NIST SP 800-53:CONTROLS STANDARD [PDF]

 
ID Family Class
AT AWARENESS AND TRAINING OPERATIONAL
CM CONFIGURATION MANAGEMENT OPERATIONAL
CP CONTINGENCY PLANNING OPERATIONAL
IR INCIDENT RESPONSE OPERATIONAL
MA MAINTENANCE OPERATIONAL
MP MEDIA PROTECTION OPERATIONAL
PE PHYSICAL AND ENVIRONMENTAL PROTECTION OPERATIONAL
PS PERSONNEL SECURITY OPERATIONAL
SI SYSTEM AND INFORMATION INTEGRITY OPERATIONAL

 
ID Name Priority LOW MOD HIGH
AT-1 SECURITY AWARENESS AND TRAINING POLICY AND PROCEDURES P1    AT-1    AT-1    AT-1
AT-2 SECURITY AWARENESS P1    AT-2    AT-2    AT-2
AT-3 SECURITY TRAINING P1    AT-3    AT-3    AT-3
AT-4 SECURITY TRAINING RECORDS P3    AT-4    AT-4    AT-4
AT-5 CONTACTS WITH SECURITY GROUPS AND ASSOCIATIONS P0    Not Selected    Not Selected    Not Selected
CM-1 CONFIGURATION MANAGEMENT POLICY AND PROCEDURES P1    CM-1    CM-1    CM-1
CM-2 BASELINE CONFIGURATION P1    CM-2    CM-2 (1) (3) (4)    CM-2 (1) (2) (3) (5) (6)
CM-3 CONFIGURATION CHANGE CONTROL P1    Not Selected    CM-3 (2)    CM-3 (1) (2)
CM-4 SECURITY IMPACT ANALYSIS P2    CM-4    CM-4    CM-4 (1)
CM-5 ACCESS RESTRICTIONS FOR CHANGE P1    Not Selected    CM-5    CM-5 (1) (2) (3)
CM-6 CONFIGURATION SETTINGS P1    CM-6    CM-6 (3)    CM-6 (1) (2) (3)
CM-7 LEAST FUNCTIONALITY P1    CM-7    CM-7 (1)    CM-7 (1) (2)
CM-8 INFORMATION SYSTEM COMPONENT INVENTORY P1    CM-8    CM-8 (1) (5)    CM-8 (1) (2) (3) (4) (5)
CM-9 CONFIGURATION MANAGEMENT PLAN P1    Not Selected    CM-9    CM-9
CP-1 CONTINGENCY PLANNING POLICY AND PROCEDURES P1    CP-1    CP-1    CP-1
CP-2 CONTINGENCY PLAN P1    CP-2    CP-2 (1)    CP-2 (1) (2) (3)
CP-3 CONTINGENCY TRAINING P2    CP-3    CP-3    CP-3 (1)
CP-4 CONTINGENCY PLAN TESTING AND EXERCISES P2    CP-4    CP-4 (1)    CP-4 (1) (2) (4)
CP-5 CONTINGENCY PLAN UPDATE ---    ---    ---    ---
CP-6 ALTERNATE STORAGE SITE P1    Not Selected    CP-6 (1) (3)    CP-6 (1) (2) (3)
CP-7 ALTERNATE PROCESSING SITE P1    Not Selected    CP-7 (1) (2) (3) (5)    CP-7 (1) (2) (3) (4) (5)
CP-8 TELECOMMUNICATIONS SERVICES P1    Not Selected    CP-8 (1) (2)    CP-8 (1) (2) (3) (4)
CP-9 INFORMATION SYSTEM BACKUP P1    CP-9    CP-9 (1)    CP-9 (1) (2) (3)
CP-10 INFORMATION SYSTEM RECOVERY AND RECONSTITUTION P1    CP-10    CP-10 (2) (3)    CP-10 (2) (3) (4)
IR-1 INCIDENT RESPONSE POLICY AND PROCEDURES P1    IR-1    IR-1    IR-1
IR-2 INCIDENT RESPONSE TRAINING P2    IR-2    IR-2    IR-2 (1) (2)
IR-3 INCIDENT RESPONSE TESTING AND EXERCISES P2    Not Selected    IR-3    IR-3 (1)
IR-4 INCIDENT HANDLING P1    IR-4    IR-4 (1)    IR-4 (1)
IR-5 INCIDENT MONITORING P1    IR-5    IR-5    IR-5 (1)
IR-6 INCIDENT REPORTING P1    IR-6    IR-6 (1)    IR-6 (1)
IR-7 INCIDENT RESPONSE ASSISTANCE P3    IR-7    IR-7 (1)    IR-7 (1)
IR-8 INCIDENT RESPONSE PLAN P1    IR-8    IR-8    IR-8
MA-1 SYSTEM MAINTENANCE POLICY AND PROCEDURES P1    MA-1    MA-1    MA-1
MA-2 CONTROLLED MAINTENANCE P2    MA-2    MA-2 (1)    MA-2 (1) (2)
MA-3 MAINTENANCE TOOLS P2    Not Selected    MA-3 (1) (2)    MA-3 (1) (2) (3)
MA-4 NON-LOCAL MAINTENANCE P1    MA-4    MA-4 (1) (2)    MA-4 (1) (2) (3)
MA-5 MAINTENANCE PERSONNEL P1    MA-5    MA-5    MA-5
MA-6 TIMELY MAINTENANCE P1    Not Selected    MA-6    MA-6
MP-1 MEDIA PROTECTION POLICY AND PROCEDURES P1    MP-1    MP-1    MP-1
MP-2 MEDIA ACCESS P1    MP-2    MP-2 (1)    MP-2 (1)
MP-3 MEDIA MARKING P1    Not Selected    MP-3    MP-3
MP-4 MEDIA STORAGE P1    Not Selected    MP-4    MP-4
