| 2 |
|
Account Management |
X |
X |
X |
X |
X |
X |
|
|
|
f7a19ea3-6de5-4472-9c41-0aa55474fc45 |
| 3 |
|
Account Management | Automated System Account Management |
|
X |
X |
|
X |
X |
|
|
|
0c146fa9-395f-4cb1-9cf9-3f0ccf8437e1 |
| 4 |
|
Account Management | Removal Of Temporary / Emergency Accounts |
|
X |
X |
|
X |
X |
|
|
|
3ccca54a-25f8-43b9-af81-da34e73966fb |
| 5 |
|
Account Management | Disable Inactive Accounts |
|
X |
X |
|
X |
X |
|
|
|
f1bdd4d8-aa0b-47ee-8108-4af828ae4a59 |
| 6 |
|
Account Management | Automated Audit Actions |
X |
X |
X |
X |
X |
X |
|
|
|
77edfae3-5e06-4ea3-90d1-a00c19770516 |
| 7 |
|
Account Management | Inactivity Logout |
X |
X |
X |
X |
X |
X |
X |
X |
X |
eac60ab4-90c7-4f82-9206-4aeef469b01d |
| 9 |
|
Account Management | Role-Based Schemes |
X |
X |
X |
X |
X |
X |
|
|
|
49d8a8cf-c022-4e57-b082-70ae625d2f46 |
| 744 |
|
Collaborative Computing Devices | Blocking Inbound / Outbound Communications Traffic |
|
|
|
|
|
|
|
|
|
450beb5b-ecd1-4ade-9d4a-fb28b8a26ba7 |
| 11 |
|
Account Management | Restrictions On Use Of Shared / Group Accounts |
X |
X |
X |
X |
X |
X |
|
|
|
65ae5e7c-84ba-4adb-bdba-b2a31d8bbc32 |
| 12 |
|
Account Management | Shared / Group Account Credential Termination |
X |
X |
X |
X |
X |
X |
|
|
|
7ebe3ce6-2e65-4ddf-afdf-c200a47211b4 |
| 13 |
|
Account Management | Usage Conditions |
|
|
X |
|
|
X |
|
|
|
47f6d872-d2d9-4a36-97e4-2c55b1d437c8 |
| 14 |
|
Account Management | Account Monitoring / Atypical Usage |
X |
X |
X |
X |
X |
X |
|
|
|
2927001f-793b-4e24-a502-f8d2c42bcaad |
| 16 |
|
Access Enforcement |
X |
X |
X |
X |
X |
X |
|
|
|
667ab3a1-cd45-4275-b6e5-92b7aaabb473 |
| 17 |
|
Access Enforcement | Restricted Access To Privileged Functions |
|
|
|
|
|
|
|
|
|
4df7991a-4a5a-4493-8225-8d14554a8fd1 |
| 18 |
|
Access Enforcement | Dual Authorization |
|
|
|
|
|
|
|
|
|
b0f4d5c0-36ff-4b10-b28c-c576062c8f71 |
| 45 |
|
Information Flow Enforcement | Security Attribute Binding |
|
|
|
|
|
|
|
|
|
1c6a7472-72c4-455c-8af9-158de91bed57 |
| 21 |
|
Access Enforcement | Security-Relevant Information |
|
|
|
|
|
|
|
|
|
850e76e9-5fef-41b0-838f-982934d8d91c |
| 22 |
|
Access Enforcement | Protection Of User And System Information |
|
|
|
|
|
|
|
|
|
084275ba-6334-4837-9136-817d2202932b |
| 23 |
|
Access Enforcement | Role-Based Access Control |
|
|
|
|
|
|
|
|
|
a7c41138-f6fd-4db5-a173-ca069ae914e6 |
| 24 |
|
Access Enforcement | Revocation Of Access Authorizations |
|
|
|
|
|
|
|
|
|
afaf423d-308b-40b0-b8fa-575c920008f8 |
| 26 |
|
Access Enforcement | Audited Override Of Access Control Mechanisms |
|
|
|
|
|
|
|
|
|
65eb59bc-b594-450b-a1f0-f488e5464d78 |
| 55 |
|
Least Privilege | Separate Processing Domains |
|
|
|
|
|
|
|
|
|
f3498ef3-33cb-4b14-bf6a-dd3f6cb34ff5 |
| 28 |
|
Information Flow Enforcement | Object Security Attributes |
|
|
|
|
|
|
|
|
|
c7fdda5c-a239-4245-8a99-1747dd1257b9 |
| 30 |
|
Information Flow Enforcement | Dynamic Information Flow Control |
|
|
|
|
|
|
|
|
|
e68befec-8a6d-44f8-8511-8c6e0fd602de |
| 31 |
|
Information Flow Enforcement | Content Check Encrypted Information |
|
|
|
|
|
|
|
|
|
82d33132-9a2a-4279-b4ca-c95d41b40f5b |
| 32 |
|
Information Flow Enforcement | Embedded Data Types |
|
|
|
|
|
|
|
|
|
4dd2982a-34c2-44a3-8c38-d6b54e799af8 |
| 33 |
|
Information Flow Enforcement | Metadata |
|
|
|
|
|
|
|
|
|
70c2e758-dcb2-4ec7-887a-6607df94054d |
| 34 |
|
Information Flow Enforcement | One-Way Flow Mechanisms |
|
|
|
|
|
|
|
|
|
29b88961-275a-4b21-80be-72a03681971f |
| 767 |
|
Session Authenticity | Unique Session Identifiers With Randomization |
|
|
|
|
|
|
|
|
|
db8a64ec-7204-4d06-9f4a-0234bce59afe |
| 36 |
|
Information Flow Enforcement | Human Reviews |
|
|
|
|
|
|
|
|
|
686da7a6-962d-412e-8841-8784f7aa429c |
| 37 |
|
Information Flow Enforcement | Enable / Disable Security Policy Filters |
|
|
|
|
|
|
|
|
|
04f7c7f4-8678-4323-9482-84439d628391 |
| 38 |
|
Information Flow Enforcement | Configuration Of Security Policy Filters |
|
|
|
|
|
|
|
|
|
05b2873e-95e3-4f7f-a516-98cedc7fcffe |
| 39 |
|
Information Flow Enforcement | Data Type Identifiers |
|
|
|
|
|
|
|
|
|
e40ed738-42a3-4b27-b018-580fdbe6e2c4 |
| 40 |
|
Information Flow Enforcement | Decomposition Into Policy-Relevant Subcomponents |
|
|
|
|
|
|
|
|
|
9fbc11b1-3c8e-4ebf-ae74-fb2c5ec25eb4 |
| 41 |
|
Information Flow Enforcement | Security Policy Filter Constraints |
|
|
|
|
|
|
|
|
|
88056a17-ab6a-4df3-8879-211b02f39c97 |
| 42 |
|
Information Flow Enforcement | Detection Of Unsanctioned Information |
|
|
|
|
|
|
|
|
|
4aebf04e-c211-4035-9307-e617ddd73262 |
| 43 |
|
Information Flow Enforcement | Information Transfers On Interconnected Systems |
|
|
|
|
|
|
|
|
|
fd54fca4-deeb-429c-a8c9-5afeb53dd815 |
| 44 |
|
Information Flow Enforcement | Domain Authentication |
|
|
|
|
|
|
|
|
|
6bfb1ab4-ab72-4cf7-b557-eeb5ba777958 |
| 47 |
|
Information Flow Enforcement | Approved Solutions |
|
|
|
|
|
|
|
|
|
53afb398-eb3f-4ec6-84a8-483d93c9dd2d |
| 48 |
|
Information Flow Enforcement | Physical / Logical Separation Of Information Flows |
|
|
|
|
|
|
|
|
|
29001b9d-4050-4fe7-9365-cfaa8b649d5b |
| 49 |
|
Information Flow Enforcement | Access Only |
|
|
|
|
|
|
|
|
|
7ac10a97-f507-40ca-b401-bd4790171dee |
| 51 |
|
Least Privilege |
X |
X |
X |
X |
X |
X |
|
|
|
a774d875-690a-4cf0-bc29-d004057e9fe5 |
| 53 |
|
Least Privilege | Non-Privileged Access For Nonsecurity Functions |
X |
X |
X |
X |
X |
X |
|
|
|
383b2a31-cff7-4636-9e6d-d9ee7d10896e |
| 54 |
|
Least Privilege | Network Access To Privileged Commands |
|
|
X |
|
|
X |
|
|
|
f8342e43-365a-4057-9c0e-b8aeb82bf8c1 |
| 342 |
|
Identification And Authentication (Organizational Users) | Network Access To Non-Privileged Accounts - Separate Device |
|
|
|
|
|
|
|
|
|
d34d2b26-0e37-4927-9908-8b3bbcdab3bb |
| 57 |
|
Least Privilege | Privileged Access By Non-Organizational Users |
|
|
|
|
|
|
|
|
|
eededcd9-d89c-4d06-af99-0c39a435085d |
| 58 |
|
Least Privilege | Review Of User Privileges |
X |
X |
X |
X |
X |
X |
|
|
|
4dc3d32a-8341-4836-9c1f-9ca6c91d103c |
| 59 |
|
Least Privilege | Privilege Levels For Code Execution |
X |
X |
X |
X |
X |
X |
|
|
|
09c899a5-9c23-4070-a7af-f43a10d97f26 |
| 60 |
|
Least Privilege | Auditing Use Of Privileged Functions |
X |
X |
X |
X |
X |
X |
|
|
|
e06fc6ee-c4a3-4e99-875a-349c53f0f744 |
| 61 |
|
Least Privilege | Prohibit Non-Privileged Users From Executing Privileged Functions |
X |
X |
X |
X |
X |
X |
|
|
|
b09dce33-626a-4e9f-9d71-77eadaf858e7 |
| 63 |
|
Unsuccessful Logon Attempts | Automatic Account Lock |
|
|
|
|
|
|
|
|
|
32a66baf-d193-4f9f-9392-4b114280d2e8 |
| 64 |
|
Unsuccessful Logon Attempts | Purge / Wipe Mobile Device |
|
|
|
|
|
|
|
|
|
1f69ca50-a11d-4661-b866-f33e59b05f77 |
| 66 |
|
Previous Logon (Access) Notification |
|
|
|
|
|
|
|
|
|
907c976e-4f6f-4075-9595-0da3b453c798 |
| 67 |
|
Previous Logon (Access) Notification | Unsuccessful Logons |
|
|
|
|
|
|
|
|
|
646a18fc-6dbf-4e93-bd4b-10a035affa8b |
| 68 |
|
Previous Logon (Access) Notification | Successful / Unsuccessful Logons |
|
|
|
|
|
|
|
|
|
4b6e56ce-c927-41d1-b5c4-2026a7dc1535 |
| 69 |
|
Previous Logon (Access) Notification | Notification Of Account Changes |
|
|
|
|
|
|
|
|
|
1f995947-f103-4c33-a4b2-dc51b6c4c50e |
| 70 |
|
Previous Logon (Access) Notification | Additional Logon Information |
|
|
|
|
|
|
|
|
|
0c14e7a2-f650-4ca3-b6e2-af7667251022 |
| 71 |
|
Concurrent Session Control |
|
X |
X |
|
X |
X |
|
X |
X |
a48caae8-a214-4065-82ef-88b2ebe4199d |
| 72 |
|
Session Lock |
X |
X |
X |
X |
X |
X |
|
|
|
a46eb4b4-52dd-4ad8-9ddb-8cda530106fe |
| 73 |
|
Session Lock | Pattern-Hiding Displays |
X |
X |
X |
|
|
|
|
|
|
aec0dc76-a3a6-41e3-92a9-428ad9b5ad36 |
| 76 |
|
Supervision And Review - Access Control |
|
|
|
|
|
|
|
|
|
2f94a4e5-46ae-44a7-a77b-dd37e48568ff |
| 78 |
|
Permitted Actions Without Identification Or Authentication | Necessary Uses |
|
|
|
|
|
|
|
|
|
432b9f29-96de-48ac-83cb-e3528d2ff722 |
| 79 |
|
Automated Marking |
|
|
|
|
|
|
|
|
|
fecbf35c-a845-4283-8ac3-25f9347b13e2 |
| 80 |
|
Security Attributes |
|
X |
X |
|
X |
X |
|
|
|
efade5f8-0597-470f-bf4b-7a2cea902965 |
| 81 |
|
Security Attributes | Dynamic Attribute Association |
|
|
|
|
|
|
|
|
|
23ae03b6-e869-43af-9cfe-0c72e0c86073 |
| 82 |
|
Security Attributes | Attribute Value Changes By Authorized Individuals |
|
|
|
|
|
|
|
|
|
de582117-2f65-4d9a-bf6e-ecdcde258c72 |
| 83 |
|
Security Attributes | Maintenance Of Attribute Associations By Information System |
|
|
|
|
|
|
|
|
|
6ef68afa-aa1a-4f01-9dd3-9144e8b56ddb |
| 84 |
|
Security Attributes | Association Of Attributes By Authorized Individuals |
|
|
|
|
|
|
|
|
|
2dac748c-bada-4569-ad87-e7240124dffa |
| 85 |
|
Security Attributes | Attribute Displays For Output Devices |
|
|
|
|
|
|
|
|
|
a609bb3d-dd9e-4b01-911c-414c6d36aa49 |
| 86 |
|
Security Attributes | Maintenance Of Attribute Association By Organization |
|
X |
X |
|
X |
X |
|
|
|
c4f31422-6c20-48a8-a695-9fc42b4340d0 |
| 99 |
|
Remote Access | Disable Nonsecure Network Protocols |
|
|
|
|
|
|
|
|
|
d197b568-091e-478f-8d45-793078c0370b |
| 351 |
|
Device Identification And Authentication | Cryptographic Bidirectional Network Authentication |
|
|
|
|
|
|
|
|
|
2da49782-96cd-4c4a-8209-b987443c0afb |
| 89 |
|
Security Attributes | Attribute Reassignment |
|
|
|
|
|
|
|
|
|
7f6e11f5-1d2c-42fb-a7b8-7031cce0b64a |
| 90 |
|
Security Attributes | Attribute Configuration By Authorized Individuals |
|
|
|
|
|
|
|
|
|
bf09e28c-aaa1-43bf-a71d-ed0fb065b7ff |
| 92 |
|
Remote Access | Automated Monitoring / Control |
X |
X |
X |
X |
X |
X |
|
|
|
6f1d69d5-e785-4c8d-8a16-879521dc60f3 |
| 93 |
|
Remote Access | Protection Of Confidentiality / Integrity Using Encryption |
X |
X |
X |
X |
X |
X |
|
|
|
96375f9a-3aee-4f93-aba4-f8b85e65c2c8 |
| 94 |
|
Remote Access | Managed Access Control Points |
X |
X |
X |
X |
X |
X |
|
|
|
7e0e06c2-6395-49c7-945c-a8b8e37c3697 |
| 95 |
|
Remote Access | Privileged Commands / Access |
X |
X |
X |
X |
X |
X |
|
|
|
d2b2eb5a-1322-46e5-8cb4-8f4186a602da |
| 96 |
|
Remote Access | Monitoring For Unauthorized Connections |
|
|
|
|
|
|
|
|
|
edacd8af-eb8e-4d1c-9bb5-7ff1e116ef3b |
| 97 |
|
Remote Access | Protection Of Information |
X |
X |
X |
|
|
|
|
|
|
064c6a7d-38f0-442a-94b9-c19f1aa883b5 |
| 98 |
|
Remote Access | Additional Protection For Security Function Access |
|
|
|
|
|
|
|
|
|
d0cb5c83-be46-46e1-b627-59e104abd35a |
| 101 |
|
Wireless Access |
X |
X |
X |
X |
X |
X |
|
|
|
9cce6130-aa6a-4c94-8786-07c8bb8b6dbe |
| 102 |
|
Wireless Access | Authentication And Encryption |
X |
X |
X |
X |
X |
X |
|
|
|
a8344fab-b2b2-43e2-826c-50c5dedba30e |
| 103 |
|
Wireless Access | Monitoring Unauthorized Connections |
|
|
|
|
|
|
|
|
|
5c2ec2bb-7c4e-4dfe-a35d-65e880089a24 |
| 104 |
|
Wireless Access | Disable Wireless Networking |
X |
X |
X |
X |
X |
X |
|
|
|
2f7743a8-5e6a-46d7-b2ab-3df2673e199f |
| 105 |
|
Wireless Access | Restrict Configurations By Users |
X |
X |
X |
X |
X |
X |
|
|
|
247c367b-005d-478e-8b26-3755bf72d656 |
| 107 |
|
Access Control For Mobile Devices |
X |
X |
X |
X |
X |
X |
|
|
|
79e78e9e-d644-4625-a164-0961cfff589d |
| 108 |
|
Access Control For Mobile Devices | Use Of Writable / Portable Storage Devices |
|
|
|
|
|
|
|
|
|
cc1cfcaa-de2f-49ca-a9f7-ee6ea85e86cf |
| 109 |
|
Access Control For Mobile Devices | Use Of Personally Owned Portable Storage Devices |
|
|
|
|
|
|
|
|
|
088356a4-cc0b-4a67-9a85-76322a9daaf0 |
| 110 |
|
Access Control For Mobile Devices | Use Of Portable Storage Devices With No Identifiable Owner |
|
|
|
|
|
|
|
|
|
57a48ac3-2241-44f8-adbc-8b1fc631e9c7 |
| 111 |
|
Access Control For Mobile Devices | Restrictions For Classified Information |
|
|
|
|
|
|
|
|
|
983d86b6-c542-4634-bacf-d5a7f2b4cc24 |
| 112 |
|
Access Control For Mobile Devices | Full Device / Container-Based Encryption |
|
X |
X |
|
X |
X |
|
|
|
e1274d69-c5c0-46a0-8596-186bcd97e6b7 |
| 113 |
|
Use Of External Information Systems |
X |
X |
X |
X |
X |
X |
|
|
|
e9f9a5b9-00f9-47dd-99ed-be134dc4a12a |
| 115 |
|
Use Of External Information Systems | Portable Storage Devices |
X |
X |
X |
|
|
|
|
|
|
4ac11290-c7d0-4d19-b1c5-4fc79f174db6 |
| 117 |
|
Use Of External Information Systems | Network Accessible Storage Devices |
|
|
|
|
|
|
|
|
|
37b59deb-931b-463c-b6b3-b9086c424d2b |
| 118 |
|
Information Sharing |
|
X |
X |
|
|
|
|
|
|
d5adc482-8c0d-4326-997c-f5c69c8b87ef |
| 119 |
|
Information Sharing | Automated Decision Support |
|
|
|
|
|
|
|
|
|
d55463ba-f1b2-4cd1-8d48-0afbb247593b |
| 120 |
|
Information Sharing | Information Search And Retrieval |
|
|
|
|
|
|
|
|
|
48025110-d800-41af-9000-530ad5c2f2da |
| 121 |
|
Publicly Accessible Content |
X |
X |
X |
|
|
|
|
|
|
6316d062-0b4f-4e06-b78d-31f73601fea4 |
| 197 |
|
Alternate Audit Capability |
|
|
|
|
|
|
|
|
|
ea4b72f1-6080-4f14-be6a-0432627eeb7a |
| 123 |
|
Access Control Decisions |
|
|
|
|
|
|
|
|
|
e38c14eb-a13d-46f8-aed5-9fbb5fb903fd |
| 124 |
|
Access Control Decisions | Transmit Access Authorization Information |
|
|
|
|
|
|
|
|
|
c5f555da-4c65-4640-88a2-284f7491bec6 |
| 125 |
|
Access Control Decisions | No User Or Process Identity |
|
|
|
|
|
|
|
|
|
cff57fd3-b20b-4f7d-a69d-ae18c1e1dbb1 |
| 133 |
|
Role-Based Security Training | Physical Security Controls |
X |
X |
X |
X |
X |
X |
X |
X |
X |
39284608-cb1f-49b3-ab33-de47a382961d |
| 134 |
|
Role-Based Security Training | Practical Exercises |
|
|
|
|
|
|
|
|
|
618a1249-9955-43ae-b013-d4e2b453d2ac |
| 128 |
|
Security Awareness Training |
X |
X |
X |
X |
X |
X |
X |
X |
X |
b56056df-277a-4baf-b5d1-fd8702b3d798 |
| 129 |
|
Security Awareness Training | Practical Exercises |
|
|
|
|
|
|
|
|
|
6dda0482-71a9-44cf-8ce2-70915c058cfa |
| 130 |
|
Security Awareness Training | Insider Threat |
X |
X |
X |
X |
X |
X |
X |
X |
X |
b886e8f7-4993-4a70-8b74-6ce32503b5f0 |
| 131 |
|
Role-Based Security Training |
X |
X |
X |
X |
X |
X |
X |
X |
X |
5afc836a-a22b-4054-baf1-cb05aff0ed3e |
| 132 |
|
Role-Based Security Training | Environmental Controls |
|
|
|
|
|
|
|
|
|
317b1546-98cb-4883-becd-cd413ff141ba |
| 136 |
|
Security Training Records |
X |
X |
X |
X |
X |
X |
X |
X |
X |
8f3332a3-ae07-44bf-a9f3-5b1a997f8200 |
| 137 |
|
Contacts With Security Groups And Associations |
|
|
|
|
|
|
|
|
|
ff7e5368-fbb1-4c31-82cb-a9be9f2b3762 |
| 139 |
|
Audit Events |
X |
X |
X |
X |
X |
X |
|
|
|
9b72dcc4-a436-416a-846e-25b4a8d7aba7 |
| 140 |
|
Audit Events | Compilation Of Audit Records From Multiple Sources |
|
|
|
|
|
|
|
|
|
08579a0f-8c05-4237-8e4e-7d382685bd56 |
| 141 |
|
Audit Events | Selection Of Audit Events By Component |
