Authority Document - Unified Compliance

Back

North America > US National Institute of Standards and Technology

NIST SP 800-171 Rev. 3, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations

AD ID

0003946

AD STATUS

NIST SP 800-171 Rev. 3, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations

ORIGINATOR

US National Institute of Standards and Technology

TYPE

International or National Standard

AVAILABILITY

Free

SYNONYMS

NIST 800-171 Rev 3

NIST SP 800-171 Rev. 3, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations

EFFECTIVE

2024-05-30

ADDED

The document as a whole was last reviewed and released on 2024-07-26T00:00:00-0700.

URL

Click here

AD ID

0003946

AD STATUS

Free

ORIGINATOR

US National Institute of Standards and Technology

TYPE

International or National Standard

AVAILABILITY

SYNONYMS

NIST 800-171 Rev 3

NIST SP 800-171 Rev. 3, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations

EFFECTIVE

2024-05-30

ADDED

The document as a whole was last reviewed and released on 2024-07-26T00:00:00-0700.

URL

Click here

Important Notice

This Authority Document In Depth Report is copyrighted - © 2024 - Network Frontiers LLC. All rights reserved. Copyright in the Authority Document analyzed herein is held by its authors. Network Frontiers makes no claims of copyright in this Authority Document.

This Authority Document In Depth Report is provided for informational purposes only and does not constitute, and should not be construed as, legal advice. The reader is encouraged to consult with an attorney experienced in these areas for further explanation and advice.

This Authority Document In Depth Report provides analysis and guidance for use and implementation of the Authority Document but it is not a substitute for the original authority document itself. Readers should refer to the original authority document as the definitive resource on obligations and compliance requirements.

The process we used to tag and map this document

This document has been mapped into the Unified Compliance Framework using a patented methodology and patented tools (you can research our patents HERE). The mapping team has taken every effort to ensure the quality of mapping is of the highest degree. To learn more about the process we use to map Authority Documents, or to become involved in that process, click HERE.

Controls and asociated Citations breakdown

When the UCF Mapping Teams tag Citations and their associated mandates within an Authority Document, those Citations and Mandates are tied to Common Controls. In addition, and by virtue of those Citations and mandates being tied to Common Controls, there are three sets of meta data that are associated with each Citation; Controls by Impact Zone, Controls by Type, and Controls by Classification.

The online version of the mapping analysis you see here is just a fraction of the work the UCF Mapping Team has done. The downloadable version of this document, available within the Common Controls Hub (available HERE) contains the following:

Document implementation analysis – statistics about the document’s alignment with Common Controls as compared to other Authority Documents and statistics on usage of key terms and non-standard terms.

Citation and Mandate Tagging and Mapping – A complete listing of each and every Citation we found within NIST SP 800-171 Rev. 3, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations that have been tagged with their primary and secondary nouns and primary and secondary verbs in three column format. The first column shows the Citation (the marker within the Authority Document that points to where we found the guidance). The second column shows the Citation guidance per se, along with the tagging for the mandate we found within the Citation. The third column shows the Common Control ID that the mandate is linked to, and the final column gives us the Common Control itself.

Dictionary Terms – The dictionary terms listed for NIST SP 800-171 Rev. 3, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations are based upon terms either found within the Authority Document’s defined terms section(which most legal documents have), its glossary, and for the most part, as tagged within each mandate. The terms with links are terms that are the standardized version of the term.

Common Controls and
mandates by Impact Zone 253 Mandated Controls - bold
149 Implied Controls - italic 1753 Implementation

Number of Controls

2155 Total

Acquisition or sale of facilities, technology, and services

Mandated - bold Implied - italic Implementation - regular	TYPE	CLASS
KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term
Acquisition or sale of facilities, technology, and services CC ID 01123	IT Impact Zone	IT Impact Zone
Plan for acquiring facilities, technology, or services. CC ID 06892	Acquisition/Sale of Assets or Services	Preventive
Establish, implement, and maintain a product and services acquisition strategy. CC ID 01133 [Develop and implement acquisition strategies, contract tools, and procurement methods to identify, protect against, and mitigate supply chain risks. 03.17.02 ¶ 1]	Establish/Maintain Documentation	Preventive

Audits and risk management

Mandated - bold Implied - italic Implementation - regular	TYPE	CLASS
KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term
Audits and risk management CC ID 00677	IT Impact Zone	IT Impact Zone
Establish, implement, and maintain an audit program. CC ID 00684	Establish/Maintain Documentation	Preventive
Accept the attestation engagement when all preconditions are met. CC ID 13933	Business Processes	Preventive
Audit in scope audit items and compliance documents. CC ID 06730	Audits and Risk Management	Preventive
Determine if the audit assertion's in scope controls are reasonable. CC ID 06980	Testing	Detective
Document test plans for auditing in scope controls. CC ID 06985	Testing	Detective
Determine the effectiveness of in scope controls. CC ID 06984 [Assess the security requirements for the system and its environment of operation [Assignment: organization-defined frequency] to determine if the requirements have been satisfied. 03.12.01 ¶ 1]	Testing	Detective
Review incident management audit logs to determine the effectiveness of in scope controls. CC ID 12157	Audits and Risk Management	Detective
Review audit reports to determine the effectiveness of in scope controls. CC ID 12156	Audits and Risk Management	Detective
Observe processes to determine the effectiveness of in scope controls. CC ID 12155	Audits and Risk Management	Detective
Interview stakeholders to determine the effectiveness of in scope controls. CC ID 12154	Audits and Risk Management	Detective
Review documentation to determine the effectiveness of in scope controls. CC ID 16522	Process or Activity	Preventive
Review policies and procedures to determine the effectiveness of in scope controls. CC ID 12144	Audits and Risk Management	Detective
Evaluate personnel status changes to determine the effectiveness of in scope controls. CC ID 16556	Audits and Risk Management	Detective
Determine whether individuals performing a control have the appropriate staff qualifications, staff clearances, and staff competencies. CC ID 16555	Audits and Risk Management	Detective
Establish and maintain organizational audit reports. CC ID 06731	Establish/Maintain Documentation	Preventive
Disseminate and communicate the audit report to all interested personnel and affected parties identified in the distribution list. CC ID 07117	Establish/Maintain Documentation	Preventive
Disseminate and communicate the reviews of audit reports to organizational management. CC ID 00653 [Report findings to organizational personnel or roles. 03.03.05 b.]	Log Management	Detective
Establish, implement, and maintain a risk management program. CC ID 12051	Establish/Maintain Documentation	Preventive
Establish, implement, and maintain the risk assessment framework. CC ID 00685	Establish/Maintain Documentation	Preventive
Establish, implement, and maintain a risk assessment program. CC ID 00687	Establish/Maintain Documentation	Preventive
Perform risk assessments for all target environments, as necessary. CC ID 06452 [Assess the risk (including supply chain risk) of unauthorized disclosure resulting from the processing, storage, or transmission of CUI. 03.11.01 a.]	Testing	Preventive
Include the probability and potential impact of pandemics in the scope of the risk assessment. CC ID 13241	Establish/Maintain Documentation	Preventive
Include physical assets in the scope of the risk assessment. CC ID 13075	Establish/Maintain Documentation	Preventive
Include the results of the risk assessment in the risk assessment report. CC ID 06481	Establish/Maintain Documentation	Preventive
Approve the results of the risk assessment as documented in the risk assessment report. CC ID 07109	Audits and Risk Management	Preventive
Update the risk assessment upon discovery of a new threat. CC ID 00708	Establish/Maintain Documentation	Detective
Review risks to the organization's audit function when changes in the supply chain occur. CC ID 01154	Audits and Risk Management	Preventive
Update the risk assessment upon changes to the risk profile. CC ID 11627 [Update risk assessments [Assignment: organization-defined frequency]. 03.11.01 b.]	Establish/Maintain Documentation	Detective
Review the risk to the audit function when the audit personnel status changes. CC ID 01153	Audits and Risk Management	Preventive
Document any reasons for modifying or refraining from modifying the organization's risk assessment when the risk assessment has been reviewed. CC ID 13312	Establish/Maintain Documentation	Preventive
Create a risk assessment report based on the risk assessment results. CC ID 15695	Establish/Maintain Documentation	Preventive
Disseminate and communicate the approved risk assessment report to interested personnel and affected parties. CC ID 10633	Communicate	Preventive
Conduct external audits of risk assessments, as necessary. CC ID 13308	Audits and Risk Management	Detective
Notify the organization upon completion of the external audits of the organization's risk assessment. CC ID 13313	Communicate	Preventive
Document and communicate a corrective action plan based on the risk assessment findings. CC ID 00705 [Develop a plan of action and milestones for the system: 03.12.02 a.]	Establish/Maintain Documentation	Corrective
Review and approve the risk assessment findings. CC ID 06485	Establish/Maintain Documentation	Preventive
Include risk responses in the risk management program. CC ID 13195 [Respond to findings from security assessments, monitoring, and audits. 03.11.04 ¶ 1]	Establish/Maintain Documentation	Preventive
Establish, implement, and maintain a supply chain risk management plan. CC ID 14713 [Develop a plan for managing supply chain risks associated with the research and development, design, manufacturing, acquisition, delivery, integration, operations, maintenance, and disposal of the system, system components, or system services. 03.17.01 a. Review and update the supply chain risk management plan [Assignment: organization-defined frequency]. 03.17.01 b.]	Establish/Maintain Documentation	Preventive
Include processes for monitoring and reporting in the supply chain risk management plan. CC ID 15619	Establish/Maintain Documentation	Preventive
Include dates in the supply chain risk management plan. CC ID 15617	Establish/Maintain Documentation	Preventive
Include implementation milestones in the supply chain risk management plan. CC ID 15615	Establish/Maintain Documentation	Preventive
Include roles and responsibilities in the supply chain risk management plan. CC ID 15613	Establish/Maintain Documentation	Preventive
Include supply chain risk management procedures in the risk management program. CC ID 13190 [Assess the risk (including supply chain risk) of unauthorized disclosure resulting from the processing, storage, or transmission of CUI. 03.11.01 a. Establish a process for identifying and addressing weaknesses or deficiencies in the supply chain elements and processes. 03.17.03 a.]	Establish/Maintain Documentation	Preventive
Disseminate and communicate the supply chain risk management procedures to all interested personnel and affected parties. CC ID 14712	Communicate	Preventive
Assign key stakeholders to review and approve supply chain risk management procedures. CC ID 13199	Human Resources Management	Preventive
Analyze supply chain risk management procedures, as necessary. CC ID 13198	Process or Activity	Detective