MP-5 MEDIA TRANSPORT P1    Not Selected    MP-5 (2) (4)    MP-5 (2) (3) (4)
MP-6 MEDIA SANITIZATION P1    MP-6    MP-6    MP-6 (1) (2) (3)
PE-1 PHYSICAL AND ENVIRONMENTAL PROTECTION POLICY AND PROCEDURES P1    PE-1    PE-1    PE-1
PE-2 PHYSICAL ACCESS AUTHORIZATIONS P1    PE-2    PE-2    PE-2
PE-3 PHYSICAL ACCESS CONTROL P1    PE-3    PE-3    PE-3 (1)
PE-4 ACCESS CONTROL FOR TRANSMISSION MEDIUM P1    Not Selected    PE-4    PE-4
PE-5 ACCESS CONTROL FOR OUTPUT DEVICES P1    Not Selected    PE-5    PE-5
PE-6 MONITORING PHYSICAL ACCESS P1    PE-6    PE-6 (1)    PE-6 (1) (2)
PE-7 VISITOR CONTROL P1    PE-7    PE-7 (1)    PE-7 (1)
PE-8 ACCESS RECORDS P3    PE-8    PE-8    PE-8 (1) (2)
PE-9 POWER EQUIPMENT AND POWER CABLING P1    Not Selected    PE-9    PE-9
PE-10 EMERGENCY SHUTOFF P1    Not Selected    PE-10    PE-10
PE-11 EMERGENCY POWER P1    Not Selected    PE-11    PE-11 (1)
PE-12 EMERGENCY LIGHTING P1    PE-12    PE-12    PE-12
PE-13 FIRE PROTECTION P1    PE-13    PE-13 (1) (2) (3)    PE-13 (1) (2) (3)
PE-14 TEMPERATURE AND HUMIDITY CONTROLS P1    PE-14    PE-14    PE-14
PE-15 WATER DAMAGE PROTECTION P1    PE-15    PE-15    PE-15 (1)
PE-16 DELIVERY AND REMOVAL P1    PE-16    PE-16    PE-16
PE-17 ALTERNATE WORK SITE P1    Not Selected    PE-17    PE-17
PE-18 LOCATION OF INFORMATION SYSTEM COMPONENTS P2    Not Selected    PE-18    PE-18 (1)
PE-19 INFORMATION LEAKAGE P0    Not Selected    Not Selected    Not Selected
PS-1 PERSONNEL SECURITY POLICY AND PROCEDURES P1    PS-1    PS-1    PS-1
PS-2 POSITION CATEGORIZATION P1    PS-2    PS-2    PS-2
PS-3 PERSONNEL SCREENING P1    PS-3    PS-3    PS-3
PS-4 PERSONNEL TERMINATION P2    PS-4    PS-4    PS-4
PS-5 PERSONNEL TRANSFER P2    PS-5    PS-5    PS-5
PS-6 ACCESS AGREEMENTS P3    PS-6    PS-6    PS-6
PS-7 THIRD-PARTY PERSONNEL SECURITY P1    PS-7    PS-7    PS-7
PS-8 PERSONNEL SANCTIONS P3    PS-8    PS-8    PS-8
SI-1 SYSTEM AND INFORMATION INTEGRITY POLICY AND PROCEDURES P1    SI-1    SI-1    SI-1
SI-2 FLAW REMEDIATION P1    SI-2    SI-2 (2)    SI-2 (1) (2)
SI-3 MALICIOUS CODE PROTECTION P1    SI-3    SI-3 (1) (2) (3)    SI-3 (1) (2) (3)
SI-4 INFORMATION SYSTEM MONITORING P1    Not Selected    SI-4 (2) (4) (5) (6)    SI-4 (2) (4) (5) (6)
SI-5 SECURITY ALERTS, ADVISORIES, AND DIRECTIVES P1    SI-5    SI-5    SI-5 (1)
SI-6 SECURITY FUNCTIONALITY VERIFICATION P1    Not Selected    Not Selected    SI-6
SI-7 SOFTWARE AND INFORMATION INTEGRITY P1    Not Selected    SI-7 (1)    SI-7 (1) (2)
SI-8 SPAM PROTECTION P1    Not Selected    SI-8    SI-8 (1)
SI-9 INFORMATION INPUT RESTRICTIONS P2    Not Selected    SI-9    SI-9
SI-10 INFORMATION INPUT VALIDATION P1    Not Selected    SI-10    SI-10
SI-11 ERROR HANDLING P2    Not Selected    SI-11    SI-11
SI-12 INFORMATION OUTPUT HANDLING AND RETENTION P2    SI-12    SI-12    SI-12
SI-13 PREDICTABLE FAILURE PREVENTION P0    Not Selected    Not Selected    Not Selected


NIST Special Publication 800-53: This publication may be used by nongovernmental organizations on a voluntary basis and is not subject to copyright in the United States.
Attribution would, however, be appreciated by NIST.

This document was produced from an export of the database beta application released with NIST SP 800-53 REV 3.
The text is unchanged from the information contained in the database. You are free to use this material under the same terms provided by NIST.
Attribution for this arrangement of the material would be appreciated.
Tim Hudson - tjh@cryptsoft.com