|
|
|
|
|
|
|
|
|
cc1d208c-a914-43e8-b3e7-16689921f09b |
| 142 |
|
Audit Events | Reviews And Updates |
X |
X |
X |
X |
X |
X |
|
|
|
494f911f-344b-4f18-b9db-68a3c68f4b35 |
| 143 |
|
Audit Events | Privileged Functions |
|
|
|
|
|
|
|
|
|
cd799bdc-9886-4b2d-a1bc-eb23ffe1b423 |
| 144 |
|
Content Of Audit Records |
X |
X |
X |
X |
X |
X |
|
|
|
beb422bb-7b13-4bac-bf37-71cf46ce5ebe |
| 193 |
|
Session Audit |
X |
X |
X |
X |
X |
X |
|
|
|
48558ca3-7aac-4b00-86f5-1acea391fb74 |
| 146 |
|
Content Of Audit Records | Centralized Management Of Planned Audit Record Content |
|
|
X |
|
|
X |
|
|
|
003bf7a4-a6d5-459d-98da-e62828361326 |
| 147 |
|
Audit Storage Capacity |
|
|
|
|
|
|
X |
X |
X |
a0b7fbd8-21f5-4fcb-9c16-f48688a85d6e |
| 148 |
|
Audit Storage Capacity | Transfer To Alternate Storage |
X |
X |
X |
X |
X |
X |
X |
X |
X |
eb40e50b-6709-48a2-acbe-8dd69bc35e80 |
| 150 |
|
Response To Audit Processing Failures | Audit Storage Capacity |
|
|
|
|
|
|
X |
X |
X |
054a2e59-0171-4e89-8937-31165a3b9e0f |
| 151 |
|
Response To Audit Processing Failures | Real-Time Alerts |
|
|
|
|
|
|
|
|
X |
8076c3e4-d572-494b-a0b4-22e4c00cdaec |
| 152 |
|
Response To Audit Processing Failures | Configurable Traffic Volume Thresholds |
|
|
|
|
|
|
|
|
|
590e9b55-55eb-462a-b313-77ac3aec1c4b |
| 153 |
|
Response To Audit Processing Failures | Shutdown On Failure |
|
|
|
|
|
|
|
|
|
dc212018-54b1-41f3-b295-4b16c321bad9 |
| 194 |
|
Session Audit | System Start-Up |
X |
X |
X |
X |
X |
X |
|
|
|
166773e2-282d-4bb1-b6be-19e280b6115a |
| 195 |
|
Session Audit | Capture/Record And Log Content |
X |
X |
X |
X |
X |
X |
|
|
|
c62fe391-be69-4085-9925-073249ac8bbb |
| 155 |
|
Audit Review, Analysis, And Reporting | Process Integration |
X |
X |
X |
X |
X |
X |
|
|
|
ac468741-89bb-47cf-bcbd-5c7999fb39f4 |
| 156 |
|
Audit Review, Analysis, And Reporting | Automated Security Alerts |
|
|
|
|
|
|
|
|
|
dd935009-3247-4b91-bf07-952d0b875636 |
| 157 |
|
Audit Review, Analysis, And Reporting | Correlate Audit Repositories |
X |
X |
X |
X |
X |
X |
|
|
|
bc546fbf-c290-48a0-a00b-2b91bf58e02c |
| 158 |
|
Audit Review, Analysis, And Reporting | Central Review And Analysis |
X |
X |
X |
X |
X |
X |
|
|
|
7ca32000-a844-4a73-8e53-2267bf5f1c49 |
| 160 |
|
Audit Review, Analysis, And Reporting | Correlation With Physical Monitoring |
|
|
X |
|
|
X |
|
|
|
435e9cf3-624c-4f3c-89a7-88a57944b262 |
| 161 |
|
Audit Review, Analysis, And Reporting | Permitted Actions |
|
|
|
|
|
|
|
|
|
b3a06639-6bd5-4e2d-b8d3-08eff887fe53 |
| 162 |
|
Audit Review, Analysis, And Reporting | Full Text Analysis Of Privileged Commands |
|
|
|
|
|
|
|
|
|
b77e0867-c7bb-4b0b-8855-ba42da989611 |
| 164 |
|
Audit Review, Analysis, And Reporting | Audit Level Adjustment |
X |
X |
X |
X |
X |
X |
|
|
|
53b174ce-202f-4e49-974f-89bcc26efade |
| 166 |
|
Audit Reduction And Report Generation | Automatic Processing |
|
X |
X |
|
X |
X |
|
|
|
8ed11bed-c90b-4d45-9774-0e20530ee280 |
| 167 |
|
Audit Reduction And Report Generation | Automatic Sort And Search |
|
|
|
|
|
|
|
|
|
d8f5390f-15bd-47fb-a08f-f2d5c162dbff |
| 169 |
|
Time Stamps | Synchronization With Authoritative Time Source |
|
|
|
X |
X |
X |
|
|
|
f7322270-e64b-4232-a262-2e028ee8ad0a |
| 170 |
|
Time Stamps | Secondary Authoritative Time Source |
|
|
|
|
|
|
|
|
|
f4205beb-eafe-4e6d-8612-9d24cc4a7e1b |
| 171 |
|
Protection Of Audit Information |
X |
X |
X |
X |
X |
X |
X |
X |
X |
021aa984-cec9-4dc1-bf09-8cdd342baa1d |
| 196 |
|
Session Audit | Remote Viewing / Listening |
X |
X |
X |
|
|
|
|
|
|
192163eb-3244-4f9c-8097-6dbea9acae5e |
| 173 |
|
Protection Of Audit Information | Audit Backup On Separate Physical Systems / Components |
|
|
|
|
|
|
|
|
X |
ec6775c7-5e77-415b-8973-b9793d74e746 |
| 174 |
|
Protection Of Audit Information | Cryptographic Protection |
|
|
|
|
|
X |
|
|
|
246498f2-4252-45ce-a7e0-a004da663563 |
| 175 |
|
Protection Of Audit Information | Access By Subset Of Privileged Users |
X |
X |
X |
X |
X |
X |
|
|
|
4c884c14-2db7-4c31-b209-62cd3676c563 |
| 176 |
|
Protection Of Audit Information | Dual Authorization |
|
|
|
|
|
|
|
|
|
9699be32-7eac-44ab-b5f0-a3ddd0710c6c |
| 177 |
|
Protection Of Audit Information | Read Only Access |
|
|
|
|
|
|
|
|
|
523c0fbd-97b6-4c91-8b88-a5de765392a7 |
| 179 |
|
Non-Repudiation | Association Of Identities |
|
|
|
|
|
|
|
|
|
f8aaa610-ce3c-43be-b596-eed502920ccb |
| 180 |
|
Non-Repudiation | Validate Binding Of Information Producer Identity |
|
|
|
|
|
|
|
|
|
6a2a3844-a229-4457-a588-f0cc7f97e2f7 |
| 181 |
|
Non-Repudiation | Chain Of Custody |
|
|
|
|
|
|
|
|
|
a3830cb5-a441-493b-a3a6-e46ac3a1585a |
| 183 |
|
Non-Repudiation | Digital Signatures |
|
|
|
|
|
|
|
|
|
6dc97314-e7ef-46cf-ac76-420c3d33b798 |
| 185 |
|
Audit Record Retention | Long-Term Retrieval Capability |
|
|
|
|
|
|
X |
X |
X |
e53a5b96-dafd-49d0-a1c6-5ace76c7e065 |
| 186 |
|
Audit Generation |
X |
X |
X |
X |
X |
X |
|
|
|
651d3158-9e8e-415c-89d2-d82f37af323a |
| 187 |
|
Audit Generation | System-Wide / Time-Correlated Audit Trail |
|
|
|
X |
X |
X |
|
|
|
059fb312-3c23-4cce-a8b1-4dfb1ca6ff35 |
| 188 |
|
Audit Generation | Standardized Formats |
|
|
|
|
|
|
|
|
|
870dc513-a632-4cf9-8d8e-cd2a453036c0 |
| 189 |
|
Audit Generation | Changes By Authorized Individuals |
X |
X |
X |
X |
X |
X |
|
|
|
42b1e771-3ea4-4bde-8d66-7038d3d0c46f |
| 190 |
|
Monitoring For Information Disclosure |
|
|
|
|
|
|
|
|
|
acf750db-de66-4b8e-b7a1-1a8ef3a61537 |
| 191 |
|
Monitoring For Information Disclosure | Use Of Automated Tools |
|
|
|
|
|
|
|
|
|
1cbec643-53c6-42ac-8f10-01822f2a9900 |
| 192 |
|
Monitoring For Information Disclosure | Review Of Monitored Sites |
|
|
|
|
|
|
|
|
|
b62a30ab-9d79-4527-8451-2ff1e337805c |
| 490 |
|
Physical Access Control | Continuous Guards / Alarms / Monitoring |
|
|
|
|
|
|
|
|
|
82d42ada-10f1-476e-b4e0-c05cdb265a13 |
| 199 |
|
Cross-Organizational Auditing | Identity Preservation |
|
|
|
|
|
|
|
|
|
07aedef0-0d55-4601-9c5f-7e049bfaa8cc |
| 200 |
|
Cross-Organizational Auditing | Sharing Of Audit Information |
|
|
|
|
|
|
|
|
|
17668e2d-96b6-4a35-aad3-caf6786708a3 |
| 202 |
|
Security Assessments |
X |
X |
X |
X |
X |
X |
X |
X |
X |
e33538aa-1a92-492f-bafb-ca0d792f68c9 |
| 203 |
|
Security Assessments | Independent Assessors |
X |
X |
X |
X |
X |
X |
X |
X |
X |
78f9d034-b112-4753-b1f0-34dc17d6e0b1 |
| 240 |
|
Configuration Change Control | Cryptography Management |
|
|
|
X |
X |
X |
|
|
|
8c91fd2b-b9ec-48ef-a62a-dcf9316dd450 |
| 205 |
|
Security Assessments | External Organizations |
|
|
|
|
|
|
|
|
|
d00ba67b-44bc-4227-96ab-849f79cba51a |
| 207 |
|
System Interconnections | Unclassified National Security System Connections |
X |
X |
X |
|
|
|
|
|
|
f2d126db-ec8d-48c9-85d3-bdd9ed4de0f1 |
| 208 |
|
System Interconnections | Classified National Security System Connections |
|
|
|
|
|
|
|
|
|
75773727-fc08-4da3-b6bc-45baf4b2f045 |
| 209 |
|
System Interconnections | Unclassified Non-National Security System Connections |
|
|
|
|
|
|
|
|
|
3790c4e6-b131-4210-8733-682636193707 |
| 210 |
|
System Interconnections | Connections To Public Networks |
|
|
|
|
|
|
|
|
|
2407e8fa-7534-4d38-802c-aa5a68ca188a |
| 250 |
|
Access Restrictions For Change | Limit Library Privileges |
|
|
|
X |
X |
X |
|
|
|
cebc9a53-639c-4ac8-acdf-1a0932a90fab |
| 251 |
|
Access Restrictions For Change | Automatic Implementation Of Security Safeguards |
|
|
|
|
|
|
|
|
|
315c1254-f837-4353-a33c-a88e29d3987f |
| 212 |
|
Security Certification |
|
|
|
|
|
|
|
|
|
4d156fd0-3de1-4c15-8074-5a17c9e434c2 |
| 214 |
|
Plan Of Action And Milestones | Automation Support For Accuracy / Currency |
|
|
|
|
|
|
|
|
|
aa4dfe83-d36c-4a25-bcd8-657c5c6dd08a |
| 216 |
|
Continuous Monitoring |
X |
X |
X |
X |
X |
X |
X |
X |
X |
d666dcda-495d-4fef-bbd9-6f955d476d55 |
| 217 |
|
Continuous Monitoring | Independent Assessment |
|
X |
X |
|
X |
X |
|
X |
X |
3481090a-b365-407c-b422-ebb06a69e2ea |
| 218 |
|
Continuous Monitoring | Types Of Assessments |
|
|
|
|
|
|
|
|
|
b278e5bd-ca87-4ae9-b3e2-3097acb7ebd3 |
| 491 |
|
Physical Access Control | Lockable Casings |
|
|
|
|
|
|
|
|
|
af105097-539b-4029-af54-45c222a6e799 |
| 221 |
|
Penetration Testing | Independent Penetration Agent Or Team |
|
|
|
|
|
|
|
|
|
7b9dc9d8-8d55-465d-9881-3033a0e7e094 |
| 222 |
|
Penetration Testing | Red Team Exercises |
|
|
|
|
|
|
|
|
|
55d0cabe-09e0-4395-97f6-5ce3996b22be |
| 223 |
|
Internal System Connections |
X |
X |
X |
X |
X |
X |
|
|
|
d5ac1611-12fb-462e-9c05-749c81dfa55b |
| 224 |
|
Internal System Connections | Security Compliance Checks |
|
|
|
|
|
|
|
|
|
922b6dc5-5c32-462b-ad20-679d8a22205c |
| 252 |
|
Configuration Settings |
|
|
|
X |
X |
X |
|
|
|
88ad52bf-def9-48e3-a91e-dbe0931090bc |
| 226 |
|
Baseline Configuration |
|
|
|
X |
X |
X |
|
|
|
d221691b-60e5-4eba-9ecc-e76691d116ca |
| 227 |
|
Baseline Configuration | Reviews And Updates |
|
|
|
X |
X |
X |
|
|
|
57fa2794-f1dd-471d-957a-4a8b41be2652 |
| 228 |
|
Baseline Configuration | Automation Support For Accuracy / Currency |
|
|
|
|
|
X |
|
|
|
07bcd45f-c758-4330-9ebc-fbb5eeabb0b2 |
| 229 |
|
Baseline Configuration | Retention Of Previous Configurations |
|
|
|
|
X |
X |
|
|
|
99bbb949-fb19-4aa9-b80c-2d95cb9c1a4f |
| 230 |
|
Baseline Configuration | Unauthorized Software |
|
|
|
|
|
|
|
|
|
52f741e7-d26f-4096-a077-c70f5ac25bb0 |
| 231 |
|
Baseline Configuration | Authorized Software |
|
|
|
|
|
|
|
|
|
bdeed9d0-63ae-4e12-9d6f-8cd0cf6f290e |
| 232 |
|
Baseline Configuration | Development And Test Environments |
|
|
|
|
|
|
|
|
|
2983a1ae-abad-4b35-b6f4-4d8072cd8eb7 |
| 253 |
|
Configuration Settings | Automated Central Management / Application / Verification |
|
|
|
|
X |
X |
|
|
|
3b514e38-6766-4b13-bc0f-c369e37cb549 |
| 234 |
|
Configuration Change Control |
|
|
|
X |
X |
X |
|
|
|
69018308-1448-4451-84fe-7ef146d95848 |
| 235 |
|
Configuration Change Control | Automated Document / Notification / Prohibition Of Changes |
|
|
|
|
|
X |
|
|
|
0506fedc-0215-4fd4-a733-3daf6b8a22c9 |
| 237 |
|
Configuration Change Control | Automated Change Implementation |
|
|
|
|
|
|
|
|
|
6fbcb296-bc5a-42f0-ba06-507e43998497 |
| 238 |
|
Configuration Change Control | Security Representative |
|
|
|
X |
X |
X |
|
|
|
b9c3a3ec-5c8c-4df4-8cb5-a80e4867b09d |
| 239 |
|
Configuration Change Control | Automated Security Response |
|
|
|
|
|
X |
|
|
|
e6950292-ba1f-45b0-9163-fd384c192311 |
| 431 |
|
Maintenance Tools | Inspect Media |
|
|
|
X |
X |
X |
|
|
|
e06b2313-1142-44c4-b795-8bafcebf77b0 |
| 242 |
|
Security Impact Analysis | Separate Test Environments |
|
|
|
|
X |
X |
|
|
|
5f188b80-8206-4bdc-a9eb-19d41609869a |
| 243 |
|
Security Impact Analysis | Verification Of Security Functions |
|
|
|
|
|
|
|
|
|
58834e11-dcb3-4364-926d-3de96a46c77c |
| 245 |
|
Access Restrictions For Change | Automated Access Enforcement / Auditing |
|
|
|
|
X |
X |
|
|
|
90c28d0a-95c7-4e60-b89b-870764170d3a |
| 246 |
|
Access Restrictions For Change | Review System Changes |
|
|
|
|
X |
X |
|
|
|
50d211b4-f73e-4aa6-a69c-a82fb87bcfa2 |
| 247 |
|
Access Restrictions For Change | Signed Components |
|
|
|
|
|
X |
|
|
|
79c88862-05d1-473c-8b73-385e00b69435 |
| 248 |
|
Access Restrictions For Change | Dual Authorization |
|
|
|
|
|
|
|
|
|
888409f1-6aee-4e88-b1d8-fc4b0cc73da7 |
| 249 |
|
Access Restrictions For Change | Limit Production / Operational Privileges |
|
|
|
X |
X |
X |
|
|
|
1bab6a20-4201-4055-9400-78c894782d60 |
| 255 |
|
Configuration Settings | Unauthorized Change Detection |
|
|
|
|
|
|
|
|
|
047b2f97-d1b2-42ea-af4b-4290d90376b0 |
| 256 |
|
Configuration Settings | Conformance Demonstration |
|
|
|
|
|
|
|
|
|
cae3199d-2c5f-42c1-a4f2-f26607c73434 |
| 258 |
|
Least Functionality | Periodic Review |
X |
X |
X |
X |
X |
X |
|
|
|
a07063ee-776f-4b55-b8a4-67a9a41afbcd |
| 259 |
|
Least Functionality | Prevent Program Execution |
X |
X |
X |
X |
X |
X |
|
|
|
7e725867-3b5e-40fc-b81a-661ed0aa2876 |
| 260 |
|
Least Functionality | Registration Compliance |
X |
X |
X |
X |
X |
X |
|
|
|
f25fd826-dfe9-4c93-8634-acf97b50be44 |
| 261 |
|
Least Functionality | Unauthorized Software / Blacklisting |
|
|
|
|
|
|
|
|
|
641aebf2-b6fb-4cbd-9d39-f9d2b238f1b4 |
| 262 |
|
Least Functionality | Authorized Software / Whitelisting |
X |
X |
X |
X |
X |
X |
|
|
|
189cb316-f087-4ddb-8857-bcb871a2adf4 |
| 271 |
|
Information System Component Inventory | Automated Location Tracking |
|
|
|
|
|
|
|
|
|
a61a6704-be17-47e6-a4a6-b97079b99e99 |
| 264 |
|
Information System Component Inventory | Updates During Installations / Removals |
|
|
|
|
X |
X |
|
|
|
59da064b-2cc5-4c7a-a199-92560466f8bd |
| 265 |
|
Information System Component Inventory | Automated Maintenance |
|
|
|
X |
X |
X |
|
|
|
7e3a3499-0624-4910-992f-952bdd2228c6 |
| 266 |
|
Information System Component Inventory | Automated Unauthorized Component Detection |
|
|
|
X |
X |
X |
|
|
|
866893c6-de07-47cb-baa0-b9e527019cf8 |
| 267 |
|
Information System Component Inventory | Accountability Information |
|
|
X |
|
|
X |
|
|
|
e36105af-b827-4430-9572-0ca9fcd751bf |
| 268 |
|
Information System Component Inventory | No Duplicate Accounting Of Components |
|
|
|
|
X |
X |
|
|
|
e2122882-4ad4-4904-8a78-796bbb4d6632 |
| 269 |
|
Information System Component Inventory | Assessed Configurations / Approved Deviations |
|
|
|
|
|
|
|
|
|
c7905a0b-64ba-44da-a46d-a9b52082b296 |
| 270 |
|
Information System Component Inventory | Centralized Repository |
|
|
|
|
|
|
|
|
|
e1c65b25-eeeb-4bd8-8596-b9c91841dd01 |
| 297 |
|
Contingency Plan Testing | Full Recovery / Reconstitution |
|
|
|
|
|
|
|
|
|
5369f61e-b976-431c-bd54-035d61eee83e |
| 298 |
|
Contingency Plan Update |
|
|
|
|
|
|
|
|
|
8de1661e-fd5a-4742-adfa-e390ef3da14a |
| 274 |
|
Configuration Management Plan | Assignment Of Responsibility |
|
|
|
|
|
|
|
|
|
443545d8-afc2-4bb3-ab3a-30ddcf6acc51 |
| 275 |
|
Software Usage Restrictions |
|
|
|
X |
X |
X |
|
|
|
398c80ea-491b-4d77-8167-96bd5c316bfe |
| 276 |
|
Software Usage Restrictions | Open Source Software |
|
|
|
X |
X |
X |
|
|
|
1e556c79-3886-4da4-98bc-07312b218fdb |
| 277 |
|
User-Installed Software |
X |
X |
X |
X |
X |
X |
|
|
|
a9c631ec-1813-4b53-951a-5266688ec1e3 |
| 278 |
|
User-Installed Software | Alerts For Unauthorized Installations |
|
|
X |
|
|
X |
|
|
|
f396637d-5e61-402c-b51b-30843a941171 |
| 279 |
|
User-Installed Software | Prohibit Installation Without Privileged Status |
X |
X |
X |
X |
X |
X |
|
|
|
1723632d-5364-4de9-9abc-861569c99117 |
| 308 |
|
Alternate Processing Site | Equivalent Information Security Safeguards |
|
|
|
|
|
|
|
|
|