Human Resources management

144

Mandated - bold Implied - italic Implementation - regular	TYPE	CLASS
KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term
Human Resources management CC ID 00763	IT Impact Zone	IT Impact Zone
Define and assign workforce roles and responsibilities. CC ID 13267 [Define and document user roles and responsibilities with regard to external system services, including shared responsibilities with external service providers. 03.16.03 b.]	Human Resources Management	Preventive
Establish, implement, and maintain cybersecurity roles and responsibilities. CC ID 13201	Human Resources Management	Preventive
Assign roles and responsibilities for physical security, as necessary. CC ID 13113	Establish Roles	Preventive
Document the use of external experts. CC ID 16263	Human Resources Management	Preventive
Define and assign roles and responsibilities for the biometric system. CC ID 17004	Human Resources Management	Preventive
Define and assign roles and responsibilities for those involved in risk management. CC ID 13660	Human Resources Management	Preventive
Include the management structure in the duties and responsibilities for risk management. CC ID 13665	Human Resources Management	Preventive
Assign the roles and responsibilities for the change control program. CC ID 13118	Human Resources Management	Preventive
Identify and define all critical roles. CC ID 00777	Establish Roles	Preventive
Assign cybersecurity reporting responsibilities to qualified personnel. CC ID 12739	Establish Roles	Preventive
Assign responsibility for cyber threat intelligence. CC ID 12746	Human Resources Management	Preventive
Assign the role of security management to applicable controls. CC ID 06444	Establish Roles	Preventive
Assign the role of security leader to keep up to date on the latest threats. CC ID 12112	Human Resources Management	Preventive
Define and assign the data processor's roles and responsibilities. CC ID 12607	Human Resources Management	Preventive
Assign the data processor to assist the data controller in implementing security controls. CC ID 12677	Human Resources Management	Preventive
Assign the data processor to notify the data controller when personal data processing could infringe on regulations. CC ID 12617	Communicate	Preventive
Define and assign the data controller's roles and responsibilities. CC ID 00471	Establish Roles	Preventive
Assign the role of data controller to be the Point of Contact for the supervisory authority. CC ID 12616	Human Resources Management	Preventive
Assign the role of the Data Controller to cooperate with the supervisory authority. CC ID 12615	Human Resources Management	Preventive
Assign the data controller to facilitate the exercise of the data subject's rights. CC ID 12666	Human Resources Management	Preventive
Assign the role of data controller to applicable controls. CC ID 00354	Establish Roles	Preventive
Assign the role of data controller to provide advice, when requested. CC ID 12611	Human Resources Management	Preventive
Assign the role of data controller to additional personnel, as necessary. CC ID 00473	Establish Roles	Preventive
Assign the role of Information Technology operations to applicable controls. CC ID 00682	Establish Roles	Preventive
Assign the role of logical access control to applicable controls. CC ID 00772	Establish Roles	Preventive
Assign the role of asset physical security to applicable controls. CC ID 00770	Establish Roles	Preventive
Assign the role of data custodian to applicable controls. CC ID 04789	Establish Roles	Preventive
Assign the role of the Quality Management committee to applicable controls. CC ID 00769	Establish Roles	Preventive
Assign interested personnel to the Quality Management committee. CC ID 07193	Establish Roles	Preventive
Assign the roles and responsibilities for the asset management system. CC ID 14368	Establish/Maintain Documentation	Preventive
Assign personnel to a crime prevention unit and announce the members of the unit. CC ID 06348	Establish Roles	Preventive
Assign the role of fire protection management to applicable controls. CC ID 04891	Establish Roles	Preventive
Assign the role of Information Technology Service Continuity Management to applicable controls. CC ID 04894	Establish Roles	Preventive
Assign the role of the Computer Emergency Response Team to applicable controls. CC ID 04895	Establish Roles	Preventive
Assign the role of CRYPTO custodian to applicable controls. CC ID 06723	Establish Roles	Preventive
Define and assign the roles and responsibilities of security guards. CC ID 12543	Human Resources Management	Preventive
Define and assign roles and responsibilities for dispute resolution. CC ID 13626	Human Resources Management	Preventive
Define and assign the roles for Legal Support Workers. CC ID 13711	Human Resources Management	Preventive
Establish, implement, and maintain a personnel management program. CC ID 14018	Establish/Maintain Documentation	Preventive
Establish, implement, and maintain a personnel security program. CC ID 10628	Establish/Maintain Documentation	Preventive
Employ individuals who have the appropriate staff qualifications, staff clearances, and staff competencies. CC ID 00782	Testing	Detective
Perform personnel screening procedures, as necessary. CC ID 11763 [Screen individuals prior to authorizing access to the system. 03.09.01 a. Rescreen individuals in accordance with [Assignment: organization-defined conditions requiring rescreening]. 03.09.01 b.]	Human Resources Management	Preventive
Establish, implement, and maintain personnel status change and termination procedures. CC ID 06549	Establish/Maintain Documentation	Preventive
Terminate access rights when notified of a personnel status change or an individual is terminated. CC ID 11826 [When individual employment is terminated: Terminate or revoke authenticators and credentials associated with the individual, and 03.09.02 a.2.]	Technical Security	Corrective
Deny access to restricted data or restricted information when a personnel status change occurs or an individual is terminated. CC ID 01309 [When individual employment is terminated: Disable system access within [Assignment: organization-defined time period], 03.09.02 a.1.]	Data and Information Management	Corrective
Notify all interested personnel and affected parties when personnel status changes or an individual is terminated. CC ID 06677 [Notify account managers and designated personnel or roles within: [Assignment: organization-defined time period] when accounts are no longer required. 03.01.01 g.1. Notify account managers and designated personnel or roles within: [Assignment: organization-defined time period] when users are terminated or transferred. 03.01.01 g.2. Notify account managers and designated personnel or roles within: [Assignment: organization-defined time period] when system usage or the need-to-know changes for an individual. 03.01.01 g.3.]	Behavior	Preventive
Establish and maintain the staff structure in line with the strategic plan. CC ID 00764	Establish Roles	Preventive
Implement segregation of duties in roles and responsibilities. CC ID 00774 [Identify the duties of individuals requiring separation. 03.01.04 a. Define system access authorizations to support separation of duties. 03.01.04 b.]	Testing	Detective
Establish, implement, and maintain segregation of duties compensating controls if segregation of duties is not practical. CC ID 06960	Technical Security	Preventive
Train all personnel and third parties, as necessary. CC ID 00785 [Train authorized individuals to ensure that publicly accessible information does not contain CUI. 03.01.22 a.]	Behavior	Preventive
Provide new hires limited network access to complete computer-based training. CC ID 17008	Training	Preventive
Establish, implement, and maintain an education methodology. CC ID 06671	Business Processes	Preventive
Support certification programs as viable training programs. CC ID 13268	Human Resources Management	Preventive
Include evidence of experience in applications for professional certification. CC ID 16193	Establish/Maintain Documentation	Preventive
Include supporting documentation in applications for professional certification. CC ID 16195	Establish/Maintain Documentation	Preventive
Submit applications for professional certification. CC ID 16192	Training	Preventive
Retrain all personnel, as necessary. CC ID 01362 [{security training} Provide security literacy training to system users: When required by system changes or following [Assignment: organization-defined events], and 03.02.01 a.2. Provide role-based security training to organizational personnel: When required by system changes or following [Assignment: organization-defined events]. 03.02.02 a.2.]	Behavior	Preventive
Tailor training to meet published guidance on the subject being taught. CC ID 02217	Behavior	Preventive
Tailor training to be taught at each person's level of responsibility. CC ID 06674 [Provide role-based security training to organizational personnel: Before authorizing access to the system or CUI, before performing assigned duties, and [Assignment: organization-defined frequency] thereafter 03.02.02 a.1.]	Behavior	Preventive
Conduct cross-training or staff backup training to minimize dependency on critical individuals. CC ID 00786	Behavior	Preventive
Document all training in a training record. CC ID 01423	Establish/Maintain Documentation	Detective
Use automated mechanisms in the training environment, where appropriate. CC ID 06752	Behavior	Preventive
Conduct tests and evaluate training. CC ID 06672	Testing	Detective
Hire third parties to conduct training, as necessary. CC ID 13167	Human Resources Management	Preventive
Review the current published guidance and awareness and training programs. CC ID 01245 [Review and update incident response training content [Assignment: organization-defined frequency] and following [Assignment: organization-defined events]. 03.06.04 b.]	Establish/Maintain Documentation	Preventive
Establish, implement, and maintain training plans. CC ID 00828	Establish/Maintain Documentation	Preventive
Approve training plans, as necessary. CC ID 17193	Training	Preventive
Train personnel to recognize conditions of diseases or sicknesses, as necessary. CC ID 14383	Training	Detective
Include prevention techniques in training regarding diseases or sicknesses. CC ID 14387	Training	Preventive
Include the concept of disease clusters when training to recognize conditions of diseases or sicknesses. CC ID 14386	Training	Preventive
Train personnel to identify and communicate symptoms of exposure to disease or sickness. CC ID 14385	Training	Detective
Develop or acquire content to update the training plans. CC ID 12867 [Update security literacy training content [Assignment: organization-defined frequency] and following [Assignment: organization-defined events]. 03.02.01 b. Update role-based training content [Assignment: organization-defined frequency] and following [Assignment: organization-defined events]. 03.02.02 b.]	Training	Preventive
Establish, implement, and maintain a list of tasks to include in the training plan. CC ID 17101	Training	Preventive
Designate training facilities in the training plan. CC ID 16200	Training	Preventive
Include portions of the visitor control program in the training plan. CC ID 13287	Establish/Maintain Documentation	Preventive
Include ethical culture in the security awareness program. CC ID 12801	Human Resources Management	Preventive
Include insider threats in the security awareness program. CC ID 16963	Training	Preventive
Include in scope external requirements in the training plan, as necessary. CC ID 13041	Training	Preventive
Include duties and responsibilities in the training plan, as necessary. CC ID 12800	Human Resources Management	Preventive
Conduct bespoke roles and responsibilities training, as necessary. CC ID 13192	Training	Preventive
Include risk management in the security awareness program. CC ID 13040	Training	Preventive
Conduct Archives and Records Management training. CC ID 00975	Behavior	Preventive
Conduct personal data processing training. CC ID 13757	Training	Preventive
Include in personal data processing training how to provide the contact information for the categories of personal data the organization may disclose. CC ID 13758	Training	Preventive
Include cloud security in the security awareness program. CC ID 13039	Training	Preventive
Establish, implement, and maintain a security awareness program. CC ID 11746	Establish/Maintain Documentation	Preventive
Complete security awareness training prior to being granted access to information systems or data. CC ID 17009	Training	Preventive
Establish, implement, and maintain a security awareness and training policy. CC ID 14022	Establish/Maintain Documentation	Preventive
Include compliance requirements in the security awareness and training policy. CC ID 14092	Establish/Maintain Documentation	Preventive
Include coordination amongst entities in the security awareness and training policy. CC ID 14091	Establish/Maintain Documentation	Preventive
Establish, implement, and maintain security awareness and training procedures. CC ID 14054	Establish/Maintain Documentation	Preventive
Disseminate and communicate the security awareness and training procedures to interested personnel and affected parties. CC ID 14138	Communicate	Preventive
Include management commitment in the security awareness and training policy. CC ID 14049	Establish/Maintain Documentation	Preventive
Include roles and responsibilities in the security awareness and training policy. CC ID 14048	Establish/Maintain Documentation	Preventive
Include the scope in the security awareness and training policy. CC ID 14047	Establish/Maintain Documentation	Preventive
Include the purpose in the security awareness and training policy. CC ID 14045	Establish/Maintain Documentation	Preventive
Include configuration management procedures in the security awareness program. CC ID 13967	Establish/Maintain Documentation	Preventive
Include media protection in the security awareness program. CC ID 16368	Training	Preventive
Document security awareness requirements. CC ID 12146	Establish/Maintain Documentation	Preventive
Include safeguards for information systems in the security awareness program. CC ID 13046	Establish/Maintain Documentation	Preventive
Include identity and access management in the security awareness program. CC ID 17013	Training	Preventive
Include the encryption process in the security awareness program. CC ID 17014	Training	Preventive
Include security policies and security standards in the security awareness program. CC ID 13045	Establish/Maintain Documentation	Preventive
Include physical security in the security awareness program. CC ID 16369	Training	Preventive
Include data management in the security awareness program. CC ID 17010	Training	Preventive
Include e-mail and electronic messaging in the security awareness program. CC ID 17012	Training	Preventive
Include mobile device security guidelines in the security awareness program. CC ID 11803	Establish/Maintain Documentation	Preventive
Include updates on emerging issues in the security awareness program. CC ID 13184	Training	Preventive
Include cybersecurity in the security awareness program. CC ID 13183	Training	Preventive
Include implications of non-compliance in the security awareness program. CC ID 16425	Training	Preventive
Include social networking in the security awareness program. CC ID 17011	Training	Preventive
Include the acceptable use policy in the security awareness program. CC ID 15487	Training	Preventive
Include training based on the participants' level of responsibility and access level in the security awareness program. CC ID 11802	Establish/Maintain Documentation	Preventive
Include a requirement to train all new hires and interested personnel in the security awareness program. CC ID 11800 [{security training} Provide security literacy training to system users: As part of initial training for new users and [Assignment: organization-defined frequency] thereafter, 03.02.01 a.1.]	Establish/Maintain Documentation	Preventive
Include remote access in the security awareness program. CC ID 13892	Establish/Maintain Documentation	Preventive
Document the goals of the security awareness program. CC ID 12145	Establish/Maintain Documentation	Preventive
Compare current security awareness assessment reports to the security awareness baseline. CC ID 12150	Establish/Maintain Documentation	Preventive
Establish and maintain management's commitment to supporting the security awareness program. CC ID 12151	Human Resources Management	Preventive
Establish and maintain a steering committee to guide the security awareness program. CC ID 12149	Human Resources Management	Preventive
Document the scope of the security awareness program. CC ID 12148	Establish/Maintain Documentation	Preventive
Establish, implement, and maintain a security awareness baseline. CC ID 12147	Establish/Maintain Documentation	Preventive
Encourage interested personnel to obtain security certification. CC ID 11804	Human Resources Management	Preventive
Disseminate and communicate the security awareness program to all interested personnel and affected parties. CC ID 00823	Behavior	Preventive
Train all personnel and third parties on how to recognize and report security incidents. CC ID 01211 [{security training} Provide security literacy training to system users: On recognizing and reporting indicators of insider threat, social engineering, and social mining. 03.02.01 a.3.]	Behavior	Preventive
Train all personnel and third parties on how to recognize and report system failures. CC ID 13475	Training	Preventive
Require personnel to acknowledge, through writing their signature, that they have read and understand the organization's security policies. CC ID 01363	Establish/Maintain Documentation	Preventive
Monitor and measure the effectiveness of security awareness. CC ID 06262	Monitor and Evaluate Occurrences	Detective
Establish, implement, and maintain an environmental management system awareness program. CC ID 15200	Establish/Maintain Documentation	Preventive
Conduct secure coding and development training for developers. CC ID 06822	Behavior	Corrective
Conduct tampering prevention training. CC ID 11875	Training	Preventive
Include the mandate to refrain from installing, refrain from replacing, and refrain from returning any asset absent verification in the tampering prevention training. CC ID 11877	Training	Preventive
Include how to identify and authenticate third parties claiming to be maintenance personnel in the tampering prevention training. CC ID 11876	Training	Preventive
Include how to report tampering and unauthorized substitution in the tampering prevention training. CC ID 11879	Training	Preventive
Include how to prevent physical tampering in the tampering prevention training. CC ID 11878	Training	Preventive
Include procedures on how to inspect devices in the tampering prevention training. CC ID 11990	Training	Preventive
Train interested personnel and affected parties to collect digital forensic evidence. CC ID 08658	Training	Preventive
Conduct crime prevention training. CC ID 06350	Behavior	Preventive
Analyze and evaluate training records to improve the training program. CC ID 06380	Monitor and Evaluate Occurrences	Detective
Establish, implement, and maintain an occupational health and safety management system. CC ID 16201	Business Processes	Preventive
Establish, implement, and maintain an occupational health and safety policy. CC ID 00716	Establish/Maintain Documentation	Preventive
Establish, implement, and maintain a travel program for all personnel. CC ID 10597	Human Resources Management	Preventive
Issue devices with secure configurations to individuals traveling to locations deemed to be of risk. CC ID 10598 [Issue systems or system components with the following configurations to individuals traveling to high-risk locations: [Assignment: organization-defined system configurations]. 03.04.12 a.]	Configuration	Preventive
Scan devices for malicious code when an individual returns from locations deemed to be of risk. CC ID 10599 [Apply the following security requirements to the systems or components when the individuals return from travel: [Assignment: organization-defined security requirements]. 03.04.12 b.]	Process or Activity	Detective

Leadership and high level objectives

Mandated - bold Implied - italic Implementation - regular	TYPE	CLASS
KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term
Leadership and high level objectives CC ID 00597	IT Impact Zone	IT Impact Zone
Establish, implement, and maintain a reporting methodology program. CC ID 02072	Business Processes	Preventive
Establish, implement, and maintain communication protocols. CC ID 12245	Establish/Maintain Documentation	Preventive
Establish, implement, and maintain alert procedures. CC ID 12406 [Generate and disseminate internal system security alerts, advisories, and directives, as necessary. 03.14.03 b.]	Establish/Maintain Documentation	Preventive
Include the criteria for notifications in the notification system. CC ID 17139	Establish/Maintain Documentation	Preventive
Include the capturing and alerting of compliance violations in the notification system. CC ID 12962	Monitor and Evaluate Occurrences	Preventive
Include the capturing and alerting of unethical conduct in the notification system. CC ID 12932	Monitor and Evaluate Occurrences	Preventive
Include the capturing and alerting of performance variances in the notification system. CC ID 12929	Monitor and Evaluate Occurrences	Preventive
Include the capturing and alerting of weaknesses in the notification system. CC ID 12928	Monitor and Evaluate Occurrences	Preventive
Include the capturing and alerting of account activity in the notification system. CC ID 15314	Monitor and Evaluate Occurrences	Preventive
Analyze organizational objectives, functions, and activities. CC ID 00598	Monitor and Evaluate Occurrences	Preventive
Monitor regulatory trends to maintain compliance. CC ID 00604	Monitor and Evaluate Occurrences	Detective
Subscribe to a threat intelligence service to receive notification of emerging threats. CC ID 12135 [Receive system security alerts, advisories, and directives from external organizations on an ongoing basis. 03.14.03 a.]	Technical Security	Detective
Disseminate and communicate emerging threats to all interested personnel and affected parties. CC ID 12185 [Generate and disseminate internal system security alerts, advisories, and directives, as necessary. 03.14.03 b.]	Communicate	Preventive
Disseminate and communicate updated guidance documentation to interested personnel and affected parties upon discovery of a new threat. CC ID 12191	Communicate	Corrective
Establish, implement, and maintain a Quality Management framework. CC ID 07196	Establish/Maintain Documentation	Preventive
Establish, implement, and maintain a Quality Management program. CC ID 07201	Establish/Maintain Documentation	Preventive
Correct errors and deficiencies in a timely manner. CC ID 13501 [Identify, report, and correct system flaws. 03.14.01 a.]	Business Processes	Corrective
Establish and maintain the scope of the organizational compliance framework and Information Assurance controls. CC ID 01241	Establish/Maintain Documentation	Preventive
Establish, implement, and maintain a policy and procedure management program. CC ID 06285 [Develop, document, and disseminate to organizational personnel or roles the policies and procedures needed to satisfy the security requirements for the protection of CUI. 03.15.01 a. Review and update policies and procedures [Assignment: organization-defined frequency]. 03.15.01 b.]	Establish/Maintain Documentation	Preventive
Include contact information in the organization's policies, standards, and procedures. CC ID 17167	Establish/Maintain Documentation	Preventive
Include the effective date on all organizational policies. CC ID 06820	Establish/Maintain Documentation	Preventive
Include requirements in the organization’s policies, standards, and procedures. CC ID 12956	Establish/Maintain Documentation	Preventive
Include threats in the organization’s policies, standards, and procedures. CC ID 12953	Establish/Maintain Documentation	Preventive
Analyze organizational policies, as necessary. CC ID 14037	Establish/Maintain Documentation	Detective
Assess the impact of changes to organizational policies, standards, and procedures, as necessary. CC ID 14824	Business Processes	Preventive
Include opportunities in the organization’s policies, standards, and procedures. CC ID 12945	Establish/Maintain Documentation	Preventive
Establish and maintain an Authority Document list. CC ID 07113	Establish/Maintain Documentation	Preventive
Map in scope assets and in scope records to external requirements. CC ID 12189	Establish/Maintain Documentation	Detective
Document organizational procedures that harmonize external requirements, including all legal requirements. CC ID 00623	Establish/Maintain Documentation	Preventive
Establish, implement, and maintain full documentation of all policies, standards, and procedures that support the organization's compliance framework. CC ID 01636	Establish/Maintain Documentation	Preventive
Disseminate and communicate the organization’s policies, standards, and procedures to all interested personnel and affected parties. CC ID 12901	Communicate	Preventive
Disseminate and communicate the list of Authority Documents that support the organization's compliance framework to interested personnel and affected parties. CC ID 01312	Establish/Maintain Documentation	Preventive
Classify controls according to their preventive, detective, or corrective status. CC ID 06436	Establish/Maintain Documentation	Preventive
Publish, disseminate, and communicate a Statement on Internal Control, as necessary. CC ID 06727	Establish/Maintain Documentation	Preventive
Include signatures of c-level executives in the Statement on Internal Control. CC ID 14778	Establish/Maintain Documentation	Preventive
Include management's assertions on the effectiveness of internal control in the Statement on Internal Control. CC ID 14771	Establish/Maintain Documentation	Corrective
Include confirmation of any significant weaknesses in the Statement on Internal Control. CC ID 06861	Establish/Maintain Documentation	Preventive
Include roles and responsibilities in the Statement on Internal Control. CC ID 14774	Establish/Maintain Documentation	Preventive
Include an assurance statement regarding the counterterror protective security plan in the Statement on Internal Control. CC ID 06866	Establish/Maintain Documentation	Preventive
Include limitations of internal control systems in the Statement on Internal Control. CC ID 14773	Establish/Maintain Documentation	Preventive
Include a description of the methodology used to evaluate internal controls in the Statement on Internal Control. CC ID 14772	Establish/Maintain Documentation	Preventive
Include the counterterror protective security plan test results in the Statement on Internal Control. CC ID 06867	Establish/Maintain Documentation	Detective
Assign legislative body jurisdiction to the organization's assets, as necessary. CC ID 06956	Establish Roles	Preventive
Approve all compliance documents. CC ID 06286	Establish/Maintain Documentation	Preventive
Align the Authority Document list with external requirements. CC ID 06288	Establish/Maintain Documentation	Preventive
Assign the appropriate roles to all applicable compliance documents. CC ID 06284	Establish Roles	Preventive
Identify and document the Designated Approval Authority for compliance documents. CC ID 07114	Establish/Maintain Documentation	Preventive
Establish, implement, and maintain a compliance exception standard. CC ID 01628	Establish/Maintain Documentation	Preventive
Include the authority for granting exemptions in the compliance exception standard. CC ID 14329	Establish/Maintain Documentation	Preventive
Include all compliance exceptions in the compliance exception standard. CC ID 01630	Establish/Maintain Documentation	Detective
Include explanations, compensating controls, or risk acceptance in the compliance exceptions Exceptions document. CC ID 01631	Establish/Maintain Documentation	Preventive
Review the compliance exceptions in the exceptions document, as necessary. CC ID 01632	Business Processes	Preventive
Include when exemptions expire in the compliance exception standard. CC ID 14330	Establish/Maintain Documentation	Preventive
Assign the approval of compliance exceptions to the appropriate roles inside the organization. CC ID 06443	Establish Roles	Preventive
Include management of the exemption register in the compliance exception standard. CC ID 14328	Establish/Maintain Documentation	Preventive
Disseminate and communicate compliance exceptions to interested personnel and affected parties. CC ID 16945	Communicate	Preventive
Disseminate and communicate compliance documents to all interested personnel and affected parties. CC ID 06282 [Develop, document, and disseminate to organizational personnel or roles the policies and procedures needed to satisfy the security requirements for the protection of CUI. 03.15.01 a.]	Behavior	Preventive
Disseminate and communicate any compliance document changes when the documents are updated to interested personnel and affected parties. CC ID 06283	Behavior	Preventive

