12 SI-12 1 1 1 1 1 1

SI SI-13 PREDICTABLE FAILURE PREVENTION P0

SI SI-14 NON-PERSISTENCE P0

SI SI-15 INFORMATION OUTPUT FILTERING P0

SI SI-16 MEMORY PROTECTION P1 SI-16 SI-16 1 1 1 1

SI SI-17 FAIL-SAFE PROCEDURES P0

http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=SA-20
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=SA-21
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=SA-22
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=SC-1
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=SC-2
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=SC-3
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=SC-4
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=SC-5
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=SC-6
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=SC-7
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=SC-8
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=SC-8#enhancement-1�
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=SC-8#enhancement-1�
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=SC-9
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=SC-10
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=SC-11
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=SC-12
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=SC-12#enhancement-1�
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=SC-13
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=SC-14
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=SC-15
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=SC-16
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=SC-17
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=SC-18
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=SC-19
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=SC-20
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=SC-21
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=SC-22
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=SC-23
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=SC-24
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=SC-25
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=SC-26
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=SC-27
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=SC-28
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=SC-29
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=SC-30
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=SC-31
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=SC-32
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=SC-33
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=SC-34
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=SC-35
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=SC-36
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=SC-37
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=SC-38
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=SC-39
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=SC-40
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=SC-41
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=SC-42
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=SC-43
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=SC-44
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=SI-1
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=SI-2
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=SI-2#enhancement-2�
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=SI-3
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=SI-4
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=SI-5
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=SI-5#enhancement-1�
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=SI-6
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=SI-7
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=SI-8
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=SI-9
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=SI-10
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=SI-11
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=SI-12
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=SI-13
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=SI-14
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=SI-15
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=SI-16
http://web.nvd.nist.gov/view/800-53/Rev4/control?controlName=SI-17

Are Your Auditors and NIST Security Configuration Controls ... · Are Your Auditors and NIST Security Configuration Controls Driving You Crazy? Configuration Manager Implementation

NIST SP 800 53r4 Controls

Generic Manual 230x163 - NVD

Manual Nvd 3000 e Nvd 3000 p Portugues 03-14 Site

Standardized Architecture for NIST High-Impact · PDF fileAWS Enterprise Accelerator – Compliance. Standardized Architecture for . NIST High-Impact Controls . on the AWS Cloud. Featuring

NVD Fundraising Event

Datasheet A4 NVD 7132

The NARA Rule and NIST SP 800-171 · 2018-03-21 · • 50+ security controls from NIST SP 800-53 ... requirements, taken from NIST SP 800-53’s security controls 20. Requirements

NIST CYBERSECURITY PRACTICE GUIDE HEALTH IT … · NIST CYBERSECURITY PRACTICE GUIDE HEALTH IT SECURING ELECTRONIC HEALTH RECORDS ON MOBILE DEVICES . Standards and Controls Mapping

NIST 800-53 Controls

NIST SP 800-53 Revision 4 Privacy Controls: DHS

NVA-1143: NetApp HCI NIST Security Controls for FISMA · NetApp HCI - NIST Security Controls for FISMA with HyTrust for Multitenant Infrastructure NVA Design and Deployment Arvind

Assignment nvd (5)

Are Your Auditors and NIST Security Configuration Controls ... · Insert Custom Session QR if Desired. Are Your Auditors and NIST Security Configuration Controls Driving You Crazy?

Presentatie NVD Social Media

Semantic Web Implementation Scheme for National ...cs.utdallas.edu/semanticweb/NIST-NVD/Tech-Rep-NIST-NVD.pdf · overview of Jena [5, 6] (java framework for developing semantic web

NIST Special Publication 800-53 - ACSAC 2017 · PDF fileA Framework for All Seasons • Many of the NIST SP 800-53 Security Controls correspond with the required controls of: – ISO

Cybersecurity and Communications Based Train Control CBTC... · Cybersecurity and Communications Based Train ... NIST 800-53 r4 NIST 800-53 r4 Controls and Control Enhancements

Security and Privacy Controls for Federal Information ...everyspec.com/NIST/NIST-General/download.php?spec=NIST_SP_80… · system in accordance with FIPS Publication 199, Standards

Presentatie Nvd Social Media2

Crisma Nvd Fmlrgn

WORK!ENVIRONMENT!RISK! AND!CONTROLS€¦ · elementib10! work!environment!risk! and!controls nist institute pvt ltd coa

NVD jaarverslag 2015 definitief

Navigating Unclassified Information System …...Replacing NIST SP 800-53 based controls with NIST SP 800-171 NIST SP 800-171 Requirement NIST SP 800-53 Requirement (from DFARS Table

CYA with NIST (National Institute of Standards and Technology) …€¦ · NVD: National Vulnerability Database NCP: National Checklist program Terminology . Access Control FIPS 200

NIST SP 800-53 Security Controls Reference

NIST and DISA SCAP Adoption and Integration - NVD and DISA SCAP Adoption and Integration NIST National Vulnerability Database DISA Vulnerability Management System Presented by: Peter

Nvd social media_290311

An Overview of the NIST 800-160 System Security ... · © 2014 LOCKHEED MARTIN CORPORATION Overview • Introduction • Security Controls − NIST SP800-53 • Security Requirements

Cyber Resiliency and NIST Special Publication 800-53 Rev.4 Controls

NVD-35 IP Video DecoderNetwork Video Decoder NVD-35 7 Product Overview The Datavideo NVD-35 is a wired IP video decoder with SDI, Composite and analogue audio outputs. The NVD-35 decodes

EXHIBIT 1 - nvd

(2) map csc 5 to nist sp 800 53 rev 4 (controls & enhancements) 20140804

NVD Report , 2016 - SVEEP

The New NIST/DHS Security Controls for z Systems€¦ ·  · 2015-08-05The New NIST/DHS Security Controls for z Systems Presented by Brian Marshall, ... (hosted by NIST and DHS)