3cae92e8-edbd-49c2-ae4d-6d8f5c6baa16 |
| 309 |
|
Alternate Processing Site | Inability To Return To Primary Site |
|
|
|
|
|
|
|
|
|
61cfddab-b466-41e8-b21f-1084419ccaeb |
| 281 |
|
Contingency Plan |
|
|
|
|
|
|
X |
X |
X |
27b60b59-6a47-4757-97bf-b17e46b49277 |
| 282 |
|
Contingency Plan | Coordinate With Related Plans |
|
|
|
|
|
|
|
X |
X |
08bb085d-5ed8-4bac-a160-89b91cb7cd50 |
| 283 |
|
Contingency Plan | Capacity Planning |
|
|
|
|
|
|
|
|
X |
d4f7882a-abc5-445c-96bd-b73d7347bd05 |
| 284 |
|
Contingency Plan | Resume Essential Missions / Business Functions |
|
|
|
|
|
|
|
X |
X |
77580aad-c932-4668-b3d7-3bbc9da00e4d |
| 285 |
|
Contingency Plan | Resume All Missions / Business Functions |
|
|
|
|
|
|
|
|
X |
fdfc62dc-642d-4864-8740-d9bdbb513a53 |
| 286 |
|
Contingency Plan | Continue Essential Missions / Business Functions |
|
|
|
|
|
|
|
|
X |
3f1ddb58-03d0-412f-a526-1a8acae8cf1f |
| 287 |
|
Contingency Plan | Alternate Processing / Storage Site |
|
|
|
|
|
|
|
|
|
2dc2de09-aa25-495c-ae8b-a4d46a51af0c |
| 290 |
|
Contingency Training |
|
|
|
|
|
|
X |
X |
X |
ef5b32b3-f214-428d-b5a4-b2e2a7c2a45b |
| 291 |
|
Contingency Training | Simulated Events |
|
|
|
|
|
|
|
|
X |
776fef7c-a664-4748-a470-ce6b6d111e65 |
| 292 |
|
Contingency Training | Automated Training Environments |
|
|
|
|
|
|
|
|
|
d75dc96c-dfda-4aa7-bc46-f40f07c3da6e |
| 293 |
|
Contingency Plan Testing |
|
|
|
|
|
|
X |
X |
X |
e64e50ac-c55d-43a2-ae8b-f2b87e044cb7 |
| 294 |
|
Contingency Plan Testing | Coordinate With Related Plans |
|
|
|
|
|
|
|
X |
X |
1fa2515a-80d4-4590-8063-be8897bcfc86 |
| 295 |
|
Contingency Plan Testing | Alternate Processing Site |
|
|
|
|
|
|
|
|
X |
4b1da73c-50c5-422c-98b1-8c031168b5b6 |
| 296 |
|
Contingency Plan Testing | Automated Testing |
|
|
|
|
|
|
|
|
|
9f11f7de-88c9-40e9-9143-db8ae1001e3f |
| 300 |
|
Alternate Storage Site | Separation From Primary Site |
|
|
|
|
|
|
|
X |
X |
8cf270aa-d8c3-4f53-9e00-42e8e198448e |
| 301 |
|
Alternate Storage Site | Recovery Time / Point Objectives |
|
|
|
|
|
|
|
|
X |
59ff63b0-6c10-437b-963a-e70116d99cd1 |
| 302 |
|
Alternate Storage Site | Accessibility |
|
|
|
|
|
|
|
X |
X |
e03d6e77-ba99-4475-8e1a-2cb57664ee95 |
| 304 |
|
Alternate Processing Site | Separation From Primary Site |
|
|
|
|
|
|
|
X |
X |
2d36c48a-a2b9-4cf9-9a1a-d8e7d888a8bf |
| 305 |
|
Alternate Processing Site | Accessibility |
|
|
|
|
|
|
|
X |
X |
8e58f384-8ad4-4172-a5cd-783fd2cfca36 |
| 306 |
|
Alternate Processing Site | Priority Of Service |
|
|
|
|
|
|
|
X |
X |
35b3e69f-660b-4993-86d0-99fdc0689f9e |
| 307 |
|
Alternate Processing Site | Preparation For Use |
|
|
|
|
|
|
|
|
X |
7ffca331-b081-4c6a-8c92-ab0ec7823c94 |
| 311 |
|
Telecommunications Services | Priority Of Service Provisions |
|
|
|
|
|
|
|
X |
X |
2f1c4a75-90b4-470a-9b12-37593c46b710 |
| 312 |
|
Telecommunications Services | Single Points Of Failure |
|
|
|
|
|
|
|
X |
X |
ceddd0c7-d2eb-4a80-a509-b937367b766b |
| 314 |
|
Telecommunications Services | Provider Contingency Plan |
|
|
|
|
|
|
|
|
X |
805e9a80-9c37-4898-a48f-a10f4232fc9d |
| 315 |
|
Telecommunications Services | Alternate Telecommunication Service Testing |
|
|
|
|
|
|
|
|
X |
4e0f0ec6-92eb-40f4-90ef-4c8e1fa0a641 |
| 316 |
|
Information System Backup |
X |
X |
X |
X |
X |
X |
X |
X |
X |
1d18b124-0b26-4245-addb-3952002ca85f |
| 317 |
|
Information System Backup | Testing For Reliability / Integrity |
|
|
|
|
X |
X |
|
X |
X |
30481803-0727-41d5-9902-bdee42a2d1e5 |
| 318 |
|
Information System Backup | Test Restoration Using Sampling |
|
|
|
|
|
|
|
|
X |
c5a377c9-2f8a-42f5-96af-b561c945e3d3 |
| 320 |
|
Information System Backup | Protection From Unauthorized Modification |
|
|
|
|
|
|
|
|
|
e4b0bed1-4b79-40fa-8b4f-0802ba01c7ce |
| 321 |
|
Information System Backup | Transfer To Alternate Storage Site |
|
|
|
|
|
|
|
X |
X |
819e5ef7-fd4c-4226-a188-71c1fdf45fa0 |
| 322 |
|
Information System Backup | Redundant Secondary System |
|
|
|
|
|
|
|
|
|
dade932b-8a50-4127-9d4f-8331c7a0d939 |
| 323 |
|
Information System Backup | Dual Authorization |
|
|
|
|
|
|
|
|
|
98ec2e6d-23db-45d5-9f2c-04f2ce656479 |
| 325 |
|
Information System Recovery And Reconstitution | Contingency Plan Testing |
|
|
|
|
|
|
|
|
|
9e1b35b2-1c24-40c3-a4b3-a42ac75e0b0f |
| 326 |
|
Information System Recovery And Reconstitution | Transaction Recovery |
|
|
|
|
X |
X |
|
X |
X |
a1b076a2-4918-4f35-9dd4-5f66a74288d1 |
| 327 |
|
Information System Recovery And Reconstitution | Compensating Security Controls |
|
|
|
|
|
|
|
|
|
e2215781-7998-4924-8d3d-05d44df5693b |
| 328 |
|
Information System Recovery And Reconstitution | Restore Within Time Period |
|
|
|
|
|
X |
|
|
X |
074f683c-c4fe-45bb-b012-64eaf3f30beb |
| 329 |
|
Information System Recovery And Reconstitution | Failover Capability |
|
|
|
|
|
|
|
|
|
c5acfcdf-16d6-440e-8504-2456f784cf27 |
| 330 |
|
Information System Recovery And Reconstitution | Component Protection |
|
|
|
|
|
|
|
|
|
b338024b-2043-4564-bd65-2e56d13063c8 |
| 331 |
|
Alternate Communications Protocols |
|
|
|
|
|
|
|
|
|
fbfd2cd4-9aa0-40e0-9b66-33c5720b8528 |
| 334 |
|
Identification And Authentication Policy And Procedures |
X |
X |
X |
X |
X |
X |
|
|
|
37aff9ca-6d58-4225-bb31-c271de184ce2 |
| 335 |
|
Identification And Authentication (Organizational Users) |
X |
X |
X |
X |
X |
X |
|
|
|
45003aad-e42f-46f8-afa5-87afdc8559c5 |
| 336 |
|
Identification And Authentication (Organizational Users) | Network Access To Privileged Accounts |
X |
X |
X |
X |
X |
X |
|
|
|
5cec0f77-863f-42d6-8eb5-65fcbc5f4d3b |
| 337 |
|
Identification And Authentication (Organizational Users) | Network Access To Non-Privileged Accounts |
X |
X |
X |
X |
X |
X |
|
|
|
501a5a5a-9a9b-46b5-96ca-db78393e5922 |
| 338 |
|
Identification And Authentication (Organizational Users) | Local Access To Privileged Accounts |
|
X |
X |
|
X |
X |
|
|
|
36b282d6-2941-41c2-84fb-2b7b04c49648 |
| 339 |
|
Identification And Authentication (Organizational Users) | Local Access To Non-Privileged Accounts |
|
X |
X |
|
X |
X |
|
|
|
fc95f5d6-bb98-4116-8a5d-87e96581640f |
| 340 |
|
Identification And Authentication (Organizational Users) | Group Authentication |
X |
X |
X |
X |
X |
X |
|
|
|
b84245a6-61ac-48ab-901c-847836700783 |
| 341 |
|
Identification And Authentication (Organizational Users) | Network Access To Privileged Accounts - Separate Device |
|
|
|
|
|
|
|
|
|
5b9f2dbf-7dc5-42bb-8145-fe494e4493a4 |
| 344 |
|
Identification And Authentication (Organizational Users) | Network Access To Non-Privileged Accounts - Replay Resistant |
|
X |
X |
|
X |
X |
|
|
|
bbfa2e61-984c-4d76-8649-030dd14048d8 |
| 345 |
|
Identification And Authentication (Organizational Users) | Single Sign-On |
|
|
|
|
|
|
|
|
|
b55ddf64-ebfc-4725-bee7-dc884e4ef8b4 |
| 347 |
|
Identification And Authentication (Organizational Users) | Acceptance Of Piv Credentials |
X |
X |
X |
X |
X |
X |
|
|
|
96bb9910-f1fc-458b-a1ce-eb9de3742d33 |
| 349 |
|
Device Identification And Authentication |
X |
X |
X |
X |
X |
X |
|
|
|
04bc593a-e77d-4c19-8cfa-77ac28c2801d |
| 350 |
|
Device Identification And Authentication | Cryptographic Bidirectional Authentication |
|
X |
X |
|
X |
X |
|
|
|
52d37767-70c0-4830-9f5a-510525aa8675 |
| 353 |
|
Device Identification And Authentication | Device Attestation |
|
|
|
|
|
|
|
|
|
4d1b88d8-74de-4409-940e-64f6e9a54a20 |
| 355 |
|
Identifier Management | Prohibit Account Identifiers As Public Identifiers |
|
|
|
|
|
|
|
|
|
039a3411-ff7e-4f39-8db0-b4799f6e058e |
| 356 |
|
Identifier Management | Supervisor Authorization |
|
|
|
|
|
|
|
|
|
41b3b56d-e2bc-4af0-ad9e-275cc8925f53 |
| 357 |
|
Identifier Management | Multiple Forms Of Certification |
|
|
|
|
|
|
|
|
|
0aef513b-8acb-4313-bea2-d892dda2854b |
| 358 |
|
Identifier Management | Identify User Status |
X |
X |
X |
X |
X |
X |
|
|
|
4fcc5e35-62cc-42dc-9898-31dbbb18952b |
| 359 |
|
Identifier Management | Dynamic Management |
|
|
|
|
|
|
|
|
|
d7a8e0f4-12d9-4c1b-b33d-f493829d1abf |
| 360 |
|
Identifier Management | Cross-Organization Management |
|
|
|
|
|
|
|
|
|
31d40ef4-28e3-4123-aba1-dfe899957d95 |
| 361 |
|
Identifier Management | In-Person Registration |
|
|
|
|
|
|
|
|
|
5786399a-ef17-445d-aa2e-b29d86e69fd5 |
| 363 |
|
Authenticator Management | Password-Based Authentication |
X |
X |
X |
X |
X |
X |
|
|
|
1c62f267-317e-4cec-ab54-3edb01a9ae2f |
| 364 |
|
Authenticator Management | Pki-Based Authentication |
|
X |
X |
|
X |
X |
|
|
|
83c07b15-3a9b-4e45-9754-1d7260d5033d |
| 365 |
|
Authenticator Management | In-Person Or Trusted Third-Party Registration |
|
|
|
|
X |
X |
|
|
|
af69ad74-9969-468c-8077-0edc2bd05add |
| 366 |
|
Authenticator Management | Automated Support For Password Strength Determination |
X |
X |
X |
X |
X |
X |
|
|
|
9c615f0c-ca3b-4e31-bbcb-3235c26dae6d |
| 367 |
|
Authenticator Management | Change Authenticators Prior To Delivery |
|
|
|
|
|
|
|
|
|
2ad8bfdf-bfa9-43cc-a0ee-72b697a140f2 |
| 368 |
|
Authenticator Management | Protection Of Authenticators |
|
|
|
|
|
|
|
|
|
a9e69431-f195-42f0-97b1-11e269925661 |
| 369 |
|
Authenticator Management | No Embedded Unencrypted Static Authenticators |
X |
X |
X |
|
|
|
|
|
|
6806e6e3-0fa2-4cfb-8630-aa17ad7ef5af |
| 371 |
|
Authenticator Management | Cross-Organization Credential Management |
|
|
|
|
|
|
|
|
|
cadd1f0c-8687-4e3a-9fe2-6fb50b9a1413 |
| 373 |
|
Authenticator Management | Hardware Token-Based Authentication |
|
|
|
X |
X |
X |
|
|
|
85e8acca-2eac-47ee-8b90-9081003fe351 |
| 374 |
|
Authenticator Management | Biometric-Based Authentication |
|
|
|
|
|
|
|
|
|
a5c6c330-33b3-4277-b045-3128445acbba |
| 375 |
|
Authenticator Management | Expiration Of Cached Authenticators |
X |
X |
X |
X |
X |
X |
|
|
|
48efd3e4-ecb2-4539-999e-5a051459675a |
| 376 |
|
Authenticator Management | Managing Content Of Pki Trust Stores |
X |
X |
X |
X |
X |
X |
|
|
|
8829a054-1788-4d49-87e7-f4554a3ff888 |
| 377 |
|
Authenticator Management | Ficam-Approved Products And Services |
|
|
|
|
|
|
|
|
|
d9ac474d-8d9e-45f4-a1ed-ec4b6e66ec26 |
| 379 |
|
Cryptographic Module Authentication |
X |
X |
X |
X |
X |
X |
|
|
|
34ba9f77-0d78-4608-ac1d-d846b267266d |
| 381 |
|
Identification And Authentication (Non-Organizational Users) | Acceptance Of Piv Credentials From Other Agencies |
X |
X |
X |
X |
X |
X |
|
|
|
5883ff0b-f3a7-4379-9371-15e72a0d31b3 |
| 382 |
|
Identification And Authentication (Non-Organizational Users) | Acceptance Of Third-Party Credentials |
|
|
|
X |
X |
X |
|
|
|
43b87924-98f3-4a13-a4d7-fd3979be47e4 |
| 383 |
|
Identification And Authentication (Non-Organizational Users) | Use Of Ficam-Approved Products |
|
|
|
X |
X |
X |
|
|
|
0a19e974-98bc-426e-9606-09f182040eee |
| 384 |
|
Identification And Authentication (Non-Organizational Users) | Use Of Ficam-Issued Profiles |
|
|
|
X |
X |
X |
|
|
|
f500f8bc-914c-481b-babc-a85b08a145bc |
| 385 |
|
Identification And Authentication (Non-Organizational Users) | Acceptance Of Piv-I Credentials |
|
|
|
|
|
|
|
|
|
c488a84f-625a-488e-8680-109e57e2dd9a |
| 386 |
|
Service Identification And Authentication |
|
|
|
|
|
|
|
|
|
e1e536d0-565f-4b92-b4eb-a68cc10904d8 |
| 387 |
|
Service Identification And Authentication | Information Exchange |
|
|
|
|
|
|
|
|
|
54cce1f4-232c-4a0f-ba26-9e484f669e6c |
| 390 |
|
Re-Authentication |
|
|
X |
|
|
X |
|
|
|
e6698966-01f5-4f0e-a0d0-ffcd2d9082a0 |
| 392 |
|
Incident Response Training |
X |
X |
X |
X |
X |
X |
X |
X |
X |
8ac81278-93bd-4775-9ed9-5ac618fcb501 |
| 393 |
|
Incident Response Training | Simulated Events |
|
|
X |
|
|
X |
|
|
X |
e22c2145-8dd7-49b9-83f3-aac4107486a1 |
| 394 |
|
Incident Response Training | Automated Training Environments |
|
|
|
|
|
X |
|
|
X |
8e8b1f92-48ed-4ba3-b618-5e63ec1cdfa6 |
| 395 |
|
Incident Response Testing |
X |
X |
X |
X |
X |
X |
X |
X |
X |
f094aae5-7861-4ace-b023-9511a7ea53ef |
| 397 |
|
Incident Response Testing | Coordination With Related Plans |
|
X |
X |
|
X |
X |
|
X |
X |
3e39451a-f792-4d6e-af26-c85c15c52025 |
| 399 |
|
Incident Handling | Automated Incident Handling Processes |
|
X |
X |
|
X |
X |
|
X |
X |
935482e3-5410-47e3-91df-5f6b4de4d300 |
| 400 |
|
Incident Handling | Dynamic Reconfiguration |
|
|
|
|
|
|
|
|
|
84da2a66-cd77-4a81-a74d-531f0c46de6d |
| 401 |
|
Incident Handling | Continuity Of Operations |
|
X |
X |
|
X |
X |
|
X |
X |
191a68a0-acf0-46a9-85aa-8029163b5a51 |
| 402 |
|
Incident Handling | Information Correlation |
X |
X |
X |
X |
X |
X |
X |
X |
X |
3764b68b-87d1-4727-978c-c24011c84692 |
| 403 |
|
Incident Handling | Automatic Disabling Of Information System |
|
|
|
|
|
|
|
|
|
f176ee87-803a-4340-bb58-928660abe065 |
| 404 |
|
Incident Handling | Insider Threats - Specific Capabilities |
X |
X |
X |
X |
X |
X |
X |
X |
X |
918feefb-e71b-48c5-b2fa-e91163a71a2f |
| 405 |
|
Incident Handling | Insider Threats - Intra-Organization Coordination |
X |
X |
X |
X |
X |
X |
X |
X |
X |
42e12352-8030-4b06-95a6-ff14f6a78c24 |
| 407 |
|
Incident Handling | Dynamic Response Capability |
|
|
|
|
|
|
|
|
|
371b55a9-ae4f-401b-9e1e-c2ff0a336a4b |
| 408 |
|
Incident Handling | Supply Chain Coordination |
|
|
|
|
|
|
|
|
|
99c13930-8488-48bf-b051-2c07959a4d86 |
| 409 |
|
Incident Monitoring |
X |
X |
X |
X |
X |
X |
X |
X |
X |
e2099134-c480-45d9-a6bb-0e63b36e8a5c |
| 410 |
|
Incident Monitoring | Automated Tracking / Data Collection / Analysis |
|
|
X |
|
|
X |
|
|
X |
345899ef-b35f-4e44-a6e0-b10ea18c54dc |
| 412 |
|
Incident Reporting | Automated Reporting |
|
X |
X |
|
X |
X |
|
X |
X |
042dd133-d909-4d0a-8995-4e26e4e1d4a7 |
| 413 |
|
Incident Reporting | Vulnerabilities Related To Incidents |
X |
X |
X |
X |
X |
X |
X |
X |
X |
01871732-8152-4df8-9ed7-b32553363f0c |
| 414 |
|
Incident Reporting | Coordination With Supply Chain |
|
|
|
|
|
|
|
|
|
c2433edd-eda3-482c-a43a-5ed11f3a05c5 |
| 415 |
|
Incident Response Assistance |
X |
X |
X |
X |
X |
X |
X |
X |
X |
12814034-50be-405f-938b-9a4dc541d8bb |
| 417 |
|
Incident Response Assistance | Coordination With External Providers |
X |
X |
X |
X |
X |
X |
X |
X |
X |
2d737f77-aedf-42df-8dbc-d27846fb2436 |
| 419 |
|
Information Spillage Response |
X |
X |
X |
|
|
|
|
|
|
5cfa0446-3fe2-4029-b3ca-76e947b793f0 |
| 420 |
|
Information Spillage Response | Responsible Personnel |
X |
X |
X |
|
|
|
|
|
|
560f3870-f08c-450c-a8e6-771087cc810b |
| 421 |
|
Information Spillage Response | Training |
X |
X |
X |
|
|
|
|
|
|
ff9afc02-609b-409b-8679-9b12fe042aa9 |
| 422 |
|
Information Spillage Response | Post-Spill Operations |
|
|
|
|
|
|
|
X |
X |
40fb91b9-f18e-43c6-9205-1a005903a874 |
| 423 |
|
Information Spillage Response | Exposure To Unauthorized Personnel |