Monitoring and measurement

241

Mandated - bold Implied - italic Implementation - regular	TYPE	CLASS
KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term
Monitoring and measurement CC ID 00636	IT Impact Zone	IT Impact Zone
Monitor the usage and capacity of critical assets. CC ID 14825	Monitor and Evaluate Occurrences	Detective
Monitor the usage and capacity of Information Technology assets. CC ID 00668	Monitor and Evaluate Occurrences	Detective
Monitor systems for errors and faults. CC ID 04544 [Identify, report, and correct system flaws. 03.14.01 a.]	Monitor and Evaluate Occurrences	Detective
Report errors and faults to the appropriate personnel, as necessary. CC ID 14296 [Identify, report, and correct system flaws. 03.14.01 a.]	Communicate	Corrective
Establish, implement, and maintain logging and monitoring operations. CC ID 00637	Log Management	Detective
Establish, implement, and maintain intrusion management operations. CC ID 00580	Monitor and Evaluate Occurrences	Preventive
Monitor systems for inappropriate usage and other security violations. CC ID 00585 [Monitor the system to detect: 03.14.06 a. {inbound communications traffic} Monitor inbound and outbound communications traffic to detect unusual or unauthorized activities or conditions. 03.14.06 c.]	Monitor and Evaluate Occurrences	Detective
Monitor systems for blended attacks and multiple component incidents. CC ID 01225 [Monitor the system to detect: Attacks and indicators of potential attacks and 03.14.06 a.1.]	Monitor and Evaluate Occurrences	Detective
Monitor systems for Denial of Service attacks. CC ID 01222	Monitor and Evaluate Occurrences	Detective
Monitor systems for unauthorized data transfers. CC ID 12971	Monitor and Evaluate Occurrences	Preventive
Address operational anomalies within the incident management system. CC ID 11633	Audits and Risk Management	Preventive
Monitor systems for access to restricted data or restricted information. CC ID 04721	Monitor and Evaluate Occurrences	Detective
Assign roles and responsibilities for overseeing access to restricted data or restricted information. CC ID 11950	Human Resources Management	Detective
Detect unauthorized access to systems. CC ID 06798 [Monitor the system to detect: Unauthorized connections. 03.14.06 a.2. Identify unauthorized use of the system. 03.14.06 b. Monitor the system to detect: Attacks and indicators of potential attacks and 03.14.06 a.1.]	Monitor and Evaluate Occurrences	Detective
Incorporate potential red flags into the organization's incident management system. CC ID 04652	Monitor and Evaluate Occurrences	Detective
Establish, implement, and maintain an Identity Theft Prevention Program. CC ID 11634	Audits and Risk Management	Preventive
Prohibit the sale or transfer of a debt caused by identity theft. CC ID 16983	Acquisition/Sale of Assets or Services	Preventive
Alert interested personnel when suspicious activity is detected by an Intrusion Detection System or Intrusion Prevention System. CC ID 06430	Monitor and Evaluate Occurrences	Detective
Alert interested personnel and affected parties when an incident causes an outage. CC ID 06808	Monitor and Evaluate Occurrences	Detective
Monitor systems for unauthorized mobile code. CC ID 10034 [Authorize, monitor, and control the use of mobile code. 03.13.13 b.]	Monitor and Evaluate Occurrences	Preventive
Operationalize key monitoring and logging concepts to ensure the audit trails capture sufficient information. CC ID 00638	Log Management	Detective
Establish, implement, and maintain event logging procedures. CC ID 01335 [Generate audit records for the selected event types and audit record content specified in 03.03.01 and 03.03.02. 03.03.03 a.]	Log Management	Detective
Include the system components that generate audit records in the event logging procedures. CC ID 16426	Data and Information Management	Preventive
Include a standard to collect and interpret event logs in the event logging procedures. CC ID 00643	Log Management	Preventive
Protect the event logs from failure. CC ID 06290 [Take the following additional actions: [Assignment: organization-defined additional actions]. 03.03.04 b.]	Log Management	Preventive
Overwrite the oldest records when audit logging fails. CC ID 14308	Data and Information Management	Preventive
Supply each in scope asset with audit reduction tool and report generation capabilities to support after-the-fact investigations without altering the event logs. CC ID 01427 [Implement an audit record reduction and report generation capability that supports audit record review, analysis, reporting requirements, and after-the-fact investigations of incidents. 03.03.06 a. Preserve the original content and time ordering of audit records. 03.03.06 b.]	Testing	Preventive
Provide predefined suspicious activity reports for suspicious activity discovered in the event log. CC ID 06774	Establish/Maintain Documentation	Corrective
Include identity information of suspects in the suspicious activity report. CC ID 16648	Establish/Maintain Documentation	Preventive
Compile the event logs of multiple components into a system-wide time-correlated audit trail. CC ID 01424 [Analyze and correlate audit records across different repositories to gain organization-wide situational awareness. 03.03.05 c.]	Audits and Risk Management	Preventive
Establish, implement, and maintain log analysis tools. CC ID 17056	Technical Security	Preventive
Review and update event logs and audit logs, as necessary. CC ID 00596 [Review and analyze system audit records [Assignment: organization-defined frequency] for indications and the potential impact of inappropriate or unusual activity. 03.03.05 a.]	Log Management	Detective
Eliminate false positives in event logs and audit logs. CC ID 07047	Log Management	Corrective
Correlate log entries to security controls to verify the security control's effectiveness. CC ID 13207	Log Management	Detective
Identify cybersecurity events in event logs and audit logs. CC ID 13206	Technical Security	Detective
Follow up exceptions and anomalies identified when reviewing logs. CC ID 11925 [Review and analyze system audit records [Assignment: organization-defined frequency] for indications and the potential impact of inappropriate or unusual activity. 03.03.05 a.]	Investigate	Corrective
Reproduce the event log if a log failure is captured. CC ID 01426	Log Management	Preventive
Document the event information to be logged in the event information log specification. CC ID 00639 [Specify the following event types selected for logging within the system: [Assignment: organization-defined event types]. 03.03.01 a.]	Configuration	Preventive
Enable logging for all systems that meet a traceability criteria. CC ID 00640	Log Management	Detective
Synchronize system clocks to an accurate and universal time source on all devices. CC ID 01340 [Use internal system clocks to generate time stamps for audit records. 03.03.07 a.]	Configuration	Preventive
Centralize network time servers to as few as practical. CC ID 06308	Configuration	Preventive
Disseminate and communicate information to customers about clock synchronization methods used by the organization. CC ID 13044	Communicate	Preventive
Review and update the list of auditable events in the event logging procedures. CC ID 10097 [Review and update the event types selected for logging [Assignment: organization-defined frequency]. 03.03.01 b.]	Establish/Maintain Documentation	Preventive
Establish, implement, and maintain a risk monitoring program. CC ID 00658 [Develop and implement a system-level continuous monitoring strategy that includes ongoing monitoring and security assessments. 03.12.03 ¶ 1 Develop and implement a system-level continuous monitoring strategy that includes ongoing monitoring and security assessments. 03.12.03 ¶ 1]	Establish/Maintain Documentation	Preventive
Monitor the organization's exposure to threats, as necessary. CC ID 06494	Monitor and Evaluate Occurrences	Preventive
Monitor and evaluate environmental threats. CC ID 13481	Monitor and Evaluate Occurrences	Detective
Implement a fraud detection system. CC ID 13081	Business Processes	Preventive
Update or adjust fraud detection systems, as necessary. CC ID 13684	Process or Activity	Corrective
Monitor for new vulnerabilities. CC ID 06843 [Monitor and scan the system for vulnerabilities [Assignment: organization-defined frequency] and when new vulnerabilities affecting the system are identified. 03.11.02 a.]	Monitor and Evaluate Occurrences	Preventive
Establish, implement, and maintain a compliance testing strategy. CC ID 00659	Establish/Maintain Documentation	Preventive
Establish, implement, and maintain a self-assessment approach as part of the compliance testing strategy. CC ID 12833	Testing	Preventive
Test compliance controls for proper functionality. CC ID 00660	Testing	Detective
Establish, implement, and maintain a system security plan. CC ID 01922 [Develop a system security plan that: 03.15.02 a. Review and update the system security plan [Assignment: organization-defined frequency]. 03.15.02 b.]	Testing	Preventive
Include a system description in the system security plan. CC ID 16467	Establish/Maintain Documentation	Preventive
Include a description of the operational context in the system security plan. CC ID 14301	Establish/Maintain Documentation	Preventive
Include the results of the security categorization in the system security plan. CC ID 14281	Establish/Maintain Documentation	Preventive
Include the information types in the system security plan. CC ID 14696 [Develop a system security plan that: Identifies the information types processed, stored, and transmitted by the system; 03.15.02 a.2.]	Establish/Maintain Documentation	Preventive
Include the security requirements in the system security plan. CC ID 14274 [Develop a system security plan that: Provides an overview of the security requirements for the system; 03.15.02 a.5. Develop a system security plan that: Describes the safeguards in place or planned for meeting the security requirements; 03.15.02 a.6. Develop a system security plan that: Includes other relevant information necessary for the protection of CUI. 03.15.02 a.8.]	Establish/Maintain Documentation	Preventive
Include cryptographic key management procedures in the system security plan. CC ID 17029	Establish/Maintain Documentation	Preventive
Include threats in the system security plan. CC ID 14693 [Develop a system security plan that: Describes specific threats to the system that are of concern to the organization; 03.15.02 a.3.]	Establish/Maintain Documentation	Preventive
Include network diagrams in the system security plan. CC ID 14273 [Develop a system security plan that: Defines the constituent system components; 03.15.02 a.1. Develop a system security plan that: Describes the operational environment for the system and any dependencies on or connections to other systems or system components; 03.15.02 a.4.]	Establish/Maintain Documentation	Preventive
Include roles and responsibilities in the system security plan. CC ID 14682 [Develop a system security plan that: Identifies individuals that fulfill system roles and responsibilities; and 03.15.02 a.7.]	Establish/Maintain Documentation	Preventive
Include backup and recovery procedures in the system security plan. CC ID 17043	Establish/Maintain Documentation	Preventive
Include the results of the privacy risk assessment in the system security plan. CC ID 14676	Establish/Maintain Documentation	Preventive
Include remote access methods in the system security plan. CC ID 16441	Establish/Maintain Documentation	Preventive
Disseminate and communicate the system security plan to interested personnel and affected parties. CC ID 14275	Communicate	Preventive
Include a description of the operational environment in the system security plan. CC ID 14272 [Develop a system security plan that: Describes the operational environment for the system and any dependencies on or connections to other systems or system components; 03.15.02 a.4.]	Establish/Maintain Documentation	Preventive
Include the security categorizations and rationale in the system security plan. CC ID 14270	Establish/Maintain Documentation	Preventive
Include the authorization boundary in the system security plan. CC ID 14257	Establish/Maintain Documentation	Preventive
Align the enterprise architecture with the system security plan. CC ID 14255	Process or Activity	Preventive
Include security controls in the system security plan. CC ID 14239	Establish/Maintain Documentation	Preventive
Create specific test plans to test each system component. CC ID 00661	Establish/Maintain Documentation	Preventive
Include the roles and responsibilities in the test plan. CC ID 14299	Establish/Maintain Documentation	Preventive
Include the assessment team in the test plan. CC ID 14297	Establish/Maintain Documentation	Preventive
Include the scope in the test plans. CC ID 14293	Establish/Maintain Documentation	Preventive
Include the assessment environment in the test plan. CC ID 14271	Establish/Maintain Documentation	Preventive
Approve the system security plan. CC ID 14241	Business Processes	Preventive
Adhere to the system security plan. CC ID 11640	Testing	Detective
Review the test plans for each system component. CC ID 00662	Establish/Maintain Documentation	Preventive
Validate all testing assumptions in the test plans. CC ID 00663	Testing	Detective
Document validated testing processes in the testing procedures. CC ID 06200	Establish/Maintain Documentation	Preventive
Require testing procedures to be complete. CC ID 00664	Testing	Detective
Include error details, identifying the root causes, and mitigation actions in the testing procedures. CC ID 11827	Establish/Maintain Documentation	Preventive
Determine the appropriate assessment method for each testing process in the test plan. CC ID 00665	Testing	Preventive
Implement automated audit tools. CC ID 04882	Acquisition/Sale of Assets or Services	Preventive
Assign senior management to approve test plans. CC ID 13071	Human Resources Management	Preventive
Analyze system audit reports and determine the need to perform more tests. CC ID 00666	Testing	Detective
Monitor devices continuously for conformance with production specifications. CC ID 06201	Monitor and Evaluate Occurrences	Detective
Establish, implement, and maintain a testing program. CC ID 00654 [Develop and implement a system-level continuous monitoring strategy that includes ongoing monitoring and security assessments. 03.12.03 ¶ 1]	Behavior	Preventive
Conduct Red Team exercises, as necessary. CC ID 12131	Technical Security	Detective
Establish, implement, and maintain a security assessment and authorization policy. CC ID 14031	Establish/Maintain Documentation	Preventive
Establish and maintain a scoring method for Red Team exercise results. CC ID 12136	Establish/Maintain Documentation	Preventive
Include coordination amongst entities in the security assessment and authorization policy. CC ID 14222	Establish/Maintain Documentation	Preventive
Include the scope in the security assessment and authorization policy. CC ID 14220	Establish/Maintain Documentation	Preventive
Include the purpose in the security assessment and authorization policy. CC ID 14219	Establish/Maintain Documentation	Preventive
Disseminate and communicate the security assessment and authorization policy to interested personnel and affected parties. CC ID 14218	Communicate	Preventive
Include management commitment in the security assessment and authorization policy. CC ID 14189	Establish/Maintain Documentation	Preventive
Include compliance requirements in the security assessment and authorization policy. CC ID 14183	Establish/Maintain Documentation	Preventive
Include roles and responsibilities in the security assessment and authorization policy. CC ID 14179	Establish/Maintain Documentation	Preventive
Establish, implement, and maintain security assessment and authorization procedures. CC ID 14056	Establish/Maintain Documentation	Preventive
Disseminate and communicate security assessment and authorization procedures to interested personnel and affected parties. CC ID 14224	Communicate	Preventive
Test security systems and associated security procedures, as necessary. CC ID 11901	Technical Security	Detective
Employ third parties to carry out testing programs, as necessary. CC ID 13178	Human Resources Management	Preventive
Enable security controls which were disabled to conduct testing. CC ID 17031	Testing	Preventive
Document improvement actions based on test results and exercises. CC ID 16840	Establish/Maintain Documentation	Preventive
Disable dedicated accounts after testing is complete. CC ID 17033	Testing	Preventive
Protect systems and data during testing in the production environment. CC ID 17198	Testing	Preventive
Delete personal data upon data subject's withdrawal from testing. CC ID 17238	Data and Information Management	Preventive
Define the criteria to conduct testing in the production environment. CC ID 17197	Testing	Preventive
Obtain the data subject's consent to participate in testing in real-world conditions. CC ID 17232	Behavior	Preventive
Suspend testing in a production environment, as necessary. CC ID 17231	Testing	Preventive
Define the test requirements for each testing program. CC ID 13177	Establish/Maintain Documentation	Preventive
Test in scope systems for segregation of duties, as necessary. CC ID 13906	Testing	Detective
Include test requirements for the use of production data in the testing program. CC ID 17201	Testing	Preventive
Include test requirements for the use of human subjects in the testing program. CC ID 16222	Testing	Preventive
Test the in scope system in accordance with its intended purpose. CC ID 14961	Testing	Preventive
Perform network testing in accordance with organizational standards. CC ID 16448	Testing	Preventive
Notify interested personnel and affected parties prior to performing testing. CC ID 17034	Communicate	Preventive
Test user accounts in accordance with organizational standards. CC ID 16421	Testing	Preventive
Identify risk management measures when testing in scope systems. CC ID 14960	Process or Activity	Detective
Scan organizational networks for rogue devices. CC ID 00536	Testing	Detective
Include mechanisms for emergency stops in the testing program. CC ID 14398	Establish/Maintain Documentation	Preventive
Scan the network for wireless access points. CC ID 00370	Testing	Detective
Document the business need justification for authorized wireless access points. CC ID 12044	Establish/Maintain Documentation	Preventive
Scan wireless networks for rogue devices. CC ID 11623	Technical Security	Detective
Test the wireless device scanner's ability to detect rogue devices. CC ID 06859	Testing	Detective
Implement incident response procedures when rogue devices are discovered. CC ID 11880	Technical Security	Corrective
Alert appropriate personnel when rogue devices are discovered on the network. CC ID 06428	Monitor and Evaluate Occurrences	Corrective
Deny network access to rogue devices until network access approval has been received. CC ID 11852	Configuration	Preventive
Isolate rogue devices after a rogue device has been detected. CC ID 07061	Configuration	Corrective
Establish, implement, and maintain conformity assessment procedures. CC ID 15032	Establish/Maintain Documentation	Preventive
Share conformity assessment results with affected parties and interested personnel. CC ID 15113	Communicate	Preventive
Notify affected parties and interested personnel of technical documentation assessment certificates that have been issued. CC ID 15112	Communicate	Preventive
Notify affected parties and interested personnel of technical documentation assessment certificates that have been refused, withdrawn, suspended or restricted. CC ID 15111	Communicate	Preventive
Create technical documentation assessment certificates in an official language. CC ID 15110	Establish/Maintain Documentation	Preventive
Request an extension of the validity period of technical documentation assessment certificates, as necessary. CC ID 17228	Process or Activity	Preventive
Define the validity period for technical documentation assessment certificates. CC ID 17227	Process or Activity	Preventive
Opt out of third party conformity assessments when the system meets harmonized standards. CC ID 15096	Testing	Preventive
Perform conformity assessments, as necessary. CC ID 15095	Testing	Detective
Establish, implement, and maintain a port scan baseline for all in scope systems. CC ID 12134	Technical Security	Detective
Define the test frequency for each testing program. CC ID 13176	Establish/Maintain Documentation	Preventive
Compare port scan reports for in scope systems against their port scan baseline. CC ID 12162	Establish/Maintain Documentation	Detective
Establish, implement, and maintain a stress test program for identification cards or badges. CC ID 15424	Establish/Maintain Documentation	Preventive
Establish, implement, and maintain a penetration test program. CC ID 01105	Behavior	Preventive
Disseminate and communicate the testing program to all interested personnel and affected parties. CC ID 11871	Communicate	Preventive
Align the penetration test program with industry standards. CC ID 12469	Establish/Maintain Documentation	Preventive
Assign penetration testing to a qualified internal resource or external third party. CC ID 06429	Establish Roles	Preventive
Establish, implement, and maintain a penetration testing methodology that validates scope-reduction controls through network segmentation. CC ID 11958	Testing	Preventive
Retain penetration test results according to internal policy. CC ID 10049	Records Management	Preventive
Retain penetration test remediation action records according to internal policy. CC ID 11629	Records Management	Preventive
Use dedicated user accounts when conducting penetration testing. CC ID 13728	Testing	Detective
Remove dedicated user accounts after penetration testing is concluded. CC ID 13729	Testing	Corrective
Perform penetration tests, as necessary. CC ID 00655	Testing	Detective
Perform internal penetration tests, as necessary. CC ID 12471	Technical Security	Detective
Perform external penetration tests, as necessary. CC ID 12470	Technical Security	Detective
Include coverage of all in scope systems during penetration testing. CC ID 11957	Testing	Detective
Test the system for broken access controls. CC ID 01319	Testing	Detective
Test the system for broken authentication and session management. CC ID 01320	Testing	Detective
Test the system for insecure communications. CC ID 00535	Testing	Detective
Test the system for cross-site scripting attacks. CC ID 01321	Testing	Detective
Test the system for buffer overflows. CC ID 01322	Testing	Detective
Test the system for injection flaws. CC ID 01323	Testing	Detective
Ensure protocols are free from injection flaws. CC ID 16401	Process or Activity	Preventive
Test the system for Denial of Service. CC ID 01326	Testing	Detective
Test the system for insecure configuration management. CC ID 01327	Testing	Detective
Perform network-layer penetration testing on all systems, as necessary. CC ID 01277	Testing	Detective
Test the system for cross-site request forgery. CC ID 06296	Testing	Detective
Perform application-layer penetration testing on all systems, as necessary. CC ID 11630	Technical Security	Detective
Perform penetration testing on segmentation controls, as necessary. CC ID 12498	Technical Security	Detective
Verify segmentation controls are operational and effective. CC ID 12545	Audits and Risk Management	Detective
Repeat penetration testing, as necessary. CC ID 06860	Testing	Detective
Test the system for covert channels. CC ID 10652	Testing	Detective
Prevent adversaries from disabling or compromising security controls. CC ID 17057	Technical Security	Preventive
Estimate the maximum bandwidth of any covert channels. CC ID 10653	Technical Security	Detective
Reduce the maximum bandwidth of covert channels. CC ID 10655	Technical Security	Corrective
Test systems to determine which covert channels might be exploited. CC ID 10654	Testing	Detective
Establish, implement, and maintain a business line testing strategy. CC ID 13245	Establish/Maintain Documentation	Preventive
Include facilities in the business line testing strategy. CC ID 13253	Establish/Maintain Documentation	Preventive
Include electrical systems in the business line testing strategy. CC ID 13251	Establish/Maintain Documentation	Preventive
Include mechanical systems in the business line testing strategy. CC ID 13250	Establish/Maintain Documentation	Preventive
Include Heating Ventilation and Air Conditioning systems in the business line testing strategy. CC ID 13248	Establish/Maintain Documentation	Preventive
Include emergency power supplies in the business line testing strategy. CC ID 13247	Establish/Maintain Documentation	Preventive
Include environmental controls in the business line testing strategy. CC ID 13246	Establish/Maintain Documentation	Preventive
Establish, implement, and maintain a vulnerability management program. CC ID 15721	Establish/Maintain Documentation	Preventive
Establish, implement, and maintain a vulnerability assessment program. CC ID 11636	Establish/Maintain Documentation	Preventive
Perform vulnerability scans, as necessary. CC ID 11637 [Monitor and scan the system for vulnerabilities [Assignment: organization-defined frequency] and when new vulnerabilities affecting the system are identified. 03.11.02 a.]	Technical Security	Detective
Conduct scanning activities in a test environment. CC ID 17036	Testing	Preventive
Repeat vulnerability scanning, as necessary. CC ID 11646	Testing	Detective
Identify and document security vulnerabilities. CC ID 11857	Technical Security	Detective
Rank discovered vulnerabilities. CC ID 11940	Investigate	Detective
Use dedicated user accounts when conducting vulnerability scans. CC ID 12098	Technical Security	Preventive
Assign vulnerability scanning to qualified personnel or external third parties. CC ID 11638	Technical Security	Detective
Record the vulnerability scanning activity in the vulnerability scan report. CC ID 12097	Establish/Maintain Documentation	Preventive
Disseminate and communicate the vulnerability scan results to interested personnel and affected parties. CC ID 16418	Communicate	Preventive
Maintain vulnerability scan reports as organizational records. CC ID 12092	Records Management	Preventive
Correlate vulnerability scan reports from the various systems. CC ID 10636	Technical Security	Detective
Perform internal vulnerability scans, as necessary. CC ID 00656	Testing	Detective
Perform vulnerability scans prior to installing payment applications. CC ID 12192	Technical Security	Detective
Implement scanning tools, as necessary. CC ID 14282	Technical Security	Detective
Update the vulnerability scanners' vulnerability list. CC ID 10634 [Update system vulnerabilities to be scanned [Assignment: organization-defined frequency] and when new vulnerabilities are identified and reported. 03.11.02 c.]	Configuration	Corrective
Repeat vulnerability scanning after an approved change occurs. CC ID 12468	Technical Security	Detective
Perform external vulnerability scans, as necessary. CC ID 11624	Technical Security	Detective
Employ an approved third party to perform external vulnerability scans on the organization's systems. CC ID 12467	Business Processes	Preventive
Meet the requirements for a passing score during an external vulnerability scan or rescan. CC ID 12039	Testing	Preventive
Use automated mechanisms to compare new vulnerability scan reports with past vulnerability scan reports. CC ID 10635	Technical Security	Detective
Notify the interested personnel and affected parties after the failure of an automated security test. CC ID 06748	Behavior	Corrective
Perform vulnerability assessments, as necessary. CC ID 11828	Technical Security	Corrective
Review applications for security vulnerabilities after the application is updated. CC ID 11938	Technical Security	Detective
Test the system for unvalidated input. CC ID 01318	Testing	Detective
Test the system for proper error handling. CC ID 01324	Testing	Detective
Test the system for insecure data storage. CC ID 01325	Testing	Detective
Test the system for access control enforcement in all Uniform Resource Locators. CC ID 06297	Testing	Detective
Approve the vulnerability management program. CC ID 15722	Process or Activity	Preventive
Assign ownership of the vulnerability management program to the appropriate role. CC ID 15723	Establish Roles	Preventive
Perform penetration tests and vulnerability scans in concert, as necessary. CC ID 12111	Technical Security	Preventive
Test the system for insecure cryptographic storage. CC ID 11635	Technical Security	Detective
Perform self-tests on cryptographic modules within the system. CC ID 06537	Testing	Detective
Perform power-up tests on cryptographic modules within the system. CC ID 06538	Testing	Detective
Perform conditional tests on cryptographic modules within the system. CC ID 06539	Testing	Detective
Test in scope systems for compliance with the Configuration Baseline Documentation Record. CC ID 12130	Configuration	Detective
Document and maintain test results. CC ID 17028	Testing	Preventive
Include the pass or fail test status in the test results. CC ID 17106	Establish/Maintain Documentation	Preventive
Include time information in the test results. CC ID 17105	Establish/Maintain Documentation	Preventive
Include a description of the system tested in the test results. CC ID 17104	Establish/Maintain Documentation	Preventive
Disseminate and communicate the test results to interested personnel and affected parties. CC ID 17103	Communicate	Preventive
Recommend mitigation techniques based on vulnerability scan reports. CC ID 11639	Technical Security	Corrective
Disallow the use of payment applications when a vulnerability scan report indicates vulnerabilities are present. CC ID 12188	Configuration	Corrective
Recommend mitigation techniques based on penetration test results. CC ID 04881	Establish/Maintain Documentation	Corrective
Correct or mitigate vulnerabilities. CC ID 12497 [Remediate system vulnerabilities within [Assignment: organization-defined response times]. 03.11.02 b.]	Technical Security	Corrective
Establish, implement, and maintain an exception management process for vulnerabilities that cannot be remediated. CC ID 13859	Technical Security	Corrective
Establish, implement, and maintain a compliance monitoring policy. CC ID 00671	Establish/Maintain Documentation	Preventive
Establish, implement, and maintain a log management program. CC ID 00673	Establish/Maintain Documentation	Preventive
Restrict access to logs to authorized individuals. CC ID 01342 [Authorize access to management of audit logging functionality to only a subset of privileged users or roles. 03.03.08 b.]	Log Management	Preventive
Protect logs from unauthorized activity. CC ID 01345 [Protect audit information and audit logging tools from unauthorized access, modification, and deletion. 03.03.08 a.]	Log Management	Preventive
Establish, implement, and maintain a corrective action plan. CC ID 00675	Monitor and Evaluate Occurrences	Detective
Include monitoring in the corrective action plan. CC ID 11645 [Update the existing plan of action and milestones based on the findings from: 03.12.02 b.]	Monitor and Evaluate Occurrences	Detective
Protect against misusing automated audit tools. CC ID 04547 [Protect audit information and audit logging tools from unauthorized access, modification, and deletion. 03.03.08 a.]	Technical Security	Preventive
Evaluate the measurement process used for metrics. CC ID 06920	Testing	Detective
Evaluate the information technology products used for metrics. CC ID 11644	Technical Security	Detective
Identify and communicate improvements in metrics reporting. CC ID 06921	Establish/Maintain Documentation	Corrective

Operational and Systems Continuity

Mandated - bold Implied - italic Implementation - regular	TYPE	CLASS
KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term
Operational and Systems Continuity CC ID 00731	IT Impact Zone	IT Impact Zone
Establish, implement, and maintain a business continuity program. CC ID 13210	Establish/Maintain Documentation	Preventive
Establish, implement, and maintain system continuity plan strategies. CC ID 00735	Establish/Maintain Documentation	Preventive
Include technical preparation considerations for backup operations in the continuity plan. CC ID 01250	Establish/Maintain Documentation	Preventive
Perform backup procedures for in scope systems. CC ID 11692	Process or Activity	Preventive
Encrypt backup data. CC ID 00958 [Implement cryptographic mechanisms to prevent the unauthorized disclosure of CUI at backup storage locations. 03.08.09 b.]	Configuration	Preventive
Establish, implement, and maintain a pandemic plan. CC ID 13214	Establish/Maintain Documentation	Preventive
Include alternate work locations in the pandemic plan. CC ID 14376 [Determine alternate work sites allowed for use by employees. 03.10.06 a.]	Establish/Maintain Documentation	Preventive
Prepare the alternate facility for an emergency offsite relocation. CC ID 00744	Systems Continuity	Preventive
Configure the alternate facility to meet the least needed operational capabilities. CC ID 01395 [Employ the following security requirements at alternate work sites: [Assignment: organization-defined security requirements]. 03.10.06 b.]	Configuration	Preventive