X |
X |
X |
|
|
|
|
|
|
fc1fba94-0354-4570-a737-ccb57d0a6a08 |
| 432 |
|
Maintenance Tools | Prevent Unauthorized Removal |
X |
X |
X |
|
|
|
|
|
|
fa78169a-b4d4-4fc9-bec8-03cc1f998900 |
| 426 |
|
Controlled Maintenance |
X |
X |
X |
X |
X |
X |
X |
X |
X |
133b2d5e-95f3-47b0-a3bc-4faae23233b1 |
| 427 |
|
Controlled Maintenance | Record Content |
|
|
|
|
|
|
|
|
|
0b7ce387-0a9e-466f-9ee0-768015050e0a |
| 428 |
|
Controlled Maintenance | Automated Maintenance Activities |
|
|
X |
|
|
X |
|
|
X |
7ffb0f2d-6455-406e-a3df-624280c98589 |
| 429 |
|
Maintenance Tools |
|
|
|
X |
X |
X |
|
|
|
39b617ed-c1c0-4e92-bae6-893da2d22e61 |
| 430 |
|
Maintenance Tools | Inspect Tools |
|
|
|
|
X |
X |
|
|
|
e1c2d293-9174-4ad4-8f30-353e6af18bb5 |
| 433 |
|
Maintenance Tools | Restricted Tool Use |
|
|
|
|
|
|
|
|
|
874f03c2-8b91-40e0-97bb-5482a85d22be |
| 435 |
|
Nonlocal Maintenance | Auditing And Review |
|
|
|
|
X |
X |
|
|
|
9b831670-ec8b-42f3-b43f-9878ede25ee7 |
| 436 |
|
Nonlocal Maintenance | Document Nonlocal Maintenance |
|
|
|
|
X |
X |
|
|
|
b8068158-7d9b-4fc5-8364-43acad6ed45b |
| 437 |
|
Nonlocal Maintenance | Comparable Security / Sanitization |
X |
X |
X |
X |
X |
X |
|
|
|
d133487c-60a7-4544-9453-d622e98ee67c |
| 438 |
|
Nonlocal Maintenance | Authentication / Separation Of Maintenance Sessions |
|
|
|
|
|
|
|
|
|
debf8fa6-6883-4321-b6bf-aabd4a9cd66d |
| 439 |
|
Nonlocal Maintenance | Approvals And Notifications |
|
|
|
|
|
|
|
|
|
05fca7ee-0d9d-4f6d-997d-021228d383b8 |
| 440 |
|
Nonlocal Maintenance | Cryptographic Protection |
X |
X |
X |
X |
X |
X |
|
|
|
67e9509e-17f7-471f-8171-6605e16821ec |
| 441 |
|
Nonlocal Maintenance | Remote Disconnect Verification |
|
|
|
X |
X |
X |
|
|
|
58cf7194-b512-406b-ac4c-d35139b9baa0 |
| 478 |
|
Media Downgrading | Documentation Of Process |
|
|
|
|
|
|
|
|
|
075aceb6-21fe-496a-92a8-5ac47bd8ee4c |
| 444 |
|
Maintenance Personnel | Security Clearances For Classified Systems |
|
|
|
|
|
|
|
|
|
0cf45471-0e66-46f9-a259-521733fa3315 |
| 445 |
|
Maintenance Personnel | Citizenship Requirements For Classified Systems |
|
|
|
|
|
|
|
|
|
ad02e48e-6d71-4cd3-94a3-0760d6cca5cb |
| 446 |
|
Maintenance Personnel | Foreign Nationals |
|
|
|
|
|
|
|
|
|
f4a6ebe3-bedb-4c8b-8822-a0e29af23449 |
| 447 |
|
Maintenance Personnel | Nonsystem-Related Maintenance |
|
|
|
|
|
|
|
|
|
c2d1990a-1a17-47d4-a244-9464b90ea410 |
| 448 |
|
Timely Maintenance |
|
|
|
|
|
|
|
X |
X |
d556d988-57a8-42a3-b929-33686c8e6f8d |
| 450 |
|
Timely Maintenance | Predictive Maintenance |
|
|
|
|
|
|
|
|
|
8126861a-bb47-4e4d-8d5c-21f2664c5ef1 |
| 451 |
|
Timely Maintenance | Automated Support For Predictive Maintenance |
|
|
|
|
|
|
|
|
|
ef2e46bd-10b1-4cc5-aa60-0e4fbbd71c3d |
| 479 |
|
Media Downgrading | Equipment Testing |
|
|
|
|
|
|
|
|
|
dc05cdc4-a4e6-4a6b-992d-fb0fd8da6c2f |
| 453 |
|
Media Access |
X |
X |
X |
X |
X |
X |
|
|
|
ad13fdb5-7741-40c8-b3f3-95173955c824 |
| 454 |
|
Media Access | Automated Restricted Access |
|
|
|
|
|
|
|
|
|
02b2fe01-5f9f-49a2-9787-269c7e7fa8a4 |
| 455 |
|
Media Access | Cryptographic Protection |
|
|
|
|
|
|
|
|
|
5ff5f961-6fb7-4156-8a2f-e7b17b21ff22 |
| 456 |
|
Media Marking |
|
X |
X |
|
|
|
|
|
|
b1d4cf45-7bb6-44bd-bf61-361ba36bec82 |
| 457 |
|
Media Storage |
|
X |
X |
|
X |
X |
|
|
|
c67abfbb-cda1-482a-acac-cba0faa50796 |
| 458 |
|
Media Storage | Cryptographic Protection |
|
|
|
|
|
|
|
|
|
8c694336-dd97-4d06-9f36-e24d30cd1090 |
| 459 |
|
Media Storage | Automated Restricted Access |
|
|
|
|
|
|
|
|
|
f35dc02d-46ff-48e1-92a6-9d9d54e5b960 |
| 480 |
|
Media Downgrading | Controlled Unclassified Information |
|
|
|
|
|
|
|
|
|
cdbba9d6-d893-4abf-8292-b6109432ef69 |
| 461 |
|
Media Transport | Protection Outside Of Controlled Areas |
|
|
|
|
|
|
|
|
|
e1acfa6e-d4ec-4769-945e-4f4ccdba31f4 |
| 462 |
|
Media Transport | Documentation Of Activities |
|
|
|
|
|
|
|
|
|
940062c2-f7b4-4e67-8ca7-f941dc21a4be |
| 463 |
|
Media Transport | Custodians |
|
|
|
|
|
|
|
|
|
7f0395c8-f529-41ca-9646-7972e6686da6 |
| 464 |
|
Media Transport | Cryptographic Protection |
|
X |
X |
|
X |
X |
|
|
|
f748db61-0486-4efe-acb9-fe72644fc937 |
| 465 |
|
Media Sanitization |
X |
X |
X |
|
|
|
|
|
|
b688ce2f-fc7f-4f44-858b-cc8bbcee0eb7 |
| 466 |
|
Media Sanitization | Review / Approve / Track / Document / Verify |
|
|
X |
|
|
|
|
|
|
ef114887-70c6-47fb-8008-2cc8f9d847dc |
| 467 |
|
Media Sanitization | Equipment Testing |
|
|
X |
|
|
|
|
|
|
98bfa665-bd1e-46c3-a7fe-3c620878602e |
| 481 |
|
Media Downgrading | Classified Information |
|
|
|
|
|
|
|
|
|
c91c1ca2-b527-4472-af31-bde3e8a56e59 |
| 503 |
|
Monitoring Physical Access | Monitoring Physical Access To Information Systems |
|
|
X |
|
|
X |
|
|
X |
6fdc0757-4e68-4f28-8d8d-37563f5e4704 |
| 469 |
|
Media Sanitization | Controlled Unclassified Information |
|
|
|
|
|
|
|
|
|
14710e24-ee36-4084-8f3e-3c033af4a780 |
| 470 |
|
Media Sanitization | Classified Information |
|
|
|
|
|
|
|
|
|
fbc8dd0d-82b7-415f-bd66-a261a300c322 |
| 471 |
|
Media Sanitization | Media Destruction |
|
|
|
|
|
|
|
|
|
0343ae2e-e662-495a-bac7-e2b4a51e19d0 |
| 473 |
|
Media Sanitization | Remote Purging / Wiping Of Information |
|
|
|
|
|
|
|
|
|
bcc4c641-ff64-40fa-8c53-7d8c70211d1e |
| 475 |
|
Media Use | Prohibit Use Without Owner |
|
|
|
X |
X |
X |
|
|
|
0c2adc09-645d-434e-8bf7-00906bd89936 |
| 476 |
|
Media Use | Prohibit Use Of Sanitization-Resistant Media |
|
|
|
|
|
|
|
|
|
0e569880-6a53-481a-980b-e0b2d2882046 |
| 477 |
|
Media Downgrading |
|
|
|
|
|
|
|
|
|
85aed17a-aa42-4673-b96a-dd0adefe116b |
| 483 |
|
Physical Access Authorizations |
X |
X |
X |
X |
X |
X |
X |
X |
X |
3ac037bb-3464-43a8-90de-15e9cfe425a9 |
| 484 |
|
Physical Access Authorizations | Access By Position / Role |
|
|
|
|
|
|
|
|
|
07a63a30-ac69-4866-89c4-6f374a541b71 |
| 485 |
|
Physical Access Authorizations | Two Forms Of Identification |
|
|
|
|
|
|
|
|
|
5813e8b2-23bc-4165-9625-61facc85178b |
| 487 |
|
Physical Access Control |
X |
X |
X |
X |
X |
X |
X |
X |
X |
a999cff6-e269-4989-b04f-783f02b558f8 |
| 488 |
|
Physical Access Control | Information System Access |
X |
X |
X |
X |
X |
X |
|
|
|
3a0b5f8c-a4e8-4495-909e-9555952c5a81 |
| 489 |
|
Physical Access Control | Facility / Information System Boundaries |
|
|
|
|
|
|
|
|
|
fa9c8808-3fb4-4995-9dd9-45cf63b3cad0 |
| 504 |
|
Visitor Control |
|
|
|
|
|
|
|
|
|
e7728f60-c2d3-4893-9f24-1dd04c8d5a73 |
| 493 |
|
Physical Access Control | Facility Penetration Testing |
|
|
|
|
|
|
|
|
|
fdf559df-2901-40a2-b627-1fbb57db569f |
| 494 |
|
Access Control For Transmission Medium |
|
X |
X |
|
X |
X |
|
|
|
8f822ba7-c755-49b9-86c1-ba359f819e0e |
| 495 |
|
Access Control For Output Devices |
|
X |
X |
|
|
|
|
|
|
53ba3515-b9f2-4cd9-8319-7fa4d6fa4066 |
| 496 |
|
Access Control For Output Devices | Access To Output By Authorized Individuals |
|
|
|
|
|
|
|
|
|
462f4eaa-d333-4b47-9a61-7fee86d828af |
| 497 |
|
Access Control For Output Devices | Access To Output By Individual Identity |
|
|
|
|
|
|
|
|
|
9129f4cb-8e55-4731-a5f9-907e5e0db05a |
| 498 |
|
Access Control For Output Devices | Marking Output Devices |
|
|
|
|
|
|
|
|
|
3555647f-6ac1-4f20-82d4-37bb14ea948b |
| 499 |
|
Monitoring Physical Access |
X |
X |
X |
X |
X |
X |
X |
X |
X |
f84638d3-95c6-4206-a52c-9b0f9f53f7d3 |
| 500 |
|
Monitoring Physical Access | Intrusion Alarms / Surveillance Equipment |
|
X |
X |
|
X |
X |
|
X |
X |
0cc7c0e7-9928-42b1-9c19-7bf244765d6b |
| 501 |
|
Monitoring Physical Access | Automated Intrusion Recognition / Responses |
|
|
|
|
|
|
|
|
|
f15f06eb-f1c3-4f7e-b7c8-e8beee630b90 |
| 502 |
|
Monitoring Physical Access | Video Surveillance |
|
|
|
|
|
|
|
|
|
6ac747d8-30be-4508-8665-b86177a36e58 |
| 506 |
|
Visitor Access Records | Automated Records Maintenance / Review |
|
|
X |
|
|
X |
|
|
|
62cc59f0-d7d2-4127-aa29-08cb7a53f0a9 |
| 507 |
|
Visitor Access Records | Physical Access Records |
|
|
|
|
|
|
|
|
|
cf4e4379-94c6-4b1d-856e-b6df13a7eb25 |
| 508 |
|
Power Equipment And Cabling |
|
|
|
|
|
|
|
X |
X |
4be48b6a-00a8-44d1-b3a5-a02256d74a54 |
| 509 |
|
Power Equipment And Cabling | Redundant Cabling |
|
|
|
|
|
|
|
|
|
4fc8a808-e4fa-4a3d-b3fa-09f9c3e22f04 |
| 510 |
|
Power Equipment And Cabling | Automatic Voltage Controls |
|
|
|
|
|
|
|
|
|
ef2ec80f-74c9-4024-9a37-63afd5ac939d |
| 511 |
|
Emergency Shutoff |
|
|
|
|
|
|
|
X |
X |
b39ec737-17fa-42d4-99bc-a353381f46a5 |
| 512 |
|
Emergency Shutoff | Accidental / Unauthorized Activation |
|
|
|
|
|
|
|
|
|
cca7bf93-8ff9-48fd-ba2f-f5c43c57d5b1 |
| 513 |
|
Emergency Power |
|
|
|
|
|
|
|
X |
X |
1de637c4-7c18-4734-9c4e-2aeddc51ed5e |
| 514 |
|
Emergency Power | Long-Term Alternate Power Supply - Minimal Operational Capability |
|
|
|
|
|
|
|
|
X |
00a29401-9760-47ce-86b7-58d5de719374 |
| 515 |
|
Emergency Power | Long-Term Alternate Power Supply - Self-Contained |
|
|
|
|
|
|
|
|
|
3ea18ae1-5368-4bf9-a180-16fd49e90920 |
| 516 |
|
Emergency Lighting |
|
|
|
|
|
|
X |
X |
X |
1ec9c1db-6d88-43a4-9525-5f44691d94de |
| 517 |
|
Emergency Lighting | Essential Missions / Business Functions |
|
|
|
|
|
|
|
|
|
389fa46d-c026-4e4c-8098-1a23a1542893 |
| 518 |
|
Fire Protection |
|
|
|
|
|
|
X |
X |
X |
2a3ff1df-a366-4b5a-963f-124ef493ebbc |
| 531 |
|
Location Of Information System Components | Facility Site |
|
|
|
|
|
|
|
|
|
fb87d45d-c9b8-49d3-838d-54d67e02b3e7 |
| 520 |
|
Fire Protection | Suppression Devices / Systems |
|
|
|
|
|
|
|
|
X |
b5f62cf0-3130-44cb-9ed7-062175a0b543 |
| 521 |
|
Fire Protection | Automatic Fire Suppression |
|
|
|
|
|
|
|
X |
X |
41be48cd-afac-464c-a934-83446fe6e4ac |
| 522 |
|
Fire Protection | Inspections |
|
|
|
|
|
|
|
|
X |
8c9f3b44-fe8b-4a94-b975-486603f5221c |
| 523 |
|
Temperature And Humidity Controls |
|
|
|
|
|
|
X |
X |
X |
1a40c883-ac99-4a1d-95de-7b065638a36f |
| 524 |
|
Temperature And Humidity Controls | Automatic Controls |
|
|
|
|
|
|
|
|
|
141ce6fc-c38a-4801-80de-9db46f9d8ca1 |
| 525 |
|
Temperature And Humidity Controls | Monitoring With Alarms / Notifications |
|
|
|
|
|
|
|
|
|
cfc981b9-fc5a-446e-90a5-6ff98c47f12e |
| 526 |
|
Water Damage Protection |
|
|
|
|
|
|
X |
X |
X |
5767b934-097a-469e-8498-fc3adfbcf4db |
| 527 |
|
Water Damage Protection | Automation Support |
|
|
|
|
|
|
|
|
X |
ed227d58-30ac-45af-b20b-4902de40214e |
| 528 |
|
Delivery And Removal |
X |
X |
X |
X |
X |
X |
X |
X |
X |
24870d1a-7db8-4f9c-b19b-923dc52e09dc |
| 530 |
|
Location Of Information System Components |
|
|
|
|
|
|
|
|
X |
1cf62209-02dd-4ac9-b2b1-4f4b78f01189 |
| 533 |
|
Information Leakage | National Emissions / Tempest Policies And Procedures |
|
|
|
|
|
|
|
|
|
b64e268f-1a6b-4846-833f-e6c6ef675a3d |
| 534 |
|
Asset Monitoring And Tracking |
|
|
|
|
|
|
|
|
|
5d89b4f4-ebab-454f-bb6c-476a41e3b2ed |
| 536 |
|
System Security Plan |
X |
X |
X |
X |
X |
X |
X |
X |
X |
464ea364-d058-4750-ae95-9d1b5553789c |
| 537 |
|
System Security Plan | Concept Of Operations |
|
|
|
|
|
|
|
|
|
512798d2-379c-4c5d-85ed-8b94c74a1607 |
| 538 |
|
System Security Plan | Functional Architecture |
|
|
|
|
|
|
|
|
|
8b32c5c4-0d0d-45bb-8c2f-eb9b8cc7e396 |
| 539 |
|
System Security Plan | Plan / Coordinate With Other Organizational Entities |
|
X |
X |
|
X |
X |
|
X |
X |
dba3bbfa-5601-414e-9814-3d735ed6dd18 |
| 540 |
|
System Security Plan Update |
|
|
|
|
|
|
|
|
|
7831d161-faae-4085-82e7-787608d1dec1 |
| 563 |
|
Access Agreements | Post-Employment Requirements |
X |
X |
X |
|
|
|
|
|
|
89774ace-713f-4004-bc0c-6b7bec477d3b |
| 542 |
|
Rules Of Behavior | Social Media And Networking Restrictions |
|
X |
X |
|
|
|
|
|
|
f15605c0-d9d8-4249-8f66-80af92929faf |
| 543 |
|
Privacy Impact Assessment |
|
|
|
|
|
|
|
|
|
7959dba4-13cc-4810-be01-24e7212c5e3e |
| 544 |
|
Security-Related Activity Planning |
|
|
|
|
|
|
|
|
|
e574ba44-761a-44b1-8f9e-39d537206339 |
| 545 |
|
Security Concept Of Operations |
|
|
|
|
|
|
|
|
|
7fb8fec8-5482-4b6d-be3d-0495c20aba1f |
| 546 |
|
Information Security Architecture |
X |
X |
X |
X |
X |
X |
X |
X |
X |
2f8f2a41-6a78-43a6-90fa-265a41fcded9 |
| 548 |
|
Information Security Architecture | Supplier Diversity |
X |
X |
X |
X |
X |
X |
X |
X |
X |
4a511fc7-49ff-4f87-9981-52fe74b25a98 |
| 702 |
|
Boundary Protection | Deny By Default / Allow By Exception |
X |
X |
X |
X |
X |
X |
|
|
|
0b7d770c-efe3-4d68-a67b-06741c4acf74 |
| 551 |
|
Position Risk Designation |
X |
X |
X |
X |
X |
X |
X |
X |
X |
00b40431-cd37-42e6-b9b3-94bfb207f203 |
| 552 |
|
Personnel Screening |
X |
X |
X |
X |
X |
X |
|
|
|
c4d34d83-620a-48ff-aae7-8ce262ec7066 |
| 553 |
|
Personnel Screening | Classified Information |
|
|
|
|
|
|
|
|
|
40f0f6d5-f85c-418b-88fd-6ce75754879c |
| 554 |
|
Personnel Screening | Formal Indoctrination |
|
|
|
|
|
|
|
|
|
a55134e5-74db-42e7-a134-33f3401e8143 |
| 555 |
|
Personnel Screening | Information With Special Protection Measures |
|
|
|
|
|
|
|
|
|
78a16eca-e886-48f6-ba41-8068a1305575 |
| 703 |
|
Boundary Protection | Response To Recognized Failures |
|
|
|
|
|
|
|
|
|
e957375a-2d83-4d59-84fe-f5cbc70f42b0 |
| 557 |
|
Personnel Termination | Post-Employment Requirements |
X |
X |
X |
|
|
|
|
|
|
75bf5720-f4c7-4461-bf2a-bb5b29c7f57e |
| 558 |
|
Personnel Termination | Automated Notification |
|
|
X |
|
|
X |
|
|
X |
cef35aa2-0942-46c3-ae68-58a7ea685001 |
| 559 |
|
Personnel Transfer |
X |
X |
X |
X |
X |
X |
X |
X |
X |
8e579fc4-bccf-4c74-a5c2-12249e8b6932 |
| 560 |
|
Access Agreements |
X |
X |
X |
X |
X |
X |
|
|
|
75240e6c-cfa2-45cc-a56e-f7a99bb391b1 |
| 561 |
|
Access Agreements | Information Requiring Special Protection |
|
|
|
|
|
|
|
|
|
bda3d49f-f7f3-4ef7-9c93-4b0f4f01f8e5 |
| 565 |
|
Personnel Sanctions |
X |
X |
X |
X |
X |
X |
X |
X |
X |
29138532-ae1c-4d25-bda3-528d71e01313 |
| 567 |
|
Security Categorization |
X |
X |
X |
X |
X |
X |
X |
X |
X |
6ceaecf2-f799-4271-a051-8eefcb5daa45 |
| 581 |
|
Technical Surveillance Countermeasures Survey |
|
|
|
|
|
|
|
|
|
f23c5edc-b08b-43b5-b0bc-b12cf12f68e1 |
| 569 |
|
Risk Assessment Update |
|
|
|
|
|
|
|
|
|
0867a4a8-770d-4679-8960-f328ad0d28e4 |
| 570 |
|
Vulnerability Scanning |
X |
X |
X |
X |
X |
X |
X |
X |
X |
506e4e03-20eb-4303-8169-952ac041ccd8 |
| 571 |
|
Vulnerability Scanning | Update Tool Capability |
X |
X |
X |
X |
X |
X |
X |
X |
X |
c6c0052d-df82-4418-89ca-df1257323ce6 |
| 572 |
|
Vulnerability Scanning | Update By Frequency / Prior To New Scan / When Identified |
X |
X |
X |
X |
X |
X |
X |
X |
X |
9546e19b-fbb6-4563-94ad-0ae16f03df4b |
| 573 |
|
Vulnerability Scanning | Breadth / Depth Of Coverage |
|
|
|
|
|
|
|
|
|
49de267e-2c0f-4d02-80a6-a26e48135cd3 |
| 574 |
|
Vulnerability Scanning | Discoverable Information |
X |
X |
X |
X |
X |
X |
X |
X |
X |
f7ab18a5-b60d-4051-b694-74b597283230 |
| 575 |
|
Vulnerability Scanning | Privileged Access |
X |
X |
X |
X |
X |
X |
X |
X |
X |
053322e2-8266-4a8d-a0a0-a3edb7feb168 |
| 576 |
|
Vulnerability Scanning | Automated Trend Analyses |
|
|
|
|
|
|
|
|
|
e7bd87a5-dd04-45e5-9dcd-78275b697f8b |
| 577 |
|
Vulnerability Scanning | Automated Detection And Notification Of Unauthorized Components |
|
|
|
|
|
|
|
|
|
53e49403-79c8-4ba5-99cf-6e6ea548c89a |
| 578 |
|
Vulnerability Scanning | Review Historic Audit Logs |
|
|
|
|
|
|
|
|
|
6e097315-fd33-4c7d-90d8-decacf07158b |
| 579 |
|
Vulnerability Scanning | Penetration Testing And Analyses |
|
|
|
|
|
|
|
|
|
c74915af-49af-41c8-962f-f00d03449598 |
| 580 |
|
Vulnerability Scanning | Correlate Scanning Information |
|
|
X |
|
|
X |
|
|
X |
ed7f2e5e-d583-4582-b734-0c2d4a19abfd |
| 583 |
|
Allocation Of Resources |
X |
X |
X |
X |
X |
X |
X |
X |
X |
d62ad635-b482-4e38-ad71-cc2afe7dca06 |
| 585 |
|
Acquisition Process |
X |
X |
X |
X |
X |
X |
X |
X |
X |
8cb872a1-cea1-4af0-ba79-17adc1a2d05c |
| 586 |
|
Acquisition Process | Functional Properties Of Security Controls |
|
X |
X |
|
X |
X |
|
X |
X |
b0d8cf51-54e9-489b-8219-b5f31e399ed2 |
| 595 |
|
Acquisition Process | Use Of Approved Piv Products |
X |
X |
X |
X |
X |
X |
|
|
|
8c619467-2027-4d96-a7b7-3e167451c201 |
| 607 |
|
External Information System Services | Identification Of Functions / Ports / Protocols / Services |
X |
X |
X |
X |
X |
X |
X |
X |
X |
b7bbb3ba-6b0c-4e3d-b28b-0d7ca96bd3f0 |
| 588 |
|
Acquisition Process | Development Methods / Techniques / Practices |
|
|
|
|
|
X |
|
|
|
083099f2-f116-42f0-bd15-a89688573538 |
| 589 |
|
Acquisition Process | Assignment Of Components To Systems |
|
|
|
|
|
|
|
|
|
00e03cce-33d8-43f1-bc7e-1e208fd6d657 |
| 590 |
|
Acquisition Process | System / Component / Service Configurations |
|
|
|
|
|
X |
|
|
|
75ff54cc-be5e-44bb-82cc-75db002caa51 |
| 591 |
|
Acquisition Process | Use Of Information Assurance Products |
|
|
|
|
|
|
|
|
|
0af87d92-cab0-49d5-928f-751c9d54e3a2 |
| 593 |
|
Acquisition Process | Continuous Monitoring Plan |
|
|
|
|
|
|
|
|
|
e1917469-155c-444b-9aa6-cd550f72b846 |
| 594 |
|
Acquisition Process | Functions / Ports / Protocols / Services In Use |
X |
X |
X |
X |
X |
X |
X |
X |
X |
874191db-6bdb-4bf5-8801-8b7ef10f4d2e |
| 597 |
|
Information System Documentation | Functional Properties Of Security Controls |
|
|
|
|
|
|
|
|
|
f2cfcb88-eeab-4702-a4cb-6154757bea51 |
| 598 |
|
Information System Documentation | Security-Relevant External System Interfaces |
|
|
|
|
|
|
|
|
|
c6fdf339-62fd-44cf-b492-9c0523fd4c25 |
| 599 |
|
Information System Documentation | High-Level Design |
|
|
|
|
|
|
|
|
|
c988b6e8-4580-4cf5-b3ae-82c4a7d58286 |
| 600 |
|
Information System Documentation | Low-Level Design |
|
|
|
|
|
|
|
|
|
fccaf7c1-9638-488e-820b-65788948b26d |
| 601 |
|
Information System Documentation | Source Code |
|
|
|
|
|
|
|
|
|
d617dcb4-c27a-4bb1-9d40-88dbd028ed67 |
| 602 |
|
Software Usage Restrictions |
|
|
|
|
|
|
|
|
|
66d5cdf2-f1b5-4cd3-adb2-492648ad00eb |
| 603 |
|
User-Installed Software |
|
|
|
|
|
|
|
|
|
60305183-247a-4476-b858-19c99b4c01a3 |
| 604 |
|
Security Engineering Principles |
X |
X |
X |
X |
X |
X |
X |
X |
X |
b841ddda-0b92-4b6b-9c2e-28ae0cbfa806 |
| 605 |
|
External Information System Services |
X |
X |
X |
X |
X |
X |
X |
X |
X |
0f2eb430-12a3-4aad-80d5-2d30c1d3bda6 |
| 606 |
|
External Information System Services | Risk Assessments / Organizational Approvals |
|
|
|
X |
X |
X |
|
|
|
28de250f-ea7c-4cc1-aa3f-da601bbf0dd7 |
| 609 |
|
External Information System Services | Consistent Interests Of Consumers And Providers |
|
|
|
|
|
|
|
|
|
cfe71869-46ee-4560-8894-4839dd8f1da4 |
| 610 |
|
External Information System Services | Processing, Storage, And Service Location |
|
|
|
|
|
|
|
|
|
a86d4623-2264-4c1e-b631-555eefebfb3b |
| 611 |
|
Developer Configuration Management |
|
|
|
X |
X |
X |
|
|
|
3f036b6b-9e0a-4796-9274-66db53f792b4 |
| 612 |
|
Developer Configuration Management | Software / Firmware Integrity Verification |
|
|
|
X |
X |
X |
|
|
|
5dabaae3-5f40-486b-ac88-b89a59787b5d |
| 614 |
|
Developer Configuration Management | Hardware Integrity Verification |
|
|
|
|
|
|
|
|
|
55b006b8-f5cb-4169-b1a2-7f1d43e2874b |
| 615 |
|
Developer Configuration Management | Trusted Generation |
|
|
|
|
|
|
|
|
|
d161055d-e780-46cc-ba0b-befce0c122ab |
| 616 |
|
Developer Configuration Management | Mapping Integrity For Version Control |
|
|
|
|
|
|
|
|
|
31289a06-0693-4207-b533-6d2909dc6833 |
| 617 |
|
Developer Configuration Management | Trusted Distribution |
|
|
|
|
|
|
|
|
|
47e549fa-7db8-41c9-9d61-fd15c65fb8b5 |
| 618 |
|
Developer Security Testing And Evaluation |
|
X |
X |
|
X |
X |
|
X |
X |
9a0ab2b4-8b89-4b72-a79f-ce537482f41a |
| 620 |
|
Developer Security Testing And Evaluation | Threat And Vulnerability Analyses |
|
|
|
|
|
|
|
|
|
9d91f296-a8e1-49c9-911a-bbdeb27090e9 |
| 624 |
|
Developer Security Testing And Evaluation | Attack Surface Reviews |
|
|
|
|
|
|
|
|
|
f20f992b-dd75-4d3d-b24f-1ef05eca01a2 |
| 625 |
|
Developer Security Testing And Evaluation | Verify Scope Of Testing / Evaluation |
|
|
|
|
|
|
|
|
|
aaf3f4e7-7e4d-4b30-bfab-3441bb5061ae |
| 626 |
|
Developer Security Testing And Evaluation | Dynamic Code Analysis |
|
|
|
|
|
|
|
|
|
3d93e085-fbd8-4b87-96c5-cf5c39a7c8a2 |
| 629 |
|
Supply Chain Protection | Supplier Reviews |
|
|
|
|
|
|
|
|
|
3847623a-20c9-43ce-9482-c6b8307a42ba |
| 630 |
|
Supply Chain Protection | Trusted Shipping And Warehousing |
|
|
|
|
|
|
|
|
|
8cc4d1a5-5744-4441-a776-30fa32f5cbde |
| 631 |
|
Supply Chain Protection | Diversity Of Suppliers |
|
|
|
|
|
|
|
|
|
fb73a807-54cc-48da-95d1-6348b7d3f4c1 |
| 632 |
|
Supply Chain Protection | Limitation Of Harm |
|
|
X |
|
|
X |
|
|
X |
471687dd-3e10-4e90-9757-f29666b44aa4 |
| 633 |
|
Supply Chain Protection | Minimizing Procurement Time |
|
|
|
|
|
|
|
|
|
d7345444-c62e-446a-8c62-822f611f3f48 |
| 634 |
|
Supply Chain Protection | Assessments Prior To Selection / Acceptance / Update |
|
|
|
|
|
|
|
|
|
96b3a321-1db7-4f13-a6bc-4a35e442e463 |
| 635 |
|
Supply Chain Protection | Use Of All-Source Intelligence |
|
|
X |
|
|
X |
|
|
X |
76dcd44a-9980-44a7-87a3-1c88af67798f |
| 642 |
|
Supply Chain Protection | Processes To Address Weaknesses Or Deficiencies |
|
|
|
|
|
|
|
|
|
cffcbf4a-5bcd-4702-8a3e-be5830d4791e |
| 637 |
|
Supply Chain Protection | Validate As Genuine And Not Altered |
|
|
|
|
|
|
|
|
|
2e07f95d-4001-4e7b-8739-33008b35b190 |
| 639 |
|
Supply Chain Protection | Inter-Organizational Agreements |
|
|
|
|
|
|
|
|
|
dac9bac6-470b-41cf-933e-8684177cb961 |
| 640 |
|
Supply Chain Protection | Critical Information System Components |
|
|
|
|
|
|
|
|
|
45db6a76-fa63-4b6a-89a7-bf1e4ce80417 |
| 641 |
|
Supply Chain Protection | Identity And Traceability |
|
|
|
|
|
|
|
|
|
fcdbc586-96dd-4199-8102-a44624e317f4 |
| 666 |
|
Developer Security Architecture And Design | Structure For Least Privilege |
|
|
|
|
|
|
|
|
|
fbd1c841-1aa7-479d-a602-23864ade65d1 |
| 645 |
|
Criticality Analysis | Critical Components With No Viable Alternative Sourcing |
|
|
|
|
|
|
|
|
|
a24bf175-74ba-488e-abc2-4a5d197b129e |
| 646 |
|
Development Process, Standards, And Tools |
X |
X |
X |
X |
X |
X |
X |
X |
X |
eb389c42-7281-4c0d-aa5b-5bf3d1a24c18 |
| 648 |
|
Development Process, Standards, And Tools | Security Tracking Tools |
|
|
|
|
|
|
|
|
|
b2ee1b64-3f59-4848-bbb6-631787ddbfa2 |
| 649 |
|
Development Process, Standards, And Tools | Criticality Analysis |
|
|
X |
|
|
X |
|
|
X |
538c223f-ca4c-45d9-9e15-bde14d12dc87 |
| 652 |
|
Development Process, Standards, And Tools | Continuous Improvement |
|
|
|
|
|
|
|
|
|
407a30bd-8cc6-40ba-b7aa-ae92900bc283 |
| 653 |
|
Development Process, Standards, And Tools | Automated Vulnerability Analysis |
|
|
|
|
|
X |
|
|
|
169caa7a-c199-4a18-a5d8-501f782bc0c1 |
| 654 |
|
Development Process, Standards, And Tools | Reuse Of Threat / Vulnerability Information |
|
|
|
|
|
|
|
|
|
f6c8628e-1a92-4cbd-9808-ba5dca66ff93 |
| 655 |
|
Development Process, Standards, And Tools | Use Of Live Data |
X |
X |
X |
|
|
|
|
|
|
14336273-7711-49dc-b06b-f0c783660bbd |
| 656 |
|
Development Process, Standards, And Tools | Incident Response Plan |
|
|
|
|
|
|
|
|
|
287bac7e-50b5-4e0e-ac80-f536850df89e |
| 657 |
|
Development Process, Standards, And Tools | Archive Information System / Component |
|
|
|
|
|
|
|
|
|
416a87c6-decb-452a-ade7-543e3282000d |
| 658 |
|
Developer-Provided Training |
|
|
X |
|
|
X |
|
|
X |
6362e492-ac35-41b3-8459-cb6c8f035211 |
| 889 |
|
Information Input Validation | Manual Override Capability |
|
|
|
|
|
|
|
|
|
043d0f57-767c-4a74-b88e-fe2041a2871e |
| 660 |
|
Developer Security Architecture And Design | Formal Policy Model |
|
|
|
|
|
|
|
|
|
33b1b5a2-89d0-42dd-8536-e57b3a31d350 |
| 661 |
|
Developer Security Architecture And Design | Security-Relevant Components |
|
|
|
|
|
|
|
|
|
bc79518f-30af-40ed-9a35-0940d4a56fbf |
| 663 |
|
Developer Security Architecture And Design | Informal Correspondence |
|
|
|
|
|
|
|
|
|
b8267feb-5186-459e-9079-7b9848a3ccda |
| 664 |
|
Developer Security Architecture And Design | Conceptually Simple Design |
|
|
|
|
|
|
|
|
|
d775b303-8523-4ffd-94ca-7cfa6184ad48 |
| 665 |
|
Developer Security Architecture And Design | Structure For Testing |
|
|
|
|
|
|
|
|
|
d514a5aa-9352-441c-8555-5623a086d6e5 |
| 668 |
|
Tamper Resistance And Detection | Multiple Phases Of Sdlc |
|
|
|
|
|
|
|
|
|
6fe885c3-8d9f-4a5f-aba2-d007a15cfe50 |
| 670 |
|
Component Authenticity |
|
|
|
X |
X |
X |
|
|
|
138bb5c3-5f78-4933-97b1-fac1fac6ea45 |
| 671 |
|
Component Authenticity | Anti-Counterfeit Training |
|
|
|
|
|
|
|
|
|
87fb61ea-77f8-47b0-9297-7599690c6337 |
| 672 |
|
Component Authenticity | Configuration Control For Component Service / Repair |
|
|
|
|
|
|
|
|
|
71679d79-c624-4a66-b677-214fc539b890 |
| 673 |
|
Component Authenticity | Component Disposal |
|
|
|
|
|
|
|
|
|
cd8313b5-5c58-48e9-af7e-475dda7edf16 |
| 674 |
|
Component Authenticity | Anti-Counterfeit Scanning |
|
|
|
|
|
|
|
|
|
adb22d7f-c026-4929-a541-117002eb4700 |
| 675 |
|
Customized Development Of Critical Components |
|
|
|
|
|
|
|
|
|
592968e3-0fce-4b69-ba4d-4b49de46623e |
| 676 |
|
Developer Screening |
|
|
|
|
|
|
|
|
|
ae6ae68e-a6e9-422c-84d9-bce3184b6dd8 |
| 794 |
|
Non-Modifiable Executable Programs | Hardware-Based Protection |
|
|
|
|
|
|
|
|
|
8b60b11e-62fd-4aa6-8752-9bfdc93eac51 |
| 679 |
|
Unsupported System Components | Alternative Sources For Continued Support |
|
|
|
|
|
|
|
|
|
5299c15c-b5b7-42f2-872f-b1877ce04ceb |
| 681 |
|
Application Partitioning |
|
X |
X |
|
X |
X |
|
|
|
304a63f0-b3ff-4aa9-b861-e4b6bb12601e |
| 682 |
|
Application Partitioning | Interfaces For Non-Privileged Users |
|
|
|
|
|
|
|
|
|
1dd9cce2-67cb-4991-85f4-3f95acf30851 |
| 692 |
|
Denial Of Service Protection |
|
|
|
|
|
|
X |
X |
X |
f86a2877-4b77-4463-bf21-e277854157db |
| 803 |
|
Process Isolation | Thread Isolation |
|
|
|
|
|
|
|
|
|
e18b0b97-1d66-48d4-a094-3db85ae10786 |
| 684 |
|
Security Function Isolation | Hardware Separation |
|
|
|
|
|
|
|
|
|
c7353dd3-eee6-4a19-85d2-6b2a7a91ed3d |
| 685 |
|
Security Function Isolation | Access / Flow Control Functions |
|
|
|
|
|
|
|
|
|
6eef448d-4da0-498b-b414-87a15ada90e9 |
| 686 |
|
Security Function Isolation | Minimize Nonsecurity Functionality |
|
|
|
|
|
|
|
|
|
c7b7362f-40ce-4420-b11d-bd48d19c134e |
| 687 |
|
Security Function Isolation | Module Coupling And Cohesiveness |
|
|
|
|
|
|
|
|
|
ebd73d53-c1dc-415c-aa24-2a17ed1ce488 |
| 688 |
|
Security Function Isolation | Layered Structures |
|
|
|
|
|
|
|
|
|
c0597a1d-2dd9-4084-9baa-aef0371dc280 |
| 689 |
|
Information In Shared Resources |
|
X |
X |
|
|
|
|
|
|
225cb296-74e8-45ea-807a-fc45e09a3af4 |
| 690 |
|
Information In Shared Resources | Security Levels |
|
|
|
|
|
|
|
|
|
0743d9ba-d77e-4c2f-a6c8-ac6bf0880f36 |
| 691 |
|
Information In Shared Resources | Periods Processing |
|
|
|
|
|
|
|
|
|
58243414-3d2b-4d7e-8203-b6313488dcc5 |
| 694 |
|
Denial Of Service Protection | Excess Capacity / Bandwidth / Redundancy |
|
|
|
|
|
|
|
X |
X |
9264e98b-af34-4f45-95b2-74a200ee8bc1 |
| 696 |
|
Resource Availability |
|
|
|
|
|
|
|
|
|
5cb93a46-4023-423d-8485-2f74886c33f6 |
| 698 |
|
Boundary Protection | Physically Separated Subnetworks |
|
|
|
|
|
|
|
|
|
28005c5d-7f8f-4dfb-b403-3430b5d3e60a |
| 699 |
|
Boundary Protection | Public Access |
|
|
|
|
|
|
|
|
|
4fd2d9b1-883b-46d7-9b09-cf2919809a08 |
| 700 |
|
Boundary Protection | Access Points |
X |
X |
X |
X |
X |
X |
|
|
|
994d0962-618b-499a-8edc-babb77a1194f |
| 701 |
|
Boundary Protection | External Telecommunications Services |
X |
X |
X |
X |
X |
X |
|
|
|
e5574289-562e-48f5-82e9-b576e7c2ab00 |
| 890 |
|
Information Input Validation | Review / Resolution Of Errors |
|
|
|
|
|
|
|
|
|
3b85e871-ee91-4676-9631-4c143566e674 |
| 705 |
|
Boundary Protection | Route Traffic To Authenticated Proxy Servers |
X |
X |
X |
X |
X |
X |
|
|
|
0ea97e75-f14f-480a-a522-1a7cebd6be4b |
| 707 |
|
Boundary Protection | Prevent Unauthorized Exfiltration |
X |
X |
X |
|
|
|
|
|
|
a7dfdd5e-8e48-44bc-a688-cf6f27795b43 |
| 708 |
|
Boundary Protection | Restrict Incoming Communications Traffic |
|
|
|
X |
X |
X |
|
|
|
e13bbd95-4982-4607-8874-dd77d96c9aad |
| 709 |
|
Boundary Protection | Host-Based Protection |
X |
X |
X |
X |
X |
X |
X |
X |
X |
1140e20c-c00c-49af-84d0-e025888b99ed |
| 710 |
|
Boundary Protection | Isolation Of Security Tools / Mechanisms / Support Components |
X |
X |
X |
X |
X |
X |
|
|
|
36693624-ba65-46d9-a202-f113d540b5df |
| 712 |
|
Boundary Protection | Route Privileged Network Accesses |
|
|
|
|
|
|
|
|
|
2eaa0947-0bb6-4c65-8a0e-fcd51743dc18 |
| 713 |
|
Boundary Protection | Prevent Discovery Of Components / Devices |
|
|
|
|
|
|
|
|
|
c709967e-7839-41ca-b64f-0ee17fa0077e |
| 714 |
|
Boundary Protection | Automated Enforcement Of Protocol Formats |
|
|
|
|
|
|
|
|
|
bc05b07b-3486-4ddf-92f5-ba97c57850eb |
| 715 |
|
Boundary Protection | Fail Secure |
|
|
X |
|
|
X |
|
|
X |
c47c73c0-8a3c-4c55-ba7a-2cd2d783be4e |
| 716 |
|
Boundary Protection | Blocks Communication From Non-Organizationally Configured Hosts |
|
|
|
|
|
|
|
|
|
bf6ac34e-37eb-4b9c-8ca3-44e30f1b8526 |
| 717 |
|
Boundary Protection | Dynamic Isolation / Segregation |
|
|
|
|
|
|
|
|
|
c8c9d67f-6e03-4501-96c5-fafa6318c8a5 |
| 719 |
|
Boundary Protection | Separate Subnets For Connecting To Different Security Domains |
|
|
|
|
|
|
|