Operational management

406

Mandated - bold Implied - italic Implementation - regular	TYPE	CLASS
KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term
Operational management CC ID 00805	IT Impact Zone	IT Impact Zone
Establish, implement, and maintain a Governance, Risk, and Compliance framework. CC ID 01406	Establish/Maintain Documentation	Preventive
Establish, implement, and maintain an information security program. CC ID 00812	Establish/Maintain Documentation	Preventive
Establish, implement, and maintain the Acceptable Use Policy. CC ID 01350 [Establish rules that describe the responsibilities and expected behavior for system usage and protecting CUI. 03.15.03 a. Review and update the rules of behavior [Assignment: organization-defined frequency]. 03.15.03 d.]	Establish/Maintain Documentation	Preventive
Include that explicit management authorization must be given for the use of all technologies and their documentation in the Acceptable Use Policy. CC ID 01351 [Authorize, monitor, and control the use of mobile code. 03.13.13 b.]	Establish/Maintain Documentation	Preventive
Include requiring users to protect restricted data in accordance with the Governance, Risk, and Compliance framework in the Acceptable Use Policy. CC ID 11894	Establish/Maintain Documentation	Preventive
Include Bring Your Own Device agreements in the Acceptable Use Policy. CC ID 15703	Establish/Maintain Documentation	Preventive
Include the obligations of users in the Bring Your Own Device agreement. CC ID 15708	Establish/Maintain Documentation	Preventive
Include the rights of the organization in the Bring Your Own Device agreement. CC ID 15707	Establish/Maintain Documentation	Preventive
Include the circumstances in which the organization may confiscate, audit, or inspect assets in the Bring Your Own Device agreement. CC ID 15706	Establish/Maintain Documentation	Preventive
Include the circumstances in which the organization may manage assets in the Bring Your Own Device agreement. CC ID 15705	Establish/Maintain Documentation	Preventive
Include Bring Your Own Device usage in the Acceptable Use Policy. CC ID 12293	Establish/Maintain Documentation	Preventive
Include a web usage policy in the Acceptable Use Policy. CC ID 16496	Establish/Maintain Documentation	Preventive
Include Bring Your Own Device security guidelines in the Acceptable Use Policy. CC ID 01352	Establish/Maintain Documentation	Preventive
Include asset tags in the Acceptable Use Policy. CC ID 01354	Establish/Maintain Documentation	Preventive
Specify the owner of applicable assets in the Acceptable Use Policy. CC ID 15699	Establish/Maintain Documentation	Preventive
Include asset use policies in the Acceptable Use Policy. CC ID 01355 [Establish usage restrictions, configuration requirements, and connection requirements for mobile devices. 03.01.18 a. Define acceptable mobile code and mobile code technologies. 03.13.13 a.]	Establish/Maintain Documentation	Preventive
Include authority for access authorization lists for assets in all relevant Acceptable Use Policies. CC ID 11872	Establish/Maintain Documentation	Preventive
Include access control mechanisms in the Acceptable Use Policy. CC ID 01353	Establish/Maintain Documentation	Preventive
Include temporary activation of remote access technologies for third parties in the Acceptable Use Policy. CC ID 11892	Technical Security	Preventive
Include prohibiting the copying or moving of restricted data from its original source onto local hard drives or removable storage media in the Acceptable Use Policy. CC ID 11893	Establish/Maintain Documentation	Preventive
Include a removable storage media use policy in the Acceptable Use Policy. CC ID 06772	Data and Information Management	Preventive
Correlate the Acceptable Use Policy with the network security policy. CC ID 01356	Establish/Maintain Documentation	Preventive
Include appropriate network locations for each technology in the Acceptable Use Policy. CC ID 11881	Establish/Maintain Documentation	Preventive
Correlate the Acceptable Use Policy with the approved product list. CC ID 01357	Establish/Maintain Documentation	Preventive
Include facility access and facility use in the Acceptable Use Policy. CC ID 06441	Establish/Maintain Documentation	Preventive
Include disciplinary actions in the Acceptable Use Policy. CC ID 00296	Establish/Maintain Documentation	Corrective
Include usage restrictions in the Acceptable Use Policy. CC ID 15311	Establish/Maintain Documentation	Preventive
Include a software installation policy in the Acceptable Use Policy. CC ID 06749	Establish/Maintain Documentation	Preventive
Document idle session termination and logout for remote access technologies in the Acceptable Use Policy. CC ID 12472	Establish/Maintain Documentation	Preventive
Disseminate and communicate the Acceptable Use Policy to all interested personnel and affected parties. CC ID 12431 [Provide rules to individuals who require access to the system. 03.15.03 b.]	Communicate	Preventive
Require interested personnel and affected parties to sign Acceptable Use Policies. CC ID 06661 [Receive a documented acknowledgement from individuals indicating that they have read, understand, and agree to abide by the rules of behavior before authorizing access to CUI and the system. 03.15.03 c.]	Establish/Maintain Documentation	Preventive
Require interested personnel and affected parties to re-sign Acceptable Use Policies, as necessary. CC ID 06663	Establish/Maintain Documentation	Preventive
Protect policies, standards, and procedures from unauthorized modification or disclosure. CC ID 10603 [Protect the incident response plan from unauthorized disclosure. 03.06.05 d. Protect the system security plan from unauthorized disclosure. 03.15.02 c. Protect the supply chain risk management plan from unauthorized disclosure. 03.17.01 c.]	Establish/Maintain Documentation	Preventive
Establish, implement, and maintain nondisclosure agreements. CC ID 04536 [Approve and manage the exchange of CUI between the system and other systems using [Selection (one or more): interconnection security agreements; information exchange security agreements; memoranda of understanding or agreement; service-level agreements; user agreements; non-disclosure agreements; other types of agreements]. 03.12.05 a.]	Establish/Maintain Documentation	Preventive
Disseminate and communicate nondisclosure agreements to interested personnel and affected parties. CC ID 16191	Communicate	Preventive
Require interested personnel and affected parties to sign nondisclosure agreements. CC ID 06667	Establish/Maintain Documentation	Preventive
Require interested personnel and affected parties to re-sign nondisclosure agreements, as necessary. CC ID 06669	Establish/Maintain Documentation	Preventive
Establish, implement, and maintain an Asset Management program. CC ID 06630	Business Processes	Preventive
Establish, implement, and maintain an asset inventory. CC ID 06631 [Develop and document an inventory of system components. 03.04.10 a. Review and update the system component inventory [Assignment: organization-defined frequency]. 03.04.10 b. Update the system component inventory as part of installations, removals, and system updates. 03.04.10 c.]	Business Processes	Preventive
Establish, implement, and maintain an Information Technology inventory with asset discovery audit trails. CC ID 00689	Establish/Maintain Documentation	Preventive
Include all account types in the Information Technology inventory. CC ID 13311	Establish/Maintain Documentation	Preventive
Include each Information System's system boundaries in the Information Technology inventory. CC ID 00695	Systems Design, Build, and Implementation	Preventive
Identify processes, Information Systems, and third parties that transmit, process, or store restricted data. CC ID 06289	Data and Information Management	Preventive
Include each Information System's major applications in the Information Technology inventory. CC ID 01407	Establish/Maintain Documentation	Preventive
Categorize all major applications according to the business information they process. CC ID 07182	Establish/Maintain Documentation	Preventive
Document the resources, hazards, and Evaluation Assurance Levels for each major application. CC ID 01164	Establish/Maintain Documentation	Preventive
Include the General Support Systems and security support structure in the Information Technology inventory. CC ID 01408	Establish/Maintain Documentation	Preventive
Include each Information System's minor applications in the Information Technology inventory. CC ID 01409	Establish/Maintain Documentation	Preventive
Conduct environmental surveys. CC ID 00690	Physical and Environmental Protection	Preventive
Categorize facilities in the Information Technology inventory according to their environmental risks. CC ID 06729	Establish/Maintain Documentation	Preventive
Establish, implement, and maintain a hardware asset inventory. CC ID 00691	Establish/Maintain Documentation	Preventive
Include network equipment in the Information Technology inventory. CC ID 00693	Establish/Maintain Documentation	Preventive
Include mobile devices that store restricted data or restricted information in the Information Technology inventory. CC ID 04719	Establish/Maintain Documentation	Preventive
Include interconnected systems and Software as a Service in the Information Technology inventory. CC ID 04885	Process or Activity	Preventive
Include software in the Information Technology inventory. CC ID 00692	Establish/Maintain Documentation	Preventive
Establish and maintain a list of authorized software and versions required for each system. CC ID 12093	Establish/Maintain Documentation	Preventive
Establish, implement, and maintain a storage media inventory. CC ID 00694	Establish/Maintain Documentation	Preventive
Include all electronic storage media containing restricted data or restricted information in the storage media inventory. CC ID 00962	Establish/Maintain Documentation	Detective
Establish, implement, and maintain a records inventory and database inventory. CC ID 01260	Establish/Maintain Documentation	Preventive
Add inventoried assets to the asset register database, as necessary. CC ID 07051	Establish/Maintain Documentation	Preventive
Identify discrepancies between the asset register database and the Information Technology inventory, as necessary. CC ID 07052	Monitor and Evaluate Occurrences	Corrective
Investigate and resolve discrepancies between the asset register database and the Information Technology inventory. CC ID 07053	Monitor and Evaluate Occurrences	Corrective
Organize the asset register database by grouping objects according to an organizational information classification standard. CC ID 07181	Establish/Maintain Documentation	Preventive
Use automated tools to collect Information Technology inventory information, as necessary. CC ID 07054	Technical Security	Preventive
Link the authentication system to the asset inventory. CC ID 13718	Technical Security	Preventive
Record a unique name for each asset in the asset inventory. CC ID 16305	Data and Information Management	Preventive
Record the decommission date for applicable assets in the asset inventory. CC ID 14920	Establish/Maintain Documentation	Preventive
Record the status of information systems in the asset inventory. CC ID 16304	Data and Information Management	Preventive
Record the communication interfaces for applicable assets in the asset inventory. CC ID 16301	Data and Information Management	Preventive
Record the Uniform Resource Locator for applicable assets in the asset inventory. CC ID 14918	Establish/Maintain Documentation	Preventive
Include source code in the asset inventory. CC ID 14858	Records Management	Preventive
Assign ownership of maintaining the asset inventory, as necessary. CC ID 12344	Human Resources Management	Preventive
Employ Dynamic Host Configuration Protocol server logging to detect systems not in the asset inventory. CC ID 12110	Technical Security	Detective
Record the review date for applicable assets in the asset inventory. CC ID 14919	Establish/Maintain Documentation	Preventive
Record software license information for each asset in the asset inventory. CC ID 11736	Data and Information Management	Preventive
Record services for applicable assets in the asset inventory. CC ID 13733	Establish/Maintain Documentation	Preventive
Record dependencies and interconnections between applicable assets in the asset inventory. CC ID 17196	Data and Information Management	Preventive
Record protocols for applicable assets in the asset inventory. CC ID 13734	Establish/Maintain Documentation	Preventive
Record the software version in the asset inventory. CC ID 12196	Establish/Maintain Documentation	Preventive
Record the publisher for applicable assets in the asset inventory. CC ID 13725	Establish/Maintain Documentation	Preventive
Record the authentication system in the asset inventory. CC ID 13724	Establish/Maintain Documentation	Preventive
Tag unsupported assets in the asset inventory. CC ID 13723	Establish/Maintain Documentation	Preventive
Record the vendor support end date for applicable assets in the asset inventory. CC ID 17194	Data and Information Management	Preventive
Record the install date for applicable assets in the asset inventory. CC ID 13720	Establish/Maintain Documentation	Preventive
Record the make, model of device for applicable assets in the asset inventory. CC ID 12465	Establish/Maintain Documentation	Preventive
Record the asset tag for physical assets in the asset inventory. CC ID 06632	Establish/Maintain Documentation	Preventive
Record the host name of applicable assets in the asset inventory. CC ID 13722	Establish/Maintain Documentation	Preventive
Record network ports for applicable assets in the asset inventory. CC ID 13730	Establish/Maintain Documentation	Preventive
Record the MAC address for applicable assets in the asset inventory. CC ID 13721	Establish/Maintain Documentation	Preventive
Record the operating system version for applicable assets in the asset inventory. CC ID 11748	Data and Information Management	Preventive
Record the operating system type for applicable assets in the asset inventory. CC ID 06633	Establish/Maintain Documentation	Preventive
Record rooms at external locations in the asset inventory. CC ID 16302	Data and Information Management	Preventive
Record the department associated with the asset in the asset inventory. CC ID 12084	Establish/Maintain Documentation	Preventive
Record the physical location for applicable assets in the asset inventory. CC ID 06634 [Identify and document the location of CUI and the system components on which the information is processed and stored. 03.04.11 a. Document changes to the system or system component location where CUI is processed and stored. 03.04.11 b.]	Establish/Maintain Documentation	Preventive
Record the manufacturer's serial number for applicable assets in the asset inventory. CC ID 06635	Establish/Maintain Documentation	Preventive
Record the firmware version for applicable assets in the asset inventory. CC ID 12195	Establish/Maintain Documentation	Preventive
Record the related business function for applicable assets in the asset inventory. CC ID 06636	Establish/Maintain Documentation	Preventive
Record the deployment environment for applicable assets in the asset inventory. CC ID 06637	Establish/Maintain Documentation	Preventive
Record the Internet Protocol address for applicable assets in the asset inventory. CC ID 06638	Establish/Maintain Documentation	Preventive
Record trusted keys and certificates in the asset inventory. CC ID 15486	Data and Information Management	Preventive
Record cipher suites and protocols in the asset inventory. CC ID 15489	Data and Information Management	Preventive
Link the software asset inventory to the hardware asset inventory. CC ID 12085	Establish/Maintain Documentation	Preventive
Record the owner for applicable assets in the asset inventory. CC ID 06640	Establish/Maintain Documentation	Preventive
Record all compliance requirements for applicable assets in the asset inventory. CC ID 15696	Establish/Maintain Documentation	Preventive
Record all changes to assets in the asset inventory. CC ID 12190	Establish/Maintain Documentation	Preventive
Record cloud service derived data in the asset inventory. CC ID 13007	Establish/Maintain Documentation	Preventive
Include cloud service customer data in the asset inventory. CC ID 13006	Establish/Maintain Documentation	Preventive
Establish, implement, and maintain a software accountability policy. CC ID 00868 [Implement a deny-all, allow-by-exception policy for the execution of authorized software programs on the system. 03.04.08 b.]	Establish/Maintain Documentation	Preventive
Establish, implement, and maintain software asset management procedures. CC ID 00895	Establish/Maintain Documentation	Preventive
Prevent users from disabling required software. CC ID 16417	Technical Security	Preventive
Establish, implement, and maintain software archives procedures. CC ID 00866	Establish/Maintain Documentation	Preventive
Establish, implement, and maintain software distribution procedures. CC ID 00894	Establish/Maintain Documentation	Preventive
Establish, implement, and maintain software documentation management procedures. CC ID 06395	Establish/Maintain Documentation	Preventive
Establish, implement, and maintain software license management procedures. CC ID 06639	Establish/Maintain Documentation	Preventive
Automate software license monitoring, as necessary. CC ID 07057	Monitor and Evaluate Occurrences	Preventive
Establish, implement, and maintain a system preventive maintenance program. CC ID 00885	Establish/Maintain Documentation	Preventive
Maintain contact with the device manufacturer or component manufacturer for maintenance requests. CC ID 06388	Behavior	Preventive
Use system components only when third party support is available. CC ID 10644 [Replace system components when support for the components is no longer available from the developer, vendor, or manufacturer. 03.16.02 a.]	Maintenance	Preventive
Obtain justification for the continued use of system components when third party support is no longer available. CC ID 10645 [Provide options for risk mitigation or alternative sources for continued support for unsupported components that cannot be replaced. 03.16.02 b.]	Maintenance	Preventive
Control and monitor all maintenance tools. CC ID 01432 [Approve, control, and monitor the use of system maintenance tools. 03.07.04 a. {does not contain} Prevent the removal of system maintenance equipment containing CUI by verifying that there is no CUI on the equipment, sanitizing or destroying the equipment, or retaining the equipment within the facility. 03.07.04 c.]	Physical and Environmental Protection	Detective
Obtain approval before removing maintenance tools from the facility. CC ID 14298	Business Processes	Preventive
Control remote maintenance according to the system's asset classification. CC ID 01433 [Approve and monitor nonlocal maintenance and diagnostic activities. 03.07.05 a.]	Technical Security	Preventive
Separate remote maintenance sessions from other network sessions with a logically separate communications path based upon encryption. CC ID 10614	Configuration	Preventive
Approve all remote maintenance sessions. CC ID 10615 [Approve and monitor nonlocal maintenance and diagnostic activities. 03.07.05 a.]	Technical Security	Preventive
Log the performance of all remote maintenance. CC ID 13202	Log Management	Preventive
Terminate remote maintenance sessions when the remote maintenance is complete. CC ID 12083 [Terminate session and network connections when nonlocal maintenance is completed. 03.07.05 c.]	Technical Security	Preventive
Conduct maintenance with authorized personnel. CC ID 01434 [Establish a process for maintenance personnel authorization. 03.07.06 a.]	Testing	Detective
Disconnect non-volatile media from information systems prior to performing maintenance with uncleared personnel. CC ID 14295	Maintenance	Preventive
Sanitize volatile media in information systems prior to performing maintenance with uncleared personnel. CC ID 14291	Maintenance	Preventive
Establish, implement, and maintain a customer service program. CC ID 00846	Establish/Maintain Documentation	Preventive
Establish, implement, and maintain an Incident Management program. CC ID 00853 [Implement an incident-handling capability that is consistent with the incident response plan and includes preparation, detection and analysis, containment, eradication, and recovery. 03.06.01 ¶ 1]	Business Processes	Preventive
Establish, implement, and maintain an incident management policy. CC ID 16414	Establish/Maintain Documentation	Preventive
Disseminate and communicate the incident management policy to interested personnel and affected parties. CC ID 16885	Communicate	Preventive
Define and assign the roles and responsibilities for Incident Management program. CC ID 13055	Human Resources Management	Preventive
Define the uses and capabilities of the Incident Management program. CC ID 00854	Establish/Maintain Documentation	Preventive
Include incident escalation procedures in the Incident Management program. CC ID 00856	Establish/Maintain Documentation	Preventive
Define the characteristics of the Incident Management program. CC ID 00855	Establish/Maintain Documentation	Preventive
Include the criteria for a data loss event in the Incident Management program. CC ID 12179	Establish/Maintain Documentation	Preventive
Include the criteria for an incident in the Incident Management program. CC ID 12173	Establish/Maintain Documentation	Preventive
Include a definition of affected transactions in the incident criteria. CC ID 17180	Establish/Maintain Documentation	Preventive
Include a definition of affected parties in the incident criteria. CC ID 17179	Establish/Maintain Documentation	Preventive
Include references to, or portions of, the Governance, Risk, and Compliance framework in the incident management program, as necessary. CC ID 13504	Establish/Maintain Documentation	Preventive
Establish, implement, and maintain an anti-money laundering program. CC ID 13675	Business Processes	Detective
Include incident monitoring procedures in the Incident Management program. CC ID 01207 [Track and document system security incidents. 03.06.02 a. Implement an incident-handling capability that is consistent with the incident response plan and includes preparation, detection and analysis, containment, eradication, and recovery. 03.06.01 ¶ 1]	Establish/Maintain Documentation	Preventive
Categorize the incident following an incident response. CC ID 13208	Technical Security	Preventive
Define and document the criteria to be used in categorizing incidents. CC ID 10033	Establish/Maintain Documentation	Preventive
Determine the cost of the incident when assessing security incidents. CC ID 17188	Process or Activity	Detective
Determine the duration of unscheduled downtime when assessing security incidents CC ID 17182	Process or Activity	Detective
Determine the duration of the incident when assessing security incidents. CC ID 17181	Process or Activity	Detective
Determine the incident severity level when assessing the security incidents. CC ID 01650	Monitor and Evaluate Occurrences	Corrective
Require personnel to monitor for and report known or suspected compromise of assets. CC ID 16453	Monitor and Evaluate Occurrences	Detective
Require personnel to monitor for and report suspicious account activity. CC ID 16462	Monitor and Evaluate Occurrences	Detective
Identify root causes of incidents that force system changes. CC ID 13482	Investigate	Detective
Respond to and triage when an incident is detected. CC ID 06942	Monitor and Evaluate Occurrences	Detective
Document the incident and any relevant evidence in the incident report. CC ID 08659	Establish/Maintain Documentation	Detective
Escalate incidents, as necessary. CC ID 14861	Monitor and Evaluate Occurrences	Corrective
Include support from law enforcement authorities when conducting incident response activities, as necessary. CC ID 13197	Process or Activity	Corrective
Respond to all alerts from security systems in a timely manner. CC ID 06434	Behavior	Corrective
Coordinate incident response activities with interested personnel and affected parties. CC ID 13196	Process or Activity	Corrective
Contain the incident to prevent further loss. CC ID 01751 [Implement an incident-handling capability that is consistent with the incident response plan and includes preparation, detection and analysis, containment, eradication, and recovery. 03.06.01 ¶ 1]	Process or Activity	Corrective
Wipe data and memory after an incident has been detected. CC ID 16850	Technical Security	Corrective
Refrain from accessing compromised systems. CC ID 01752	Technical Security	Corrective
Isolate compromised systems from the network. CC ID 01753	Technical Security	Corrective
Store system logs for in scope systems as digital forensic evidence after a security incident has been detected. CC ID 01754	Log Management	Corrective
Change authenticators after a security incident has been detected. CC ID 06789	Technical Security	Corrective
Refrain from turning on any in scope devices that are turned off when a security incident is detected. CC ID 08677	Investigate	Detective
Record actions taken by investigators during a forensic investigation in the forensic investigation report. CC ID 07095	Establish/Maintain Documentation	Preventive
Include the investigation methodology in the forensic investigation report. CC ID 17071	Establish/Maintain Documentation	Preventive
Include corrective actions in the forensic investigation report. CC ID 17070	Establish/Maintain Documentation	Preventive
Include the investigation results in the forensic investigation report. CC ID 17069	Establish/Maintain Documentation	Preventive
Include where the digital forensic evidence was found in the forensic investigation report. CC ID 08674	Establish/Maintain Documentation	Detective
Include the condition of the digital forensic evidence in the forensic investigation report. CC ID 08678	Establish/Maintain Documentation	Detective
Assess all incidents to determine what information was accessed. CC ID 01226 [Implement an incident-handling capability that is consistent with the incident response plan and includes preparation, detection and analysis, containment, eradication, and recovery. 03.06.01 ¶ 1]	Testing	Corrective
Check the precursors and indicators when assessing the security incidents. CC ID 01761	Monitor and Evaluate Occurrences	Corrective
Analyze the incident response process following an incident response. CC ID 13179	Investigate	Detective
Share incident information with interested personnel and affected parties. CC ID 01212 [Develop an incident response plan that: Addresses the sharing of incident information, and 03.06.05 a.5.]	Data and Information Management	Corrective
Share data loss event information with the media. CC ID 01759	Behavior	Corrective
Comply with privacy regulations and civil liberties requirements when sharing data loss event information. CC ID 10036	Data and Information Management	Preventive
Share data loss event information with interconnected system owners. CC ID 01209	Establish/Maintain Documentation	Corrective
Redact restricted data before sharing incident information. CC ID 16994	Data and Information Management	Preventive
Notify interested personnel and affected parties of an extortion payment in the event of a cybersecurity event. CC ID 16539	Communicate	Preventive
Notify interested personnel and affected parties of the reasons for the extortion payment, along with any alternative solutions. CC ID 16538	Communicate	Preventive
Document the justification for not reporting incidents to interested personnel and affected parties. CC ID 16547	Establish/Maintain Documentation	Preventive
Report data loss event information to breach notification organizations. CC ID 01210 [Report incident information to [Assignment: organization-defined authorities]. 03.06.02 c.]	Data and Information Management	Corrective
Submit an incident management audit log to the proper authorities for each security breach that affects a predefined number of individuals, as necessary. CC ID 06326	Log Management	Detective
Report to breach notification organizations the reasons for a delay in sending breach notifications. CC ID 16797	Communicate	Preventive
Report to breach notification organizations the distribution list to which the organization will send data loss event notifications. CC ID 16782	Communicate	Preventive
Report to breach notification organizations the time frame in which the organization will send data loss event notifications to interested personnel and affected parties. CC ID 04731	Behavior	Corrective
Remediate security violations according to organizational standards. CC ID 12338 [Implement an incident-handling capability that is consistent with the incident response plan and includes preparation, detection and analysis, containment, eradication, and recovery. 03.06.01 ¶ 1]	Business Processes	Preventive
Include data loss event notifications in the Incident Response program. CC ID 00364	Establish/Maintain Documentation	Preventive
Include legal requirements for data loss event notifications in the Incident Response program. CC ID 11954	Establish/Maintain Documentation	Preventive
Notify interested personnel and affected parties of the privacy breach that affects their personal data. CC ID 00365	Behavior	Corrective
Determine whether or not incident response notifications are necessary during the privacy breach investigation. CC ID 00801	Behavior	Detective
Delay sending incident response notifications under predetermined conditions. CC ID 00804	Behavior	Corrective
Include required information in the written request to delay the notification to affected parties. CC ID 16785	Establish/Maintain Documentation	Preventive
Submit written requests to delay the notification of affected parties. CC ID 16783	Communicate	Preventive
Revoke the written request to delay the notification. CC ID 16843	Process or Activity	Preventive
Design the text of the notice for all incident response notifications to be no smaller than 10-point type. CC ID 12985	Establish/Maintain Documentation	Preventive
Avoid false positive incident response notifications. CC ID 04732	Behavior	Detective
Establish, implement, and maintain incident response notifications. CC ID 12975	Establish/Maintain Documentation	Corrective
Refrain from charging for providing incident response notifications. CC ID 13876	Business Processes	Preventive
Include information required by law in incident response notifications. CC ID 00802	Establish/Maintain Documentation	Detective
Title breach notifications "Notice of Data Breach". CC ID 12977	Establish/Maintain Documentation	Preventive
Display titles of incident response notifications clearly and conspicuously. CC ID 12986	Establish/Maintain Documentation	Preventive
Display headings in incident response notifications clearly and conspicuously. CC ID 12987	Establish/Maintain Documentation	Preventive
Design the incident response notification to call attention to its nature and significance. CC ID 12984	Establish/Maintain Documentation	Preventive
Use plain language to write incident response notifications. CC ID 12976	Establish/Maintain Documentation	Preventive
Include directions for changing the user's authenticator or security questions and answers in the breach notification. CC ID 12983	Establish/Maintain Documentation	Preventive
Refrain from including restricted information in the incident response notification. CC ID 16806	Actionable Reports or Measurements	Preventive
Include the affected parties rights in the incident response notification. CC ID 16811	Establish/Maintain Documentation	Preventive
Include details of the investigation in incident response notifications. CC ID 12296	Establish/Maintain Documentation	Preventive
Include the issuer's name in incident response notifications. CC ID 12062	Establish/Maintain Documentation	Preventive
Include a "What Happened" heading in breach notifications. CC ID 12978	Establish/Maintain Documentation	Preventive
Include a general description of the data loss event in incident response notifications. CC ID 04734	Establish/Maintain Documentation	Preventive
Include time information in incident response notifications. CC ID 04745	Establish/Maintain Documentation	Preventive
Include the identification of the data source in incident response notifications. CC ID 12305	Establish/Maintain Documentation	Preventive
Include a "What Information Was Involved" heading in the breach notification. CC ID 12979	Establish/Maintain Documentation	Preventive
Include the type of information that was lost in incident response notifications. CC ID 04735	Establish/Maintain Documentation	Preventive
Include the type of information the organization maintains about the affected parties in incident response notifications. CC ID 04776	Establish/Maintain Documentation	Preventive
Include a "What We Are Doing" heading in the breach notification. CC ID 12982	Establish/Maintain Documentation	Preventive
Include what the organization has done to enhance data protection controls in incident response notifications. CC ID 04736	Establish/Maintain Documentation	Preventive
Include what the organization is offering or has already done to assist affected parties in incident response notifications. CC ID 04737	Establish/Maintain Documentation	Preventive
Include a "For More Information" heading in breach notifications. CC ID 12981	Establish/Maintain Documentation	Preventive
Include details of the companies and persons involved in incident response notifications. CC ID 12295	Establish/Maintain Documentation	Preventive
Include the credit reporting agencies' contact information in incident response notifications. CC ID 04744	Establish/Maintain Documentation	Preventive
Include the reporting individual's contact information in incident response notifications. CC ID 12297	Establish/Maintain Documentation	Preventive
Include any consequences in the incident response notifications. CC ID 12604	Establish/Maintain Documentation	Preventive
Include whether the notification was delayed due to a law enforcement investigation in incident response notifications. CC ID 04746	Establish/Maintain Documentation	Preventive
Include a "What You Can Do" heading in the breach notification. CC ID 12980	Establish/Maintain Documentation	Preventive
Include how the affected parties can protect themselves from identity theft in incident response notifications. CC ID 04738	Establish/Maintain Documentation	Detective
Provide enrollment information for identity theft prevention services or identity theft mitigation services. CC ID 13767	Communicate	Corrective
Offer identity theft prevention services or identity theft mitigation services at no cost to the affected parties. CC ID 13766	Business Processes	Corrective
Include contact information in incident response notifications. CC ID 04739	Establish/Maintain Documentation	Preventive
Include a copy of the incident response notification in breach notifications, as necessary. CC ID 13085	Communicate	Preventive
Send paper incident response notifications to affected parties, as necessary. CC ID 00366	Behavior	Corrective
Post the incident response notification on the organization's website. CC ID 16809	Process or Activity	Preventive
Determine if a substitute incident response notification is permitted if notifying affected parties. CC ID 00803	Behavior	Corrective
Document the determination for providing a substitute incident response notification. CC ID 16841	Process or Activity	Preventive
Use a substitute incident response notification to notify interested personnel and affected parties of the privacy breach that affects their personal data. CC ID 00368	Behavior	Corrective
Telephone incident response notifications to affected parties, as necessary. CC ID 04650	Behavior	Corrective
Send electronic substitute incident response notifications to affected parties, as necessary. CC ID 04747	Behavior	Preventive
Include contact information in the substitute incident response notification. CC ID 16776	Establish/Maintain Documentation	Preventive
Post substitute incident response notifications to the organization's website, as necessary. CC ID 04748	Establish/Maintain Documentation	Preventive
Send substitute incident response notifications to breach notification organizations, as necessary. CC ID 04750	Behavior	Preventive
Publish the incident response notification in a general circulation periodical. CC ID 04651	Behavior	Corrective
Publish the substitute incident response notification in a general circulation periodical, as necessary. CC ID 04769	Behavior	Preventive
Send electronic incident response notifications to affected parties, as necessary. CC ID 00367	Behavior	Corrective
Notify interested personnel and affected parties of the privacy breach about any recovered restricted data. CC ID 13347	Communicate	Corrective
Establish, implement, and maintain a containment strategy. CC ID 13480	Establish/Maintain Documentation	Preventive
Include the containment approach in the containment strategy. CC ID 13486	Establish/Maintain Documentation	Preventive
Include response times in the containment strategy. CC ID 13485	Establish/Maintain Documentation	Preventive
Include incident recovery procedures in the Incident Management program. CC ID 01758 [Implement an incident-handling capability that is consistent with the incident response plan and includes preparation, detection and analysis, containment, eradication, and recovery. 03.06.01 ¶ 1]	Establish/Maintain Documentation	Corrective
Change wireless access variables after a data loss event has been detected. CC ID 01756	Technical Security	Corrective
Eradicate the cause of the incident after the incident has been contained. CC ID 01757	Business Processes	Corrective
Establish, implement, and maintain a restoration log. CC ID 12745	Establish/Maintain Documentation	Preventive
Include a description of the restored data that was restored manually in the restoration log. CC ID 15463	Data and Information Management	Preventive
Include a description of the restored data in the restoration log. CC ID 15462	Data and Information Management	Preventive
Implement security controls for personnel that have accessed information absent authorization. CC ID 10611	Human Resources Management	Corrective
Establish, implement, and maintain compromised system reaccreditation procedures. CC ID 00592	Establish/Maintain Documentation	Preventive
Detect any potentially undiscovered security vulnerabilities on previously compromised systems. CC ID 06265	Monitor and Evaluate Occurrences	Detective
Re-image compromised systems with secure builds. CC ID 12086	Technical Security	Corrective
Analyze security violations in Suspicious Activity Reports. CC ID 00591	Establish/Maintain Documentation	Preventive
Include lessons learned from analyzing security violations in the Incident Management program. CC ID 01234	Monitor and Evaluate Occurrences	Preventive
Provide progress reports of the incident investigation to the appropriate roles, as necessary. CC ID 12298	Investigate	Preventive
Update the incident response procedures using the lessons learned. CC ID 01233	Establish/Maintain Documentation	Preventive
Test incident monitoring procedures. CC ID 13194	Testing	Detective
Include incident response procedures in the Incident Management program. CC ID 01218	Establish/Maintain Documentation	Preventive
Integrate configuration management procedures into the incident management program. CC ID 13647	Technical Security	Preventive
Include incident management procedures in the Incident Management program. CC ID 12689 [Implement an incident-handling capability that is consistent with the incident response plan and includes preparation, detection and analysis, containment, eradication, and recovery. 03.06.01 ¶ 1]	Establish/Maintain Documentation	Preventive