|
|
85eb9ce7-d3d0-4bed-b316-0ddb01f69290 |
| 720 |
|
Boundary Protection | Disable Sender Feedback On Protocol Validation Failure |
|
|
|
|
|
|
|
|
|
e77640ad-1688-4adf-8e42-314544745f8e |
| 722 |
|
Transmission Confidentiality And Integrity | Cryptographic Or Alternate Physical Protection |
X |
X |
X |
X |
X |
X |
|
|
|
a62c4822-b375-4c1c-80c9-6fb115b7a182 |
| 723 |
|
Transmission Confidentiality And Integrity | Pre / Post Transmission Handling |
|
X |
X |
|
X |
X |
|
|
|
dd9b791b-4099-4266-ae10-9ba9931c17f1 |
| 724 |
|
Transmission Confidentiality And Integrity | Cryptographic Protection For Message Externals |
|
|
|
|
|
|
|
|
|
9758789e-99fd-46cd-99eb-49acf8f68620 |
| 726 |
|
Transmission Confidentiality |
|
|
|
|
|
|
|
|
|
bcc727f0-d049-4cdb-8676-99da2e6d3e74 |
| 727 |
|
Network Disconnect |
|
X |
X |
|
X |
X |
|
|
|
05b0d88b-1b18-4def-ae05-051aa3e36598 |
| 742 |
|
Collaborative Computing Devices |
X |
X |
X |
|
|
|
|
|
|
2e2554f0-d823-43d6-a007-0765368a62d0 |
| 729 |
|
Trusted Path | Logical Isolation |
|
|
|
|
|
|
|
|
|
5ab6cdb5-36ac-4061-abf4-eecc77bde888 |
| 731 |
|
Cryptographic Key Establishment And Management | Availability |
|
|
|
|
|
|
|
|
X |
542d4fdc-7d6c-4ba5-bcc0-d819ef3d6f04 |
| 732 |
|
Cryptographic Key Establishment And Management | Symmetric Keys |
|
|
|
|
|
|
|
|
|
0260923f-addf-4977-8fba-68cda1f3a4c9 |
| 733 |
|
Cryptographic Key Establishment And Management | Asymmetric Keys |
|
|
|
|
|
|
|
|
|
fa0c50a1-7c35-4e76-8691-f819e96a037b |
| 734 |
|
Cryptographic Key Establishment And Management | Pki Certificates |
|
|
|
|
|
|
|
|
|
fda47f39-6ece-4e3f-b04a-fe3a28ee9da7 |
| 735 |
|
Cryptographic Key Establishment And Management | Pki Certificates / Hardware Tokens |
|
|
|
|
|
|
|
|
|
88addab4-2cd7-406b-8340-dcd187c62e17 |
| 736 |
|
Cryptographic Protection |
X |
X |
X |
X |
X |
X |
|
|
|
0db3162d-d209-45e3-b3de-3d860e83378a |
| 737 |
|
Cryptographic Protection | Fips-Validated Cryptography |
|
|
|
|
|
|
|
|
|
3eda1ec9-681d-42e2-8182-3cb54ef77262 |
| 738 |
|
Cryptographic Protection | Nsa-Approved Cryptography |
|
|
|
|
|
|
|
|
|
61b2a8b5-2b6b-4ba0-8508-46ee80e5513c |
| 739 |
|
Cryptographic Protection | Individuals Without Formal Access Approvals |
|
|
|
|
|
|
|
|
|
341ee230-6677-4247-87e9-81b63625e33f |
| 740 |
|
Cryptographic Protection | Digital Signatures |
|
|
|
|
|
|
|
|
|
3526b8ee-506f-4945-ae02-4c447234cf58 |
| 741 |
|
Public Access Protections |
|
|
|
|
|
|
|
|
|
b1e70fde-3d7a-4a80-b50e-6e5c7415e007 |
| 743 |
|
Collaborative Computing Devices | Physical Disconnect |
|
|
|
|
|
|
|
|
|
e94a525b-2a41-476a-8193-536eb24ea8ab |
| 746 |
|
Collaborative Computing Devices | Explicitly Indicate Current Participants |
|
|
|
|
|
|
|
|
|
96aae5d8-2a16-429b-a251-eace2ffcf2c8 |
| 747 |
|
Transmission Of Security Attributes |
|
|
|
|
|
|
|
|
|
d470382b-8baa-456c-aecd-2f663604ba0a |
| 748 |
|
Transmission Of Security Attributes | Integrity Validation |
|
|
|
|
|
|
|
|
|
efe006aa-ac30-4254-a068-eba3d3ed2003 |
| 749 |
|
Public Key Infrastructure Certificates |
X |
X |
X |
X |
X |
X |
|
|
|
4cb8866e-18bf-4660-874c-b486bfad02d5 |
| 751 |
|
Mobile Code | Identify Unacceptable Code / Take Corrective Actions |
|
|
|
X |
X |
X |
|
|
|
fcc62c46-8895-43c9-a229-1fe39c2d79f8 |
| 752 |
|
Mobile Code | Acquisition / Development / Use |
|
|
|
X |
X |
X |
|
|
|
4f82dcf9-f538-4e10-9aa1-e13f0c16bd28 |
| 753 |
|
Mobile Code | Prevent Downloading / Execution |
|
|
|
X |
X |
X |
|
|
|
aeb59e67-8b54-45fd-ac02-178ab90b4588 |
| 754 |
|
Mobile Code | Prevent Automatic Execution |
|
|
|
X |
X |
X |
|
|
|
f0af9208-5ec4-44f2-b435-5636f35e1b91 |
| 755 |
|
Mobile Code | Allow Execution Only In Confined Environments |
|
|
|
|
|
|
|
|
|
1e07551f-8271-4da1-96b0-4296f93cea61 |
| 756 |
|
Voice Over Internet Protocol |
X |
X |
X |
X |
X |
X |
X |
X |
X |
42b24677-4973-4031-aef7-2f1a43663796 |
| 758 |
|
Secure Name / Address Resolution Service (Authoritative Source) | Child Subspaces |
|
|
|
|
|
|
|
|
|
003987c6-90a5-43a8-ae28-c39b51c3d47f |
| 759 |
|
Secure Name / Address Resolution Service (Authoritative Source) | Data Origin / Integrity |
|
|
|
|
|
|
|
|
|
955c53d5-ffbd-4366-a7de-88bdc92814cb |
| 760 |
|
Secure Name / Address Resolution Service (Recursive Or Caching Resolver) |
|
|
|
X |
X |
X |
|
|
|
ddf97df2-8cb0-4298-b3dc-4d0556d0d8af |
| 761 |
|
Secure Name / Address Resolution Service (Recursive Or Caching Resolver) | Data Origin / Integrity |
|
|
|
|
|
|
|
|
|
6420b25e-963d-4fcd-9325-61b6ce372574 |
| 762 |
|
Architecture And Provisioning For Name / Address Resolution Service |
X |
X |
X |
X |
X |
X |
X |
X |
X |
1d2c5813-aa24-4709-81ba-1ddb86f7865a |
| 763 |
|
Session Authenticity |
|
|
|
X |
X |
X |
|
|
|
5520ef98-2ff9-4838-96db-124c96396f29 |
| 764 |
|
Session Authenticity | Invalidate Session Identifiers At Logout |
|
|
|
X |
X |
X |
|
|
|
79245069-1cda-4a1b-93d7-20a002f8d29d |
| 765 |
|
Session Authenticity | User-Initiated Logouts / Message Displays |
|
|
|
|
|
|
|
|
|
6ff9e90e-733e-43f5-8953-f8ea6480b6f7 |
| 766 |
|
Session Authenticity | Unique Session Identifiers With Randomization |
|
|
|
X |
X |
X |
|
|
|
70491300-cea2-463d-8258-12beebdba6ec |
| 769 |
|
Fail In Known State |
|
|
X |
|
|
X |
|
|
|
1d249b10-644c-4d36-9fbf-855726d40994 |
| 770 |
|
Thin Nodes |
|
|
|
|
|
|
|
|
|
914d3335-1ff7-4e13-bab6-62078798d927 |
| 771 |
|
Honeypots |
|
|
|
|
|
|
|
|
|
41a75a93-b644-47c9-80f2-c10d7df8c431 |
| 772 |
|
Honeypots | Detection Of Malicious Code |
|
|
|
|
|
|
|
|
|
a902dd6e-5048-4571-b473-0bc4cac32245 |
| 773 |
|
Platform-Independent Applications |
|
|
|
|
|
|
|
|
|
0338e327-f12e-4c44-8a7a-c2a188b742d9 |
| 775 |
|
Protection Of Information At Rest | Cryptographic Protection |
X |
X |
X |
X |
X |
X |
|
|
|
78a622dc-77e1-4610-8de4-a289af20a258 |
| 776 |
|
Protection Of Information At Rest | Off-Line Storage |
|
|
|
|
|
|
|
|
|
fbf00f7e-a023-483f-b1ad-810816fa4681 |
| 778 |
|
Heterogeneity | Virtualization Techniques |
|
|
|
|
|
|
|
|
|
c8d1f84b-4cb9-4b09-a332-74db71216db8 |
| 780 |
|
Concealment And Misdirection | Virtualization Techniques |
|
|
|
|
|
|
|
|
|
7111aefe-3e9e-41bc-afb9-f3373230c203 |
| 781 |
|
Concealment And Misdirection | Randomness |
|
|
|
|
|
|
|
|
|
438917d2-8072-4ecd-b2a1-253274cbd658 |
| 783 |
|
Concealment And Misdirection | Misleading Information |
|
|
|
|
|
|
|
|
|
37d9adde-820f-435d-8ed6-e89456cb932a |
| 844 |
|
Information System Monitoring | Testing Of Monitoring Tools |
|
|
|
|
|
|
|
|
|
014192e5-7dfc-4c1a-b981-507d2e27e851 |
| 785 |
|
Covert Channel Analysis |
|
|
|
|
|
|
|
|
|
324d58c4-29ea-48a4-b20a-08abce4fa172 |
| 786 |
|
Covert Channel Analysis | Test Covert Channels For Exploitability |
|
|
|
|
|
|
|
|
|
add70a27-4ff3-4111-9c70-ecfc088d43c2 |
| 787 |
|
Covert Channel Analysis | Maximum Bandwidth |
|
|
|
|
|
|
|
|
|
0d392ce5-6459-43b3-9aa4-2311233bc590 |
| 788 |
|
Covert Channel Analysis | Measure Bandwidth In Operational Environments |
|
|
|
|
|
|
|
|
|
07750941-2fd5-4c0c-8556-122cd74009a3 |
| 790 |
|
Transmission Preparation Integrity |
|
|
|
|
|
|
|
|
|
a050e83e-7231-452c-9238-3d0a1161f259 |
| 791 |
|
Non-Modifiable Executable Programs |
|
|
|
|
|
|
|
|
|
29195652-2262-44ab-bf21-f0ee2aec0da3 |
| 792 |
|
Non-Modifiable Executable Programs | No Writable Storage |
|
|
|
|
|
|
|
|
|
2188f2f9-3e89-4f48-9d70-a787c0f234ff |
| 793 |
|
Non-Modifiable Executable Programs | Integrity Protection / Read-Only Media |
|
|
|
|
|
|
|
|
|
b88c4b71-7ea4-4cdf-8fff-7b92c0eb458a |
| 796 |
|
Distributed Processing And Storage |
|
|
|
|
|
|
|
|
|
c815a34b-1376-441b-a6d0-9406df10f707 |
| 798 |
|
Out-Of-Band Channels |
|
|
|
|
|
|
|
|
|
9743f4b7-83c7-4158-8d86-68c40e3f3a4f |
| 799 |
|
Out-Of-Band Channels | Ensure Delivery / Transmission |
|
|
|
|
|
|
|
|
|
fc424481-1b8d-4157-bc89-1d973c028d75 |
| 801 |
|
Process Isolation |
X |
X |
X |
X |
X |
X |
|
|
|
435b0e20-ed8b-4514-bb64-fdff5c921666 |
| 802 |
|
Process Isolation | Hardware Separation |
|
|
|
|
|
|
|
|
|
303f0a88-1824-40ba-9014-ba1bee50dec8 |
| 805 |
|
Wireless Link Protection | Electromagnetic Interference |
|
|
|
|
|
|
|
|
|
eb529df6-aaf4-4ab2-b5ef-e94953b64985 |
| 806 |
|
Wireless Link Protection | Reduce Detection Potential |
|
|
|
|
|
|
|
|
|
865b27ce-a5e6-4449-97db-a63421659d61 |
| 807 |
|
Wireless Link Protection | Imitative Or Manipulative Communications Deception |
|
|
|
|
|
|
|
|
|
accacdc5-54b4-49bc-a81d-ff99819ab29b |
| 808 |
|
Wireless Link Protection | Signal Parameter Identification |
|
|
|
|
|
|
|
|
|
3eafe72f-6bec-4491-b55f-bd9d0e363b5c |
| 809 |
|
Port And I/O Device Access |
|
|
|
|
|
|
|
|
|
3865f6d3-2f1e-4618-b98c-6a674494cd34 |
| 810 |
|
Sensor Capability And Data |
|
|
|
|
|
|
|
|
|
99b63165-1001-4d35-8719-a269761e31ac |
| 811 |
|
Sensor Capability And Data | Reporting To Authorized Individuals Or Roles |
|
|
|
|
|
|
|
|
|
02b983aa-4ca2-4d0e-8e53-4873051cbb56 |
| 856 |
|
Information System Monitoring | Probationary Periods |
|
|
|
|
|
|
|
|
|
01f9aca2-d9ca-4b1d-a3eb-10d2fcec0078 |
| 813 |
|
Sensor Capability And Data | Prohibit Use Of Devices |
|
|
|
|
|
|
|
|
|
953d63ea-e0de-4baf-9123-b7f0045e6d4a |
| 814 |
|
Usage Restrictions |
|
|
|
|
|
|
|
|
|
eb79aef4-94a8-4ddc-974a-35d26c0b14e5 |
| 816 |
|
System And Information Integrity Policy And Procedures |
X |
X |
X |
X |
X |
X |
X |
X |
X |
8d07714c-01c5-486c-8cfd-4dfd472c5a43 |
| 817 |
|
Flaw Remediation |
|
|
|
X |
X |
X |
|
|
|
338b4825-155c-4fae-a532-bc55fcdc528b |
| 818 |
|
Flaw Remediation | Central Management |
|
|
|
X |
X |
X |
|
|
|
d658def5-5e04-46bf-a4a6-e14ba38f886f |
| 819 |
|
Flaw Remediation | Automated Flaw Remediation Status |
|
|
|
X |
X |
X |
|
|
|
ef89dcb9-92a3-4fd0-9722-e30c8658b428 |
| 820 |
|
Flaw Remediation | Time To Remediate Flaws / Benchmarks For Corrective Actions |
|
|
|
X |
X |
X |
|
|
|
b38763bd-060c-4d78-ab3d-f1aeb4a90b21 |
| 821 |
|
Flaw Remediation | Automated Patch Management Tools |
|
|
|
|
|
|
|
|
|
0105b4a5-c85b-4c9a-991b-d5ba2ac25673 |
| 823 |
|
Flaw Remediation | Removal Of Previous Versions Of Software / Firmware |
|
|
|
X |
X |
X |
|
|
|
b629b196-45c2-4a59-af08-b46bbee6fde8 |
| 825 |
|
Malicious Code Protection | Central Management |
|
|
|
X |
X |
X |
|
|
|
95f34b7d-dc7a-4191-9700-818b98581adc |
| 826 |
|
Malicious Code Protection | Automatic Updates |
|
|
|
X |
X |
X |
|
|
|
845555b0-92f5-424b-8976-408f14a67ef8 |
| 827 |
|
Malicious Code Protection | Non-Privileged Users |
|
|
|
|
|
|
|
|
|
baab7175-9c30-4b80-97e0-9f0ffcc7bf89 |
| 828 |
|
Malicious Code Protection | Updates Only By Privileged Users |
|
|
|
|
|
|
|
|
|
73b2c9e9-b1dd-4ba9-aa3b-d1a7efaa9578 |
| 829 |
|
Malicious Code Protection | Portable Storage Devices |
|
|
|
|
|
|
|
|
|
3463aa18-85b1-47c4-9d0d-ea27a97b8f80 |
| 830 |
|
Malicious Code Protection | Testing / Verification |
|
|
|
|
|
|
|
|
|
3b4f594f-ce9a-4be9-9e19-547e64ef6e5d |
| 831 |
|
Malicious Code Protection | Nonsignature-Based Detection |
|
|
|
|
|
|
|
|
|
46b7045e-417f-4adf-8fb3-10c062a3958b |
| 857 |
|
Information System Monitoring | Unauthorized Network Services |
X |
X |
X |
X |
X |
X |
X |
X |
X |
31393c39-6cd2-48e0-afb4-78e1e008202b |
| 834 |
|
Malicious Code Protection | Malicious Code Analysis |
|
|
|
X |
X |
X |
|
|
|
c879d1a4-89a8-415b-8843-9246124d483a |
| 835 |
|
Information System Monitoring |
X |
X |
X |
X |
X |
X |
X |
X |
X |
54efdc0e-f33a-489f-94ee-0015bc9218a2 |
| 836 |
|
Information System Monitoring | System-Wide Intrusion Detection System |
X |
X |
X |
X |
X |
X |
X |
X |
X |
bf93fd0e-17fe-458c-996f-6f2123829e70 |
| 837 |
|
Information System Monitoring | Automated Tools For Real-Time Analysis |
|
X |
X |
|
X |
X |
|
X |
X |
ddd8178f-f447-4184-a576-1162b53b0fff |
| 838 |
|
Information System Monitoring | Automated Tool Integration |
|
|
|
|
|
|
|
|
|
94a224eb-4672-4bd1-b310-96b33958c7b9 |
| 839 |
|
Information System Monitoring | Inbound And Outbound Communications Traffic |
X |
X |
X |
X |
X |
X |
X |
X |
X |
4b2522fc-369c-4b07-8fee-a0ad9fe95fb9 |
| 840 |
|
Information System Monitoring | System-Generated Alerts |
X |
X |
X |
X |
X |
X |
X |
X |
X |
e2bf4d40-9e45-477f-951b-6de4c38a01d1 |
| 841 |
|
Information System Monitoring | Restrict Non-Privileged Users |
|
|
|
|
|
|
|
|
|
7a8509a3-4c8a-4d7a-80a6-852ef351574f |
| 842 |
|
Information System Monitoring | Automated Response To Suspicious Events |
|
|
|
|
|
|
|
|
|
4c639c1e-8392-4132-b2ed-dadabd4cd0eb |
| 843 |
|
Information System Monitoring | Protection Of Monitoring Information |
|
|
|
|
|
|
|
|
|
89cb9fba-899c-49e5-9268-dc9e619131f3 |
| 846 |
|
Information System Monitoring | Analyze Communications Traffic Anomalies |
X |
X |
X |
X |
X |
X |
X |
X |
X |
d1a04da8-8e5a-41e2-8a57-43bb8e870e8d |
| 847 |
|
Information System Monitoring | Automated Alerts |
X |
X |
X |
X |
X |
X |
X |
X |
X |
9e6c7045-530e-431b-93c6-d87d44ab8e18 |
| 848 |
|
Information System Monitoring | Analyze Traffic / Event Patterns |
|
|
|
|
|
|
|
|
|
49ff216b-4644-4cb7-8c1a-43dcb2c98ffb |
| 849 |
|
Information System Monitoring | Wireless Intrusion Detection |
X |
X |
X |
X |
X |
X |
X |
X |
X |
b242267d-94e6-42de-b64f-812af845690b |
| 850 |
|
Information System Monitoring | Wireless To Wireline Communications |
X |
X |
X |
X |
X |
X |
X |
X |
X |
1eefaba3-de8d-46a5-bcfe-2c49ed989429 |
| 851 |
|
Information System Monitoring | Correlate Monitoring Information |
X |
X |
X |
X |
X |
X |
X |
X |
X |
ee9c2875-2be0-49b8-9179-f88c54c21b59 |
| 853 |
|
Information System Monitoring | Analyze Traffic / Covert Exfiltration |
|
|
|
|
|
|
|
|
|
eecf8e43-569b-42c3-a781-c5810757355f |
| 854 |
|
Information System Monitoring | Individuals Posing Greater Risk |
X |
X |
X |
X |
X |
X |
X |
X |
X |
113a9496-75dc-4bee-9888-7d243df35025 |
| 855 |
|
Information System Monitoring | Privileged Users |
X |
X |
X |
X |
X |
X |
X |
X |
X |
73ae9ed2-c721-433f-af6a-abd923fa968e |
| 860 |
|
Security Alerts, Advisories, And Directives |
|
|
|
X |
X |
X |
|
|
|
e5427691-cc10-430c-9a4a-c0fb1d246ec4 |
| 861 |
|
Security Alerts, Advisories, And Directives | Automated Alerts And Advisories |
|
|
|
|
|
X |
|
|
|
96503050-b192-47d9-b6aa-baeef729f18a |
| 863 |
|
Security Function Verification | Notification Of Failed Security Tests |
|
|
|
|
|
|
|
|
|
2f026570-152b-4236-b919-33366b58d8a1 |
| 864 |
|
Security Function Verification | Automation Support For Distributed Testing |
|
|
|
|
|
|
|
|
|
c5b69f10-da3f-4682-8667-f92fa95b1e61 |
| 865 |
|
Security Function Verification | Report Verification Results |
|
|
|
|
|
X |
|
|
|
057b0e41-49ed-4784-95b8-7581c2901f98 |
| 866 |
|
Software, Firmware, And Information Integrity |
|
|
|
|
X |
X |
|
|
|
191e5dbb-cd14-410b-8a8d-411fde031708 |
| 868 |
|
Software, Firmware, And Information Integrity | Automated Notifications Of Integrity Violations |
|
|
|
|
|
X |
|
|
|
2bf11475-d2e6-4b94-aa77-a4a7a4900f4f |
| 869 |
|
Software, Firmware, And Information Integrity | Centrally-Managed Integrity Tools |
|
|
|
|
|
|
|
|
|
b194d7e8-5201-4dc2-adf8-d82c239a96cb |
| 870 |
|
Software, Firmware, And Information Integrity | Tamper-Evident Packaging |
|
|
|
|
|
|
|
|
|
991259a4-07a1-4da2-a032-ef8ff502a7af |
| 871 |
|
Software, Firmware, And Information Integrity | Automated Response To Integrity Violations |
|
|
|
|
|
X |
|
|
|
3511bc03-5be9-42b3-9aae-57dfb127cf9f |
| 872 |
|
Software, Firmware, And Information Integrity | Cryptographic Protection |
|
|
|
|
|
|
|
|
|
37dd91a4-d33c-4544-9a6d-39cd0bee1486 |
| 873 |
|
Software, Firmware, And Information Integrity | Integration Of Detection And Response |
|
|
|
|
X |
X |
|
|
|
a446e1c7-5778-449f-9d7e-cbf7785093a7 |
| 874 |
|
Software, Firmware, And Information Integrity | Auditing Capability For Significant Events |
|
|
|
|
X |
X |
|
|
|
b66ba2d4-adf0-4b67-bd26-1388fd1647d5 |
| 875 |
|
Software, Firmware, And Information Integrity | Verify Boot Process |
|
|
|
|
|
|
|
|
|
908ac9e4-c026-40ec-acaf-f4cb56212184 |
| 876 |
|
Software, Firmware, And Information Integrity | Protection Of Boot Firmware |
|
|
|
|
|
|
|
|
|
532f6fdd-d1d3-4a8b-b683-92776bdc49d5 |
| 877 |
|
Software, Firmware, And Information Integrity | Confined Environments With Limited Privileges |
|
|
|
|
|
|
|
|
|
717a5d4e-9e58-4715-a9de-7637e4cef947 |
| 879 |
|
Software, Firmware, And Information Integrity | Code Execution In Protected Environments |
|
|
|
|
|
|
|
|
|
853f789c-e1a8-440b-8b03-6134fecb6c20 |
| 881 |
|
Software, Firmware, And Information Integrity | Code Authentication |
|
|
|
|
|
|
|
|
|
a194856a-cde0-49be-8f89-2d4f87e7f959 |
| 882 |
|
Software, Firmware, And Information Integrity | Time Limit On Process Execution W/O Supervision |
|
|
|
|
|
|
|
|
|
e569bd20-90ec-472d-9e1e-27f494e15832 |
| 883 |
|
Spam Protection |
|
|
|
|
X |
X |
|
X |
X |
451bdddf-d157-425f-9392-bb70618924a9 |
| 884 |
|
Spam Protection | Central Management |
|
|
|
|
X |
X |
|
X |
X |
50094de7-6097-4c1d-90fe-bdb4ed794114 |
| 885 |
|
Spam Protection | Automatic Updates |
|
|
|
|
X |
X |
|
X |
X |
acadf68e-6d80-4613-afd5-1c389f7b336e |
| 886 |
|
Spam Protection | Continuous Learning Capability |
|
|
|
|
|
|
|
|
|
3baf6f08-89ad-41f6-ba68-eeb2109031c8 |
| 887 |
|
Information Input Restrictions |
|
|
|
|
|
|
|
|
|
ec1aee74-75b8-41d8-a1a1-69483abe5754 |
| 892 |
|
Information Input Validation | Review / Timing Interactions |
|
|
|
|
|
|
|
|
|
7223e869-1e5c-441e-a366-bbaa87997893 |
| 893 |
|
Information Input Validation | Restrict Inputs To Trusted Sources And Approved Formats |
|
|
|
|
|
|
|
|
|
b80e5968-4fad-486c-8a35-a70879176b8e |
| 894 |
|
Error Handling |
|
|
|
X |
X |
X |
|
|
|
84a05785-8ca1-48cd-bf10-65a864039b30 |
| 895 |
|
Information Handling And Retention |
X |
X |
X |
X |
X |
X |
|
|
|
75e536f0-eedd-465b-8479-a337610060e2 |
| 896 |
|
Predictable Failure Prevention |
|
|
|
|
|
|
|
|
|
8ace6cf0-0785-4a28-9495-e50088f5b911 |
| 897 |
|
Predictable Failure Prevention | Transferring Component Responsibilities |
|
|
|
|
|
|
|
|
|
ff7034c5-38ac-46e5-9864-9c4481acffa2 |
| 898 |
|
Predictable Failure Prevention | Time Limit On Process Execution Without Supervision |
|
|
|
|
|
|
|
|
|
eed32b3e-9940-4f06-9af2-23ee3ea20703 |
| 899 |
|
Predictable Failure Prevention | Manual Transfer Between Components |
|
|
|
|
|
|
|
|
|
5f92ccf1-477b-44a4-bd7b-e2b1f2436526 |
| 900 |
|
Predictable Failure Prevention | Standby Component Installation / Notification |
|
|
|
|
|
|
|
|
|
343d192c-ee5f-45f0-a77d-a169e4dca23a |
| 907 |
|
Information Security Program Plan |
|
|
|
|
|
|
|
|
|
0e4f4097-0409-4e3f-b8cb-146e69a342dd |
| 908 |
|
Senior Information Security Officer |
|
|
|
|
|
|
|
|
|
79c7d7dc-2753-4500-b841-1fbaf2321412 |
| 909 |
|
Information Security Resources |
|
|
|
|
|
|
|
|
|
7da9b263-2c50-4fde-82c8-a4973089c9ae |
| 903 |
|
Non-Persistence | Refresh From Trusted Sources |
|
|
|
|
|
|
|
|
|
aa687d9b-a388-433e-83e0-df8d3c7a35dc |
| 904 |
|
Information Output Filtering |
|
|
|
|
|
|
|
|
|
6a85172f-aa53-4a12-b95e-78b758fa383a |
| 905 |
|
Memory Protection |
|
|
|
|
X |
X |
|
|
|
eb20ba7a-7d65-439f-9f93-104e2605c9e8 |
| 906 |
|
Fail-Safe Procedures |
|
|
|
|
|
|
|
|
|
a7f6b5b3-95cf-4566-b4a8-a07bda7370b5 |
| 910 |
|
Plan Of Action And Milestones Process |
|
|
|
|
|
|
|
|
|
994cc3ed-296e-427e-8907-70722e2bdcff |
| 911 |
|
Information System Inventory |
|
|
|
|
|
|
|
|
|
b2a49460-2533-40dd-b652-afe8ea9955dc |
| 912 |
|
Information Security Measures Of Performance |
|
|
|
|
|
|
|
|
|
7a840c37-423c-46fd-936a-532ae7e17a1a |
| 913 |
|
Enterprise Architecture |
|
|
|
|
|
|
|
|
|
4fc390d5-92cf-44d7-8501-4b685f8ee773 |
| 914 |
|
Critical Infrastructure Plan |
|
|
|
|
|
|
|
|
|
d2f37d67-bb3e-419c-8984-8adafc4abcd3 |
| 915 |
|
Risk Management Strategy |
|
|
|
|
|
|
|
|
|
94bddaae-38e6-4399-9632-a314993178c3 |
| 10 |
|
Account Management | Dynamic Account Creation |
|
|
|
|
|
|
|
|
|
151469dc-3334-4d6a-b24f-617b78413e52 |
| 916 |
|
Security Authorization Process |
|
|
|
|
|
|
|
|
|
46f988ca-0796-437b-8b2d-2959ecb4107d |
| 917 |
|
Mission/Business Process Definition |
|
|
|
|
|
|
|
|
|
35b74918-f786-4b5f-bd56-e85b3f881a73 |
| 918 |
|
Insider Threat Program |
|
|
|
|
|
|
|
|
|
5ab4deac-7dd3-47dd-b317-7a362b5a762c |
| 919 |
|
Information Security Workforce |
|
|
|
|
|
|
|
|
|
ad4bf882-9f8f-41f9-96f4-13b7142861c3 |
| 15 |
|
Account Management | Disable Accounts For High-Risk Individuals |
X |
X |
X |
X |
X |
X |
|
|
|
f58f1250-8d17-4962-846d-8a0d19d97135 |
| 920 |
|
Testing, Training, And Monitoring |
|
|
|
|
|
|
|
|
|
976a9671-0854-42c4-95f9-c251553c20f4 |
| 921 |
|
Contacts With Security Groups And Associations |
|
|
|
|
|
|
|
|
|
e706654e-3b93-4f66-968e-a536ea867aff |
| 922 |
|
Threat Awareness Program |
|
|
|
|
|
|
|
|
|
0aed370b-ef7c-488b-a21f-069932550047 |
| 1 |
|
Access Control Policy And Procedures |
X |
X |
X |
X |
X |
X |
X |
X |
X |
90c72be9-4516-4241-86ae-c56eadda5108 |
| 8 |
|
Account Management | Dynamic Privilege Management |
|
|
|
|
|
|
|
|
|
95261390-9ff9-4926-a2f4-027280837b2e |
| 19 |
|
Access Enforcement | Mandatory Access Control |
|
|
|
|
|
|
|
|
|
f65c104c-fe2b-424f-9a96-9a0cf1178c8e |
| 20 |
|
Access Enforcement | Discretionary Access Control |
X |
X |
X |
X |
X |
X |
|
|
|
d291f76a-95f8-45dd-8205-546aa42077d8 |
| 25 |
|
Access Enforcement | Controlled Release |
|
|
|
|
|
|
|
|
|
9270afaf-addb-4c85-a359-e7c03c11ce5e |
| 27 |
|
Information Flow Enforcement |
|
X |
X |
|
X |
X |
|
|
|
a4d34135-4dc7-4259-a99a-e14e65ca67f0 |
| 29 |
|
Information Flow Enforcement | Processing Domains |
|
|
|
|
|
|
|
|
|
bd90aba9-2ae9-458e-b3ab-4cfa7695273b |
| 35 |
|
Information Flow Enforcement | Security Policy Filters |
|
|
|
|
|
|
|
|
|
f4ab9731-0437-422d-8293-4067fb88b509 |
| 46 |
|
Information Flow Enforcement | Validation Of Metadata |
|
|
|
|
|
|
|
|
|
fd7586e4-a481-4f7a-ba57-5e35681b34ff |
| 50 |
|
Separation Of Duties |
X |
X |
X |
X |
X |
X |
|
|
|
d7adb593-27fe-4b17-9cdf-4a473c48709e |
| 52 |
|
Least Privilege | Authorize Access To Security Functions |
X |
X |
X |
X |
X |
X |
|
|
|
63d843ae-bb03-4976-b46a-b3f99e9dbff8 |
| 56 |
|
Least Privilege | Privileged Accounts |
X |
X |
X |
X |
X |
X |
|
|
|
18a3a3c8-76d7-4b03-81d8-4cde8d79aa85 |
| 62 |
|
Unsuccessful Logon Attempts |
X |
X |
X |
X |
X |
X |
X |
X |
X |
ed28abeb-2fad-43dc-810d-3bab7ffbe329 |
| 65 |
|
System Use Notification |
X |
X |
X |
X |
X |
X |
|
|
|
f733aed2-bc1e-4bc6-9915-b2a2d926c20e |
| 74 |
|
Session Termination |
|
X |
X |
|
X |
X |
|
|
|
2a88f2b6-372a-446e-81e1-ba28dd3faef7 |
| 75 |
|
Session Termination | User-Initiated Logouts / Message Displays |
|
X |
X |
|
X |
X |
|
|
|
0800dd23-2a64-4f96-8d47-5f96d4de1b13 |
| 77 |
|
Permitted Actions Without Identification Or Authentication |
X |
X |
X |
X |
X |
X |
|
|
|
d1b8a462-ccc6-4e29-b16f-56e3c6deb85e |
| 87 |
|
Security Attributes | Consistent Attribute Interpretation |
|
|
|
|
|
|
|
|
|
2f1accb3-c1bc-480b-9edb-123c6001c070 |
| 88 |
|
Security Attributes | Association Techniques / Technologies |
|
|
|
|
|
|
|
|
|
0338118e-ce2e-4725-95ef-4433beddbd06 |
| 91 |
|
Remote Access |
X |
X |
X |
X |
X |
X |
|
|
|
1191bdb1-c258-4461-88e2-756a02058eb2 |
| 100 |
|
Remote Access | Disconnect / Disable Access |
X |
X |
X |
X |
X |
X |
|
|
|
ebc52b50-e4bc-46ea-8bd5-7fd3354fb5ef |
| 106 |
|
Wireless Access | Antennas / Transmission Power Levels |
|
|
X |
|
|
X |
|
|
|
bedf91d1-29ad-445b-9130-8c263e71fe97 |
| 114 |
|
Use Of External Information Systems | Limits On Authorized Use |
X |
X |
X |
X |
X |
X |
|
|
|
134642b9-b30d-4aa7-96dd-a04e9a63e934 |
| 116 |
|
Use Of External Information Systems | Non-Organizationally Owned Systems / Components / Devices |
X |
X |
X |
X |
X |
X |
|
|
|
61ad20cc-e04f-4531-90a8-a8c200646c2e |
| 122 |
|
Data Mining Protection |
|
X |
X |
|
|
|
|
|
|
c1801527-3574-4f61-9d7f-ea4226a44cd8 |
| 126 |
|
Reference Monitor |
|
|
|
|
|
|
|
|
|
976e4142-c43c-440f-946b-d2385de592ae |
| 127 |
|
Security Awareness And Training Policy And Procedures |
X |
X |
X |
X |
X |
X |
X |
X |
X |
12ec2f3c-14a2-4212-8a8d-e0c131c1b15f |
| 135 |
|
Role-Based Security Training | Suspicious Communications And Anomalous System Behavior |
X |
X |
X |
X |
X |
X |
X |
X |
X |
e9f3ca74-d7a4-4144-a146-e7982c8553b2 |
| 138 |
|
Audit And Accountability Policy And Procedures |
X |
X |
X |
X |
X |
X |
X |
X |
X |
6964a2ea-d510-4914-bd67-44cf00152c1b |
| 145 |
|
Content Of Audit Records | Additional Audit Information |
X |
X |
X |
X |
X |
X |
|
|
|
17da9844-7ff9-4b3a-9a2e-37d1f182f46c |
| 149 |
|
Response To Audit Processing Failures |
|
|
|
|
|
|
X |
X |
X |
41016c2c-84a0-43df-bf71-493ebc51584c |
| 154 |
|
Audit Review, Analysis, And Reporting |
X |
X |
X |
X |
X |
X |
|
|
|
f850ea93-6310-4576-87e2-8272d7fb5c89 |
| 159 |
|
Audit Review, Analysis, And Reporting | Integration / Scanning And Monitoring Capabilities |
|
|
X |
|
|
X |
|
|
|
08062d9e-2474-498f-b2e3-caa635763636 |
| 163 |
|
Audit Review, Analysis, And Reporting | Correlation With Information From Nontechnical Sources |
|
|
|
|
|
|
|
|
|
113e4474-de77-4740-8803-e36ea5a7917d |
| 165 |
|
Audit Reduction And Report Generation |
|
X |
X |
|
X |
X |
|
|
|
5df9858f-db62-48ef-aad0-14cad6fc2fad |
| 168 |
|
Time Stamps |
|
|
|
X |
X |
X |
|
|
|
63d6b57e-7457-4e83-a057-599c7bb738cb |
| 172 |
|
Protection Of Audit Information | Hardware Write-Once Media |
|
|
|
|
|
|
|
|
|
2eec08e8-76c2-437f-b40e-2c0c1081e845 |
| 178 |
|
Non-Repudiation |
|
|
|
|
X |
X |
|
|
|
651f1eaf-29b3-4f4c-8c9b-c71330b07dce |
| 182 |
|
Non-Repudiation | Validate Binding Of Information Reviewer Identity |
|
|
|
|
|
|
|
|
|
0edffd36-1f3a-4db2-9b0d-af8451e58fd1 |
| 184 |
|
Audit Record Retention |
|
|
|
|
|
|
X |
X |
X |
c1d49862-1c9a-4151-b512-b61a41f2298f |
| 198 |
|
Cross-Organizational Auditing |
|
|
|
|
|
|
|
|
|
f6fc31a7-0482-42f3-b600-e97feaf7b747 |
| 310 |
|
Telecommunications Services |
|
|
|
|
|
|
|
X |
X |
16cf7843-6914-47c7-8e37-820c00edf416 |
| 201 |
|
Security Assessment And Authorization Policy And Procedures |
X |
X |
X |
X |
X |
X |
X |
X |
X |
ecb350a3-3c74-4147-9c34-c04f91bc50c1 |
| 204 |
|
Security Assessments | Specialized Assessments |
|
|
X |
|
|
X |
|
|
X |
9b19a899-408d-49fd-a9c5-a896d9a33917 |
| 206 |
|
System Interconnections |
X |
X |
X |
X |
X |
X |
|
|
|
9a9ceaca-95bf-4e4f-862f-f5198823f83a |
| 211 |
|
System Interconnections | Restrictions On External System Connections |
X |
X |
X |
X |
X |
X |
|
|
|
4e4cd6e4-9e42-47d3-a4d3-c8ab05e2293b |
| 213 |
|
Plan Of Action And Milestones |
X |
X |
X |
X |
X |
X |
X |
X |
X |
5c658f4e-5451-4de9-9825-dc16d812fd7c |
| 313 |
|
Telecommunications Services | Separation Of Primary / Alternate Providers |
|
|
|
|
|
|
|
|
X |
cb92894f-5c8b-41fd-8cd2-f38ced57a0dc |
| 215 |
|
Security Authorization |
X |
X |
X |
X |
X |
X |
X |
X |
X |
0cd90997-74d3-4795-b652-e494639af43d |
| 219 |
|
Continuous Monitoring | Trend Analyses |
|
|
|
|
|
|
|
|
|
f3f7a67c-befb-48af-b4e7-ed11eeba9741 |
| 220 |
|
Penetration Testing |
|
|
|
|
|
X |
|
|
|
53965ecf-1f2f-4ee5-88ef-cdb5ec74356e |
| 225 |
|
Configuration Management Policy And Procedures |
X |
X |
X |
X |
X |
X |
|
|
|
4abb2230-a0df-4579-b6cc-84b6053e5059 |
| 319 |
|
Information System Backup | Separate Storage For Critical Information |
|
|
|
|
|
|
|
|
X |
723c46ae-edf3-457c-9637-68b96aec8d81 |
| 233 |
|
Baseline Configuration | Configure Systems, Components, Or Devices For High-Risk Areas |
|
|
|
|
X |
X |
|
|
|
df4d2f57-0e27-49ed-86eb-53145f8fe5bb |
| 236 |
|
Configuration Change Control | Test / Validate / Document Changes |
|
|
|
|
X |
X |
|
|
|
b25a7981-a6f4-4d4f-a63e-142ae0c79d2d |
| 241 |
|
Security Impact Analysis |
|
|
|
X |
X |
X |
|
|
|
71500ec1-e818-4649-a014-ed46cf10df03 |
| 244 |
|
Access Restrictions For Change |
|
|
|
X |
X |
X |
|
|
|
98550ed2-48e6-47f3-a4ac-84a38b3506c9 |
| 254 |
|
Configuration Settings | Respond To Unauthorized Changes |
|
|
|
|
|
X |
|
|
|
359abf4e-5e61-4208-a3b9-06698264f6d4 |
| 324 |
|
Information System Recovery And Reconstitution |
|
|
|
|
|
|
X |
X |
X |
468403ed-2ea9-4fac-afd7-faf113727b96 |
| 257 |
|
Least Functionality |
X |
X |
X |
X |
X |
X |
|
|
|
f346d273-a791-46a9-af94-101e6244a42e |
| 263 |
|
Information System Component Inventory |
|
|
|
X |
X |
X |
|
|
|
4e96fbe8-b5b8-4278-9950-ee32a2010fa5 |
| 272 |
|
Information System Component Inventory | Assignment Of Components To Systems |
|
|
|
|
|
|
|
|
|
158c766e-2e06-478a-a595-a6a93eef0453 |
| 273 |
|
Configuration Management Plan |
|
|
|
X |
X |
X |
|
|
|
5c01d6fd-2e34-4aa7-893f-2287c0f34865 |
| 332 |
|
Safe Mode |
|
|
|
|
|
|
|
|
|
b05bccb2-f30e-481c-8b89-6a607f780982 |
| 280 |
|
Contingency Planning Policy And Procedures |
X |
X |
X |
X |
X |
X |
X |
X |
X |
93d75cac-2552-465e-897f-2d79284b20e0 |
| 288 |
|
Contingency Plan | Coordinate With External Service Providers |
|
|
|
|
|
|
|
|
|
6278361a-a3c8-47fa-95a3-29990b17c2c8 |
| 289 |
|
Contingency Plan | Identify Critical Assets |
|
|
|
|
|
|
|
X |
X |
75007d50-190d-4f9f-b232-1eebf38181d3 |
| 299 |
|
Alternate Storage Site |
|
|
|
|
|
|
|
X |
X |
ba0c3666-0e0c-4509-a592-9a0bf9d0ad8e |
| 303 |
|
Alternate Processing Site |
|
X |
X |
|
X |
X |
|
X |
X |
84a83d1f-a29d-4128-8d4b-0b526d4f7573 |
| 505 |
|
Visitor Access Records |
X |
X |
X |
X |
X |
X |
X |
X |
X |
192a82ac-7074-491f-ac58-c1efa469d84b |
| 333 |
|
Alternative Security Mechanisms |
|
|
|
|
|
|
|
|
|
d15a0457-4a99-493f-ad75-985abc58a1c3 |