Establish, implement, and maintain temporary and emergency access authorization procedures. CC ID 00858	Establish/Maintain Documentation	Corrective
Establish, implement, and maintain temporary and emergency access revocation procedures. CC ID 15334	Establish/Maintain Documentation	Preventive
Include after-action analysis procedures in the Incident Management program. CC ID 01219	Establish/Maintain Documentation	Preventive
Establish, implement, and maintain security and breach investigation procedures. CC ID 16844	Establish/Maintain Documentation	Preventive
Conduct incident investigations, as necessary. CC ID 13826	Process or Activity	Detective
Analyze the behaviors of individuals involved in the incident during incident investigations. CC ID 14042	Investigate	Detective
Identify the affected parties during incident investigations. CC ID 16781	Investigate	Detective
Interview suspects during incident investigations, as necessary. CC ID 14041	Investigate	Detective
Interview victims and witnesses during incident investigations, as necessary. CC ID 14038	Investigate	Detective
Document any potential harm in the incident finding when concluding the incident investigation. CC ID 13830	Establish/Maintain Documentation	Preventive
Destroy investigative materials, as necessary. CC ID 17082	Data and Information Management	Preventive
Establish, implement, and maintain incident management audit logs. CC ID 13514	Records Management	Preventive
Log incidents in the Incident Management audit log. CC ID 00857	Establish/Maintain Documentation	Preventive
Include who the incident was reported to in the incident management audit log. CC ID 16487	Log Management	Preventive
Include the information that was exchanged in the incident management audit log. CC ID 16995	Log Management	Preventive
Include corrective actions in the incident management audit log. CC ID 16466	Establish/Maintain Documentation	Preventive
Include the organizational functions affected by disruption in the Incident Management audit log. CC ID 12238	Log Management	Corrective
Include the organization's business products and services affected by disruptions in the Incident Management audit log. CC ID 12234	Log Management	Preventive
Include emergency processing priorities in the Incident Management program. CC ID 00859	Establish/Maintain Documentation	Preventive
Include user's responsibilities for when a theft has occurred in the Incident Management program. CC ID 06387	Establish/Maintain Documentation	Preventive
Include incident record closure procedures in the Incident Management program. CC ID 01620	Establish/Maintain Documentation	Preventive
Include incident reporting procedures in the Incident Management program. CC ID 11772 [Report suspected incidents to the organizational incident response capability within [Assignment: organization-defined time period]. 03.06.02 b.]	Establish/Maintain Documentation	Preventive
Establish, implement, and maintain incident reporting time frame standards. CC ID 12142	Communicate	Preventive
Provide customer security advice, as necessary. CC ID 13674 [Provide an incident response support resource that offers advice and assistance to system users on handling and reporting incidents. 03.06.02 d.]	Communicate	Preventive
Use simple understandable language when providing customer security advice. CC ID 13685	Communicate	Preventive
Disseminate and communicate to customers the risks associated with transaction limits. CC ID 13686	Communicate	Preventive
Display customer security advice prominently. CC ID 13667	Establish/Maintain Documentation	Preventive
Establish, implement, and maintain an Incident Response program. CC ID 00579	Establish/Maintain Documentation	Preventive
Establish, implement, and maintain an incident response plan. CC ID 12056 [Develop an incident response plan that: 03.06.05 a. Develop an incident response plan that: Describes the structure and organization of the incident response capability, 03.06.05 a.2. {system changes} Update the incident response plan to address system and organizational changes or problems encountered during plan implementation, execution, or testing. 03.06.05 c.]	Establish/Maintain Documentation	Preventive
Include addressing external communications in the incident response plan. CC ID 13351	Establish/Maintain Documentation	Preventive
Include addressing internal communications in the incident response plan. CC ID 13350	Establish/Maintain Documentation	Preventive
Include change control procedures in the incident response plan. CC ID 15479	Establish/Maintain Documentation	Preventive
Include addressing information sharing in the incident response plan. CC ID 13349	Establish/Maintain Documentation	Preventive
Include dynamic reconfiguration in the incident response plan. CC ID 14306	Establish/Maintain Documentation	Preventive
Include a definition of reportable incidents in the incident response plan. CC ID 14303 [Develop an incident response plan that: Defines reportable incidents, 03.06.05 a.4.]	Establish/Maintain Documentation	Preventive
Include the management support needed for incident response in the incident response plan. CC ID 14300	Establish/Maintain Documentation	Preventive
Include root cause analysis in the incident response plan. CC ID 16423	Establish/Maintain Documentation	Preventive
Include how incident response fits into the organization in the incident response plan. CC ID 14294 [Develop an incident response plan that: Provides a high-level approach for how the incident response capability fits into the overall organization, 03.06.05 a.3.]	Establish/Maintain Documentation	Preventive
Include the resources needed for incident response in the incident response plan. CC ID 14292	Establish/Maintain Documentation	Preventive
Include incident response team structures in the Incident Response program. CC ID 01237 [Develop an incident response plan that: Designates responsibilities to organizational entities, personnel, or roles. 03.06.05 a.6.]	Establish/Maintain Documentation	Preventive
Include the incident response team member's roles and responsibilities in the Incident Response program. CC ID 01652	Establish Roles	Preventive
Include the incident response point of contact's roles and responsibilities in the Incident Response program. CC ID 01877	Establish Roles	Preventive
Open a priority incident request after a security breach is detected. CC ID 04838	Testing	Corrective
Activate the incident response notification procedures after a security breach is detected. CC ID 04839	Testing	Corrective
Notify interested personnel and affected parties that a security breach was detected. CC ID 11788	Communicate	Corrective
Include the head of information security's roles and responsibilities in the Incident Response program. CC ID 01878	Establish Roles	Preventive
Include the customer database owner's roles and responsibilities in the Incident Response program. CC ID 01879	Establish Roles	Preventive
Include the online sales department's roles and responsibilities in the Incident Response program. CC ID 01880	Establish Roles	Preventive
Include the incident response point of contact for credit card payment system's roles and responsibilities in the Incident Response program. CC ID 01881	Establish Roles	Preventive
Include the organizational legal counsel's roles and responsibilities in the Incident Response program. CC ID 01882	Establish Roles	Preventive
Include the Human Resources point of contact's roles and responsibilities in the Incident Response program. CC ID 01883	Establish Roles	Preventive
Include the organizational incident response network architecture point of contact's roles and responsibilities in the Incident Response program. CC ID 01884	Establish Roles	Preventive
Include the organizational incident response public relations point of contact's roles and responsibilities in the Incident Response program. CC ID 01885	Establish Roles	Preventive
Include the organizational incident response location manager's roles and responsibilities in the Incident Response program. CC ID 01886	Establish Roles	Preventive
Assign the distribution of security alerts to the appropriate role in the incident response program. CC ID 11887	Human Resources Management	Preventive
Assign monitoring and analyzing the security alert when a security alert is received to the appropriate role in the incident response program. CC ID 11886	Investigate	Detective
Assign establishing, implementing, and maintaining incident response procedures to the appropriate role in the incident response program. CC ID 12473	Establish/Maintain Documentation	Preventive
Assign the distribution of incident response procedures to the appropriate role in the incident response program. CC ID 12474	Communicate	Preventive
Include personnel contact information in the event of an incident in the Incident Response program. CC ID 06385	Establish/Maintain Documentation	Preventive
Include what information interested personnel and affected parties need in the event of an incident in the Incident Response program. CC ID 11789	Establish/Maintain Documentation	Preventive
Include identifying remediation actions in the incident response plan. CC ID 13354	Establish/Maintain Documentation	Preventive
Include procedures for providing updated status information to the crisis management team in the incident response plan. CC ID 12776	Establish/Maintain Documentation	Preventive
Include incident response team services in the Incident Response program. CC ID 11766	Establish/Maintain Documentation	Preventive
Include the incident response training program in the Incident Response program. CC ID 06750	Establish/Maintain Documentation	Preventive
Conduct incident response training. CC ID 11889 [Provide incident response training to system users consistent with assigned roles and responsibilities: 03.06.04 a. Provide incident response training to system users consistent with assigned roles and responsibilities: Within [Assignment: organization-defined time period] of assuming an incident response role or responsibility or acquiring system access, 03.06.04 a.1. Provide incident response training to system users consistent with assigned roles and responsibilities: When required by system changes, and 03.06.04 a.2. Provide incident response training to system users consistent with assigned roles and responsibilities: [Assignment: organization-defined frequency] thereafter. 03.06.04 a.3.]	Training	Preventive
Establish, implement, and maintain incident response procedures. CC ID 01206 [Develop an incident response plan that: Provides the organization with a roadmap for implementing its incident response capability, 03.06.05 a.1.]	Establish/Maintain Documentation	Detective
Include references to industry best practices in the incident response procedures. CC ID 11956	Establish/Maintain Documentation	Preventive
Include responding to alerts from security monitoring systems in the incident response procedures. CC ID 11949	Establish/Maintain Documentation	Preventive
Respond when an integrity violation is detected, as necessary. CC ID 10678	Technical Security	Corrective
Shut down systems when an integrity violation is detected, as necessary. CC ID 10679	Technical Security	Corrective
Restart systems when an integrity violation is detected, as necessary. CC ID 10680	Technical Security	Corrective
Disseminate and communicate the incident response procedures to all interested personnel and affected parties. CC ID 01215 [Distribute copies of the incident response plan to designated incident response personnel (identified by name and/or by role) and organizational elements. 03.06.05 b.]	Establish/Maintain Documentation	Preventive
Test the incident response procedures. CC ID 01216 [Test the effectiveness of the incident response capability [Assignment: organization-defined frequency]. 03.06.03 ¶ 1]	Testing	Detective
Document the results of incident response tests and provide them to senior management. CC ID 14857	Actionable Reports or Measurements	Preventive
Establish, implement, and maintain a change control program. CC ID 00886 [{configuration-controlled changes} Define the types of changes to the system that are configuration-controlled. 03.04.03 a.]	Establish/Maintain Documentation	Preventive
Include potential consequences of unintended changes in the change control program. CC ID 12243	Establish/Maintain Documentation	Preventive
Include version control in the change control program. CC ID 13119	Establish/Maintain Documentation	Preventive
Include service design and transition in the change control program. CC ID 13920	Establish/Maintain Documentation	Preventive
Separate the production environment from development environment or test environment for the change control process. CC ID 11864	Maintenance	Preventive
Integrate configuration management procedures into the change control program. CC ID 13646	Technical Security	Preventive
Establish, implement, and maintain a back-out plan. CC ID 13623	Establish/Maintain Documentation	Preventive
Establish, implement, and maintain back-out procedures for each proposed change in a change request. CC ID 00373	Establish/Maintain Documentation	Preventive
Approve back-out plans, as necessary. CC ID 13627	Establish/Maintain Documentation	Corrective
Manage change requests. CC ID 00887 [Review proposed configuration-controlled changes to the system, and approve or disapprove such changes with explicit consideration for security impacts. 03.04.03 b.]	Business Processes	Preventive
Include documentation of the impact level of proposed changes in the change request. CC ID 11942	Establish/Maintain Documentation	Preventive
Establish and maintain a change request approver list. CC ID 06795	Establish/Maintain Documentation	Preventive
Document all change requests in change request forms. CC ID 06794 [Review proposed configuration-controlled changes to the system, and approve or disapprove such changes with explicit consideration for security impacts. 03.04.03 b.]	Establish/Maintain Documentation	Preventive
Test proposed changes prior to their approval. CC ID 00548	Testing	Detective
Examine all changes to ensure they correspond with the change request. CC ID 12345	Business Processes	Detective
Approve tested change requests. CC ID 11783	Data and Information Management	Preventive
Validate the system before implementing approved changes. CC ID 01510	Systems Design, Build, and Implementation	Preventive
Disseminate and communicate proposed changes to all interested personnel and affected parties. CC ID 06807	Behavior	Preventive
Establish, implement, and maintain emergency change procedures. CC ID 00890	Establish/Maintain Documentation	Preventive
Perform emergency changes, as necessary. CC ID 12707	Process or Activity	Preventive
Back up emergency changes after the change has been performed. CC ID 12734	Process or Activity	Preventive
Log emergency changes after they have been performed. CC ID 12733	Establish/Maintain Documentation	Preventive
Perform risk assessments prior to approving change requests. CC ID 00888 [Analyze changes to the system to determine potential security impacts prior to change implementation. 03.04.04 a.]	Testing	Preventive
Conduct network certifications prior to approving change requests for networks. CC ID 13121	Process or Activity	Detective
Analyze mitigating controls for vulnerabilities in the network when certifying the network. CC ID 13126	Investigate	Detective
Collect data about the network environment when certifying the network. CC ID 13125	Investigate	Detective
Implement changes according to the change control program. CC ID 11776 [Implement and document approved configuration-controlled changes to the system. 03.04.03 c.]	Business Processes	Preventive
Provide audit trails for all approved changes. CC ID 13120	Establish/Maintain Documentation	Preventive
Establish, implement, and maintain a transition strategy. CC ID 17049	Establish/Maintain Documentation	Preventive
Establish, implement, and maintain a patch management program. CC ID 00896	Process or Activity	Preventive
Document the sources of all software updates. CC ID 13316	Establish/Maintain Documentation	Preventive
Implement patch management software, as necessary. CC ID 12094	Technical Security	Preventive
Include updates and exceptions to hardened images as a part of the patch management program. CC ID 12087	Technical Security	Preventive
Establish, implement, and maintain a patch management policy. CC ID 16432	Establish/Maintain Documentation	Preventive
Establish, implement, and maintain patch management procedures. CC ID 15224	Establish/Maintain Documentation	Preventive
Establish, implement, and maintain a patch log. CC ID 01642	Establish/Maintain Documentation	Preventive
Review the patch log for missing patches. CC ID 13186	Technical Security	Detective
Perform a patch test prior to deploying a patch. CC ID 00898	Testing	Detective
Prioritize deploying patches according to vulnerability risk metrics. CC ID 06796	Business Processes	Preventive
Deploy software patches in accordance with organizational standards. CC ID 07032	Configuration	Corrective
Test software patches for any potential compromise of the system's security. CC ID 13175	Testing	Detective
Patch software. CC ID 11825	Technical Security	Corrective
Patch the operating system, as necessary. CC ID 11824	Technical Security	Corrective
Deploy software patches in the disaster recovery environment to mirror those in the production environment. CC ID 13174	Configuration	Corrective
Remove outdated software after software has been updated. CC ID 11792	Configuration	Corrective
Update computer firmware, as necessary. CC ID 11755 [Install security-relevant software and firmware updates within [Assignment: organization-defined time period] of the release of the updates. 03.14.01 b.]	Configuration	Corrective
Review changes to computer firmware. CC ID 12226	Testing	Detective
Certify changes to computer firmware are free of malicious logic. CC ID 12227	Testing	Detective
Remove outdated computer firmware after the computer firmware has been updated. CC ID 10671	Configuration	Corrective
Implement cryptographic mechanisms to authenticate software and computer firmware before installation. CC ID 10682	Technical Security	Detective
Establish, implement, and maintain a software release policy. CC ID 00893	Establish/Maintain Documentation	Preventive
Establish, implement, and maintain traceability documentation. CC ID 16388	Systems Design, Build, and Implementation	Preventive
Disseminate and communicate software update information to users and regulators. CC ID 06602	Behavior	Preventive
Allow interested personnel and affected parties to opt out of specific version releases and software updates. CC ID 06809	Data and Information Management	Preventive
Mitigate the adverse effects of unauthorized changes. CC ID 12244	Business Processes	Corrective
Establish, implement, and maintain approved change acceptance testing procedures. CC ID 06391	Establish/Maintain Documentation	Detective
Test the system's operational functionality after implementing approved changes. CC ID 06294	Testing	Detective
Perform and pass acceptance testing before moving a system back into operation after an approved change has occurred. CC ID 04541 [Verify that the security requirements for the system continue to be satisfied after the system changes have been implemented. 03.04.04 b.]	Testing	Detective
Establish, implement, and maintain a change acceptance testing log. CC ID 06392	Establish/Maintain Documentation	Corrective
Update associated documentation after the system configuration has been changed. CC ID 00891	Establish/Maintain Documentation	Preventive
Establish, implement, and maintain a configuration change log. CC ID 08710 [Monitor and review activities associated with configuration-controlled changes to the system. 03.04.03 d.]	Configuration	Detective
Document approved configuration deviations. CC ID 08711	Establish/Maintain Documentation	Corrective