| 343 |
|
Identification And Authentication (Organizational Users) | Network Access To Privileged Accounts - Replay Resistant |
X |
X |
X |
X |
X |
X |
|
|
|
9f24f633-db84-4976-a0c8-aaf42c902afa |
| 346 |
|
Identification And Authentication (Organizational Users) | Remote Access - Separate Device |
X |
X |
X |
X |
X |
X |
|
|
|
a6aec764-053c-4a40-beb2-603621b6e093 |
| 348 |
|
Identification And Authentication (Organizational Users) | Out-Of-Band Authentication |
|
|
|
|
|
|
|
|
|
f548f5ed-ca3d-460c-9104-2d1676c97382 |
| 352 |
|
Device Identification And Authentication | Dynamic Address Allocation |
|
|
|
|
|
|
|
|
|
ebc0dc33-9b7f-4f8d-bd03-c1db906c1304 |
| 354 |
|
Identifier Management |
X |
X |
X |
X |
X |
X |
|
|
|
732d84e4-47fd-4aaa-9f79-8962f8487779 |
| 650 |
|
Development Process, Standards, And Tools | Threat Modeling / Vulnerability Analysis |
|
|
X |
|
|
X |
|
|
X |
d7dcfa0b-7dc7-429b-9cae-5677d303f323 |
| 362 |
|
Authenticator Management |
X |
X |
X |
X |
X |
X |
|
|
|
bc6feebc-e4c2-4023-be29-f17c4fce474e |
| 370 |
|
Authenticator Management | Multiple Information System Accounts |
X |
X |
X |
X |
X |
X |
|
|
|
7cf5a72d-388b-4f65-ab20-a31232b1ca94 |
| 372 |
|
Authenticator Management | Dynamic Credential Association |
|
|
|
|
|
|
|
|
|
d8d9b8ee-9b23-4a48-a4fa-b0687a19094c |
| 378 |
|
Authenticator Feedback |
X |
X |
X |
|
|
|
|
|
|
43094cd4-45a1-4b79-86b1-a5480343eb1b |
| 380 |
|
Identification And Authentication (Non-Organizational Users) |
X |
X |
X |
X |
X |
X |
|
|
|
8c7cfe77-cf82-43a5-b5df-87da2143cff7 |
| 388 |
|
Service Identification And Authentication | Transmission Of Decisions |
|
|
|
|
|
|
|
|
|
3279880c-683b-40cb-b1c6-a68c310b7707 |
| 768 |
|
Session Authenticity | Allowed Certificate Authorities |
|
|
|
X |
X |
X |
|
|
|
9be2f08b-e2f7-4acd-b4a6-c84b598479a3 |
| 389 |
|
Adaptive Identification And Authentication |
|
|
X |
|
|
X |
|
|
|
03759523-bc48-4123-98b3-0258ecbcafdb |
| 391 |
|
Incident Response Policy And Procedures |
X |
X |
X |
X |
X |
X |
X |
X |
X |
4cbd5320-b4f0-4af9-9fed-89e19ee23653 |
| 396 |
|
Incident Response Testing | Automated Testing |
|
|
|
|
|
|
|
|
|
0eeba5e9-a50e-4e75-901e-d5695e056e35 |
| 398 |
|
Incident Handling |
X |
X |
X |
X |
X |
X |
X |
X |
X |
05949cb5-d597-4108-9d61-50610c23867e |
| 406 |
|
Incident Handling | Correlation With External Organizations |
X |
X |
X |
X |
X |
X |
X |
X |
X |
60ff841c-a159-4a17-b90b-6173d4fb878c |
| 486 |
|
Physical Access Authorizations | Restrict Unescorted Access |
|
|
|
|
|
|
|
|
|
53d28894-7d69-4cdf-b83a-f6beb16e1774 |
| 411 |
|
Incident Reporting |
X |
X |
X |
X |
X |
X |
X |
X |
X |
dfeb4608-7fc0-4dce-8d8b-34ac8bbcb0c0 |
| 416 |
|
Incident Response Assistance | Automation Support For Availability Of Information / Support |
|
X |
X |
|
X |
X |
|
X |
X |
7b6bf949-d456-4193-9df6-e7eb33cd4159 |
| 418 |
|
Incident Response Plan |
X |
X |
X |
X |
X |
X |
X |
X |
X |
16902616-d5c9-4a31-be53-05669304eb7c |
| 424 |
|
Integrated Information Security Analysis Team |
|
X |
X |
|
X |
X |
|
X |
X |
4adcc3af-58ab-4079-a64b-c6847d87c62c |
| 425 |
|
System Maintenance Policy And Procedures |
X |
X |
X |
X |
X |
X |
X |
X |
X |
3c80db18-d0d9-456f-8faa-aad98565d8be |
| 492 |
|
Physical Access Control | Tamper Protection |
|
|
|
|
|
|
|
|
|
bc46501f-6126-4114-934b-755e1d8856fd |
| 434 |
|
Nonlocal Maintenance |
|
|
|
X |
X |
X |
|
|
|
3d2d2fb8-a920-4b1a-8fed-67372cda050d |
| 442 |
|
Maintenance Personnel |
X |
X |
X |
X |
X |
X |
X |
X |
X |
84cecf6e-3d35-46ba-9306-38d4bece5306 |
| 443 |
|
Maintenance Personnel | Individuals Without Appropriate Access |
|
|
X |
|
|
X |
|
|
X |
dab599bf-4922-46df-9880-207bc8f49404 |
| 449 |
|
Timely Maintenance | Preventive Maintenance |
|
|
|
|
|
|
|
|
|
6cb33bde-5095-409e-a71a-ed1c20306387 |
| 452 |
|
Media Protection Policy And Procedures |
X |
X |
X |
X |
X |
X |
|
|
|
46f50473-cd6c-4e67-8926-0f0b1e9e86d9 |
| 460 |
|
Media Transport |
|
X |
X |
|
X |
X |
|
|
|
2c5811c1-cc0c-4c24-a7b4-32db64d04366 |
| 468 |
|
Media Sanitization | Nondestructive Techniques |
|
|
X |
|
|
|
|
|
|
646c6a8e-a6ca-4809-915e-4cf9ce068cd8 |
| 472 |
|
Media Sanitization | Dual Authorization |
|
|
|
|
|
|
|
|
|
7ed349f7-94da-48eb-be73-0fce339ab4f7 |
| 474 |
|
Media Use |
X |
X |
X |
X |
X |
X |
|
|
|
f87b635a-1309-4f58-b9a2-4c4fa61b2a07 |
| 482 |
|
Physical And Environmental Protection Policy And Procedures |
X |
X |
X |
X |
X |
X |
X |
X |
X |
ad2f937f-08de-430e-8e3d-cb1a386faffb |
| 519 |
|
Fire Protection | Detection Devices / Systems |
|
|
|
|
|
|
|
|
X |
f48e749c-eb3a-4aab-a0f3-93c8428f32ca |
| 529 |
|
Alternate Work Site |
|
X |
X |
|
X |
X |
|
X |
X |
3a196c36-cda2-4b91-86ea-c948b1698e1b |
| 532 |
|
Information Leakage |
|
|
|
|
|
|
|
|
|
0980c8d6-eeae-408d-b5cd-b15745020fbc |
| 535 |
|
Security Planning Policy And Procedures |
X |
X |
X |
X |
X |
X |
X |
X |
X |
cc9191ea-e24d-4ac7-b703-10c6b0b7c766 |
| 541 |
|
Rules Of Behavior |
X |
X |
X |
X |
X |
X |
X |
X |
X |
749d1ece-f972-4e8e-94fe-2f4e6ca42d41 |
| 547 |
|
Information Security Architecture | Defense-In-Depth |
X |
X |
X |
X |
X |
X |
X |
X |
X |
55c81d2f-6a2a-41cd-8e47-1830bbbb965e |
| 549 |
|
Central Management |
|
|
|
|
|
|
|
|
|
1389c307-6a58-4862-868f-924d9c7856a8 |
| 550 |
|
Personnel Security Policy And Procedures |
X |
X |
X |
X |
X |
X |
X |
X |
X |
02aa2002-83fe-467d-a8ce-e61d4d7a64b1 |
| 556 |
|
Personnel Termination |
X |
X |
X |
X |
X |
X |
X |
X |
X |
cf13c668-1eaf-4bc0-a210-13e67126ce3b |
| 562 |
|
Access Agreements | Classified Information Requiring Special Protection |
|
|
|
|
|
|
|
|
|
876d4859-f34b-4c4d-95aa-4309316a0f26 |
| 564 |
|
Third-Party Personnel Security |
X |
X |
X |
X |
X |
X |
|
|
|
94f82460-2a4f-491b-b594-d46af7311a12 |
| 566 |
|
Risk Assessment Policy And Procedures |
X |
X |
X |
X |
X |
X |
X |
X |
X |
4b3720ce-71fa-4a3b-a66a-2c2155649ab0 |
| 568 |
|
Risk Assessment |
X |
X |
X |
X |
X |
X |
X |
X |
X |
af0136bf-5904-4cf3-b770-a350c03b8c82 |
| 582 |
|
System And Services Acquisition Policy And Procedures |
X |
X |
X |
X |
X |
X |
X |
X |
X |
c4faa508-d8e2-4420-85fc-a3371d2d1b10 |
| 584 |
|
System Development Life Cycle |
X |
X |
X |
X |
X |
X |
X |
X |
X |
579ac0d1-cf92-4839-bbee-b600754906a7 |
| 587 |
|
Acquisition Process | Design / Implementation Information For Security Controls |
|
X |
X |
|
X |
X |
|
X |
X |
a8f70743-d2ce-44c1-8cea-1692ca58951c |
| 592 |
|
Acquisition Process | Niap-Approved Protection Profiles |
|
|
|
X |
X |
X |
|
|
|
3c943874-fdf9-4df5-8905-eb65ef71fe1d |
| 596 |
|
Information System Documentation |
X |
X |
X |
X |
X |
X |
X |
X |
X |
fc7640fb-d7d8-4411-b401-fcb5feb50aad |
| 608 |
|
External Information System Services | Establish / Maintain Trust Relationship With Providers |
|
|
|
|
|
|
|
|
|
e5093375-c444-456c-b0e5-edeec9e60a10 |
| 613 |
|
Developer Configuration Management | Alternative Configuration Management Processes |
|
|
|
|
|
|
|
|
|
cbd740b4-4df8-4743-8bb8-7ee2c08c2b52 |
| 795 |
|
Honeyclients |
|
|
|
|
|
|
|
|
|
f44a9f1e-2417-4997-8966-125231ef864f |
| 619 |
|
Developer Security Testing And Evaluation | Static Code Analysis |
|
|
|
|
|
|
|
|
|
f3a11122-1ef7-4c61-99f0-1198221427ad |
| 621 |
|
Developer Security Testing And Evaluation | Independent Verification Of Assessment Plans / Evidence |
|
|
|
|
|
|
|
|
|
b3cd0c73-12c9-4f7d-b917-d3c38c1a66c1 |
| 622 |
|
Developer Security Testing And Evaluation | Manual Code Reviews |
|
|
|
|
|
|
|
|
|
5e72fdf0-0c23-42c1-a988-79c42fc30032 |
| 623 |
|
Developer Security Testing And Evaluation | Penetration Testing |
|
|
|
|
|
|
|
|
|
d2630c28-4845-4fe8-b0f9-4c8eb8378923 |
| 627 |
|
Supply Chain Protection |
X |
X |
X |
X |
X |
X |
X |
X |
X |
f90ef5d1-43b1-4501-b6ea-97f211526136 |
| 647 |
|
Development Process, Standards, And Tools | Quality Metrics |
|
|
|
|
|
|
|
|
|
7081ea52-1948-45d4-9a3e-a4b7f50a69d2 |
| 628 |
|
Supply Chain Protection | Acquisition Strategies / Tools / Methods |
|
|
X |
|
|
X |
|
|
X |
e65d525d-f6a5-4a0a-bcbf-eacb115b5df1 |
| 636 |
|
Supply Chain Protection | Operations Security |
|
|
X |
|
|
X |
|
|
X |
e4ea9b22-7f62-4efc-9e62-434cc26d2a1f |
| 638 |
|
Supply Chain Protection | Penetration Testing / Analysis Of Elements, Processes, And Actors |
|
|
X |
|
|
X |
|
|
X |
09a37011-a051-49a1-b7e5-111acc86c526 |
| 643 |
|
Trustworthiness |
|
|
|
|
|
|
|
|
|
2897f609-1db2-4f20-bd60-d0bdd95af361 |
| 644 |
|
Criticality Analysis |
|
|
X |
|
|
X |
|
|
X |
3eacbd1f-0095-42b5-a774-d34b911aa970 |
| 651 |
|
Development Process, Standards, And Tools | Attack Surface Reduction |
|
|
|
|
|
|
|
|
|
221ad307-51d8-40a7-8253-c628bfbacec2 |
| 659 |
|
Developer Security Architecture And Design |
|
|
X |
|
|
X |
|
|
X |
9e0ab505-ba55-4a1a-8b35-04f6540fe8ff |
| 662 |
|
Developer Security Architecture And Design | Formal Correspondence |
|
|
|
|
|
|
|
|
|
d0ecb275-107a-431a-be3c-9b1685878132 |
| 667 |
|
Tamper Resistance And Detection |
|
|
|
|
|
|
|
|
|
d5baaad8-ef89-490a-a636-058bf0fe69fd |
| 669 |
|
Tamper Resistance And Detection | Inspection Of Information Systems, Components, Or Devices |
|
|
|
|
|
|
|
|
|
9e95515b-92f8-4dea-9f96-fc1b864d1154 |
| 677 |
|
Developer Screening | Validation Of Screening |
|
|
|
|
|
|
|
|
|
4ab49893-1acf-49d4-a9b6-2d7d0c1a271e |
| 678 |
|
Unsupported System Components |
|
|
X |
|
|
X |
|
|
X |
99c83ac1-c083-4d8a-8c41-5f8f02d97fc5 |
| 680 |
|
System And Communications Protection Policy And Procedures |
X |
X |
X |
X |
X |
X |
X |
X |
X |
682ac94f-3093-447e-b519-99f722e14853 |
| 683 |
|
Security Function Isolation |
|
|
X |
|
|
X |
|
|
|
529a5ab4-b461-45c5-99b1-e08357d2fbab |
| 693 |
|
Denial Of Service Protection | Restrict Internal Users |
|
|
|
|
|
|
X |
X |
X |
9368b934-7ac6-4bc6-b97e-e6e4205c9e81 |
| 695 |
|
Denial Of Service Protection | Detection / Monitoring |
|
|
|
|
|
|
|
X |
X |
3fc84fb9-d7f8-4b8b-98c1-ed7dbbfb8b09 |
| 697 |
|
Boundary Protection |
X |
X |
X |
X |
X |
X |
|
|
|
3e8ec277-793d-4673-9623-05e8f8123ce7 |
| 704 |
|
Boundary Protection | Prevent Split Tunneling For Remote Devices |
X |
X |
X |
X |
X |
X |
|
|
|
ad69a1de-55fe-48f2-98aa-4aa32ccdeb4c |
| 706 |
|
Boundary Protection | Restrict Threatening Outgoing Communications Traffic |
|
|
|
X |
X |
X |
|
|
|
14f67e7c-00f9-4f7c-8760-3d56eefe566a |
| 711 |
|
Boundary Protection | Protects Against Unauthorized Physical Connections |
X |
X |
X |
X |
X |
X |
|
|
|
56e4a3e9-6594-455c-8aca-3ef3688625de |
| 718 |
|
Boundary Protection | Isolation Of Information System Components |
|
|
X |
|
|
X |
|
|
|
40773401-7112-4584-9115-b56d945845dd |
| 721 |
|
Transmission Confidentiality And Integrity |
X |
X |
X |
X |
X |
X |
|
|
|
484178a4-773d-4276-b6cf-ab85ea940cd3 |
| 878 |
|
Software, Firmware, And Information Integrity | Integrity Verification |
|
|
|
|
|
|
|
|
|
3765ff81-7259-4a6a-8f06-ac3c5df4295d |
| 725 |
|
Transmission Confidentiality And Integrity | Conceal / Randomize Communications |
|
|
|
|
|
|
|
|
|
ab8868ed-32ec-48db-9d74-d54259692e09 |
| 728 |
|
Trusted Path |
|
|
|
|
|
|
|
|
|
d8f8187d-2b4f-45df-9817-e959d125ddfc |
| 730 |
|
Cryptographic Key Establishment And Management |
X |
X |
X |
X |
X |
X |
|
|
|
4c3a3569-8ea1-40e4-9d5a-eb1ca2141c4d |
| 745 |
|
Collaborative Computing Devices | Disabling / Removal In Secure Work Areas |
|
|
|
|
|
|
|
|
|
9e1c0fff-15b1-4eb0-b357-4f154b1e34d0 |
| 750 |
|
Mobile Code |
|
|
|
X |
X |
X |
|
|
|
14b51149-80be-4640-9f28-cc11282afcdd |
| 757 |
|
Secure Name / Address Resolution Service (Authoritative Source) |
|
|
|
X |
X |
X |
|
|
|
c43d8f6a-5353-4381-b86d-647095afd049 |
| 774 |
|
Protection Of Information At Rest |
X |
X |
X |
X |
X |
X |
|
|
|
c604831d-4f6a-49f5-8166-5c9a1a7f1048 |
| 777 |
|
Heterogeneity |
|
|
|
|
|
|
|
|
|
643687f1-9586-4e2e-ad3d-f4c0e9c82347 |
| 779 |
|
Concealment And Misdirection |
|
|
|
|
|
|
|
|
|
0179195d-9d53-4234-9187-51c191481844 |
| 782 |
|
Concealment And Misdirection | Change Processing / Storage Locations |
|
|
|
|
|
|
|
|
|
f87184e7-6995-4876-b803-c7fd7a3eb945 |
| 784 |
|
Concealment And Misdirection | Concealment Of System Components |
|
|
|
|
|
|
|
|
|
2c8db4d7-8399-4b45-9fe3-83ac0d0a172d |
| 789 |
|
Information System Partitioning |
|
|
|
|
|
|
|
|
|
ac7ad293-674e-446b-af5c-3398c600d6fa |
| 797 |
|
Distributed Processing And Storage | Polling Techniques |
|
|
|
|
|
|
|
|
|
54c870ae-b354-4fe1-8b45-690e2d421392 |
| 800 |
|
Operations Security |
X |
X |
X |
X |
X |
X |
X |
X |
X |
b4e370d8-669a-4643-bbb2-3fd70dc36adb |
| 804 |
|
Wireless Link Protection |
|
|
|
|
|
|
|
|
|
d863c8df-84e9-42f0-aaf5-da06227a26c3 |
| 812 |
|
Sensor Capability And Data | Authorized Use |
|
|
|
|
|
|
|
|
|
b89c2d69-a883-4edd-b008-4b73a7cc05e1 |
| 815 |
|
Detonation Chambers |
|
|
|
|
|
|
|
|
|
96f676ee-3f7b-43c8-b2aa-4445846eb03e |
| 822 |
|
Flaw Remediation | Automatic Software / Firmware Updates |
|
|
|
|
|
|
|
|
|
be839267-b0e2-4515-80ba-bd1d3de20cf0 |
| 824 |
|
Malicious Code Protection |
|
|
|
X |
X |
X |
|
|
|
6338b744-d122-4440-a706-cad758ccd422 |
| 832 |
|
Malicious Code Protection | Detect Unauthorized Commands |
|
|
|
|
|
|
|
|
|
168d3649-3025-41a1-bdff-2ef671aa4aff |
| 833 |
|
Malicious Code Protection | Authenticate Remote Commands |
|
|
|
|
|
|
|
|
|
9d3b9888-7aaf-48f6-90db-6e2b9521d878 |
| 845 |
|
Information System Monitoring | Visibility Of Encrypted Communications |
|
X |
X |
|
X |
X |
|
X |
X |
257fa939-6a35-41b8-9542-86c75936826b |
| 852 |
|
Information System Monitoring | Integrated Situational Awareness |
|
|
|
|
|
|
|
|
|
c245afff-20b1-40bf-9864-957eee7f926e |
| 858 |
|
Information System Monitoring | Host-Based Devices |
X |
X |
X |
X |
X |
X |
X |
X |
X |
b1de30be-6047-4377-b658-ae2c9bce2cbf |
| 859 |
|
Information System Monitoring | Indicators Of Compromise |
|
|
|
|
|
|
|
|
|
75ba7e02-cf31-40e9-aefb-40e277ab1136 |
| 862 |
|
Security Function Verification |
|
|
|
|
|
X |
|
|
|
84db7f82-9ef8-49d2-af2a-ef9cc40a44b1 |
| 867 |
|
Software, Firmware, And Information Integrity | Integrity Checks |
|
|
|
|
X |
X |
|
|
|
9843b1ae-b45c-4484-9f0a-63ed8e252213 |
| 880 |
|
Software, Firmware, And Information Integrity | Binary Or Machine Executable Code |
|
|
|
X |
X |
X |
|
|
|
5fa1fdea-1b44-43bb-820d-c819ade2a993 |
| 888 |
|
Information Input Validation |
|
|
|
X |
X |
X |
|
|
|
1431fc34-b948-4066-8041-4f6d6fd8be9b |
| 891 |
|
Information Input Validation | Predictable Behavior |
|
|
|
|
X |
X |
|
|
|
caca6da7-c966-423d-aa59-18efae8d05a8 |
| 901 |
|
Predictable Failure Prevention | Failover Capability |
|
|
|
|
|
|
|
|
|
862a318e-7aa3-4372-9fbc-d7e2cb5a8373 |
| 902 |
|
Non-Persistence |
|
|
|
|
|
|
|
|
|
166fa5b9-74de-412c-9a7a-51d2778ec3bc |