Physical and environmental protection

143

Mandated - bold Implied - italic Implementation - regular	TYPE	CLASS
KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term
Physical and environmental protection CC ID 00709	IT Impact Zone	IT Impact Zone
Establish, implement, and maintain a physical security program. CC ID 11757	Establish/Maintain Documentation	Preventive
Establish, implement, and maintain a facility physical security program. CC ID 00711	Establish/Maintain Documentation	Preventive
Identify and document physical access controls for all physical entry points. CC ID 01637	Establish/Maintain Documentation	Preventive
Control physical access to (and within) the facility. CC ID 01329 [{entry points} Enforce physical access authorizations at entry and exit points to the facility where the system resides by: Controlling ingress and egress with physical access control systems, devices, or guards. 03.10.07 a.2.]	Physical and Environmental Protection	Preventive
Establish, implement, and maintain physical access procedures. CC ID 13629 [{entry points} Enforce physical access authorizations at entry and exit points to the facility where the system resides by: Verifying individual physical access authorizations before granting access to the facility and 03.10.07 a.1.]	Establish/Maintain Documentation	Preventive
Meet the physical access requirements of disabled individuals, if reasonably possible. CC ID 00419	Physical and Environmental Protection	Preventive
Secure physical entry points with physical access controls or security guards. CC ID 01640 [{entry points} Enforce physical access authorizations at entry and exit points to the facility where the system resides by: Controlling ingress and egress with physical access control systems, devices, or guards. 03.10.07 a.2.]	Physical and Environmental Protection	Detective
Configure the access control system to grant access only during authorized working hours. CC ID 12325	Physical and Environmental Protection	Preventive
Establish, implement, and maintain a visitor access permission policy. CC ID 06699	Establish/Maintain Documentation	Preventive
Escort visitors within the facility, as necessary. CC ID 06417 [Escort visitors, and control visitor activity. 03.10.07 c.]	Establish/Maintain Documentation	Preventive
Check the visitor's stated identity against a provided government issued identification. CC ID 06701	Physical and Environmental Protection	Preventive
Authorize visitors before granting entry to physical areas containing restricted data or restricted information. CC ID 01330	Testing	Preventive
Disseminate and communicate the right of the organization to search visitors while at the facility. CC ID 06702	Behavior	Preventive
Establish, implement, and maintain procedures for changing a visitor's access requirements. CC ID 12048	Establish/Maintain Documentation	Preventive
Maintain and review facility access lists of personnel who have been granted authorized entry to (and within) facilities that contain restricted data or restricted information. CC ID 01436 [{maintenance personnel} Maintain a list of authorized maintenance organizations or personnel. 03.07.06 b. Verify that non-escorted personnel who perform maintenance on the system possess the required access authorizations. 03.07.06 c. Develop, approve, and maintain a list of individuals with authorized access to the facility where the system resides. 03.10.01 a. Review the facility access list [Assignment: organization-defined frequency]. 03.10.01 c. Remove individuals from the facility access list when access is no longer required. 03.10.01 d.]	Establish/Maintain Documentation	Preventive
Log the individual's address in the facility access list. CC ID 16921	Log Management	Preventive
Log the contact information for the person authorizing access in the facility access list. CC ID 16920	Log Management	Preventive
Log the organization's name in the facility access list. CC ID 16919	Log Management	Preventive
Log the individual's name in the facility access list. CC ID 16918	Log Management	Preventive
Log the purpose in the facility access list. CC ID 16982	Log Management	Preventive
Log the level of access in the facility access list. CC ID 16975	Log Management	Preventive
Authorize physical access to sensitive areas based on job functions. CC ID 12462	Establish/Maintain Documentation	Preventive
Change access requirements to organizational assets for personnel and visitors, as necessary. CC ID 12463	Physical and Environmental Protection	Corrective
Escort uncleared personnel who need to work in or access controlled access areas. CC ID 00747 [{maintenance personnel} Designate organizational personnel with required access authorizations and technical competence to supervise the maintenance activities of personnel who an style="background-color:#B7D8ED;" class="term_primary-verb">do not possess the required access authorizations. 03.07.06 d.]	Monitor and Evaluate Occurrences	Preventive
Establish, implement, and maintain physical identification procedures. CC ID 00713	Establish/Maintain Documentation	Preventive
Disallow opting out of wearing or displaying identification cards or badges. CC ID 13030	Human Resources Management	Preventive
Implement physical identification processes. CC ID 13715	Process or Activity	Preventive
Refrain from using knowledge-based authentication for in-person identity verification. CC ID 13717	Process or Activity	Preventive
Issue photo identification badges to all employees. CC ID 12326	Physical and Environmental Protection	Preventive
Implement operational requirements for card readers. CC ID 02225	Testing	Preventive
Establish, implement, and maintain lost or damaged identification card procedures, as necessary. CC ID 14819	Establish/Maintain Documentation	Preventive
Document all lost badges in a lost badge list. CC ID 12448	Establish/Maintain Documentation	Corrective
Report lost badges, stolen badges, and broken badges to the Security Manager. CC ID 12334	Physical and Environmental Protection	Preventive
Manage constituent identification inside the facility. CC ID 02215	Behavior	Preventive
Direct each employee to be responsible for their identification card or badge. CC ID 12332	Human Resources Management	Preventive
Manage visitor identification inside the facility. CC ID 11670	Physical and Environmental Protection	Preventive
Issue visitor identification badges to all non-employees. CC ID 00543	Behavior	Preventive
Secure unissued visitor identification badges. CC ID 06712	Physical and Environmental Protection	Preventive
Retrieve visitor identification badges prior to the exit of a visitor from the facility. CC ID 01331	Behavior	Preventive
Include name, date of entry, and validity period on disposable identification cards or badges. CC ID 12331	Physical and Environmental Protection	Preventive
Establish, implement, and maintain identification issuance procedures for identification cards or badges. CC ID 06598 [Issue authorization credentials for facility access. 03.10.01 b.]	Establish/Maintain Documentation	Preventive
Record the assigned identification card or badge serial number when issuing an identification card or badge. CC ID 06714	Process or Activity	Preventive
Include error handling controls in identification issuance procedures. CC ID 13709	Establish/Maintain Documentation	Preventive
Include an appeal process in the identification issuance procedures. CC ID 15428	Business Processes	Preventive
Include information security in the identification issuance procedures. CC ID 15425	Establish/Maintain Documentation	Preventive
Include identity proofing processes in the identification issuance procedures. CC ID 06597	Process or Activity	Preventive
Establish, implement, and maintain post-issuance update procedures for identification cards or badges. CC ID 15426	Establish/Maintain Documentation	Preventive
Include an identity registration process in the identification issuance procedures. CC ID 11671	Establish/Maintain Documentation	Preventive
Restrict access to the badge system to authorized personnel. CC ID 12043	Physical and Environmental Protection	Preventive
Enforce dual control for badge assignments. CC ID 12328	Physical and Environmental Protection	Preventive
Enforce dual control for accessing unassigned identification cards or badges. CC ID 12327	Physical and Environmental Protection	Preventive
Refrain from imprinting the company name or company logo on identification cards or badges. CC ID 12282	Physical and Environmental Protection	Preventive
Establish, implement, and maintain identification renewal procedures for identification cards or badges. CC ID 06599	Establish/Maintain Documentation	Preventive
Assign employees the responsibility for controlling their identification badges. CC ID 12333	Human Resources Management	Preventive
Establish, implement, and maintain identification re-issuing procedures for identification cards or badges. CC ID 06596	Establish/Maintain Documentation	Preventive
Charge a fee for replacement of identification cards or badges, as necessary. CC ID 17001	Business Processes	Preventive
Establish, implement, and maintain identification mechanism termination procedures. CC ID 06306	Establish/Maintain Documentation	Preventive
Prevent tailgating through physical entry points. CC ID 06685	Physical and Environmental Protection	Preventive
Use locks to protect against unauthorized physical access. CC ID 06342	Physical and Environmental Protection	Preventive
Use locks with electronic authentication systems or cipher locks, as necessary. CC ID 06650	Configuration	Preventive
Secure unissued access mechanisms. CC ID 06713 [Secure keys, combinations, and other physical access devices. 03.10.07 d.]	Technical Security	Preventive
Monitor for unauthorized physical access at physical entry points and physical exit points. CC ID 01638 [Monitor physical access to the facility where the system resides to detect and respond to physical security incidents. 03.10.02 a.]	Monitor and Evaluate Occurrences	Detective
Establish and maintain a visitor log. CC ID 00715 [Escort visitors, and control visitor activity. 03.10.07 c.]	Log Management	Preventive
Require all visitors to sign in to the visitor log before the entrance of a visitor to the facility. CC ID 06700	Establish/Maintain Documentation	Preventive
Require all visitors to sign out of the visitor log before the exit of a visitor from the facility. CC ID 06649	Behavior	Preventive
Record the purpose of the visit in the visitor log. CC ID 16917	Log Management	Preventive
Record the visitor's name in the visitor log. CC ID 00557	Log Management	Preventive
Record the visitor's organization in the visitor log. CC ID 12121	Log Management	Preventive
Record the visitor's acceptable access areas in the visitor log. CC ID 12237	Log Management	Preventive
Record the date and time of entry in the visitor log. CC ID 13255	Establish/Maintain Documentation	Preventive
Record the date and time of departure in the visitor log. CC ID 16897	Log Management	Preventive
Record the onsite personnel authorizing physical access for the visitor in the visitor log. CC ID 12466	Establish/Maintain Documentation	Preventive
Record the type of identification used in the visitor log. CC ID 16916	Log Management	Preventive
Retain all records in the visitor log as prescribed by law. CC ID 00572	Log Management	Preventive
Report anomalies in the visitor log to appropriate personnel. CC ID 14755	Investigate	Detective
Establish, implement, and maintain a physical access log. CC ID 12080 [Review physical access logs [Assignment: organization-defined frequency] and upon occurrence of [Assignment: organization-defined events or potential indications of events]. 03.10.02 b. {entry points} Maintain physical access audit logs for entry or exit points. 03.10.07 b.]	Establish/Maintain Documentation	Preventive
Log the entrance of a staff member to a facility or designated rooms within the facility. CC ID 01641	Log Management	Preventive
Log when the vault is accessed. CC ID 06725	Log Management	Detective
Log when the cabinet is accessed. CC ID 11674	Log Management	Detective
Store facility access logs in off-site storage. CC ID 06958	Log Management	Preventive
Log the exit of a staff member to a facility or designated rooms within the facility. CC ID 11675	Monitor and Evaluate Occurrences	Preventive
Include the requestor's name in the physical access log. CC ID 16922	Log Management	Preventive
Observe restricted areas with motion detectors or closed-circuit television systems. CC ID 01328	Monitor and Evaluate Occurrences	Detective
Review and correlate all data collected from video cameras and/or access control mechanisms with other entries. CC ID 11609	Monitor and Evaluate Occurrences	Detective
Configure video cameras to cover all physical entry points. CC ID 06302	Configuration	Preventive
Configure video cameras to prevent physical tampering or disablement. CC ID 06303	Configuration	Preventive
Retain video events according to Records Management procedures. CC ID 06304	Records Management	Preventive
Monitor physical entry point alarms. CC ID 01639	Physical and Environmental Protection	Detective
Evaluate and react to when unauthorized access is detected by physical entry point alarms. CC ID 11677	Monitor and Evaluate Occurrences	Detective
Monitor for alarmed security doors being propped open. CC ID 06684	Monitor and Evaluate Occurrences	Detective
Establish, implement, and maintain physical security threat reports. CC ID 02207	Establish/Maintain Documentation	Preventive
Establish, implement, and maintain physical security controls for distributed assets. CC ID 00718	Physical and Environmental Protection	Preventive
Control the transiting and internal distribution or external distribution of assets. CC ID 00963 [Protect and control system media that contain CUI during transport outside of controlled areas. 03.08.05 a.]	Records Management	Preventive
Log the transiting, internal distribution, and external distribution of restricted storage media. CC ID 12321 [Document activities associated with the transport of system media that contain CUI. 03.08.05 c.]	Log Management	Preventive
Encrypt digital media containing sensitive information during transport outside controlled areas. CC ID 14258	Technical Security	Preventive
Obtain management authorization for restricted storage media transit or distribution from a controlled access area. CC ID 00964	Records Management	Preventive
Use locked containers to transport non-digital media outside of controlled areas. CC ID 14286	Physical and Environmental Protection	Preventive
Transport restricted media using a delivery method that can be tracked. CC ID 11777	Business Processes	Preventive
Track restricted storage media while it is in transit. CC ID 00967 [Maintain accountability of system media that contain CUI during transport outside of controlled areas. 03.08.05 b.]	Data and Information Management	Detective
Restrict physical access to distributed assets. CC ID 11865 [Control physical access to output devices to prevent unauthorized individuals from obtaining access to CUI. 03.10.07 e.]	Physical and Environmental Protection	Preventive
House network hardware in lockable rooms or lockable equipment cabinets. CC ID 01873	Physical and Environmental Protection	Preventive
Protect electronic storage media with physical access controls. CC ID 00720	Physical and Environmental Protection	Preventive
Establish, implement, and maintain removable storage media controls. CC ID 06680 [Restrict the use of organization-controlled portable storage devices by authorized individuals on external systems. 03.01.20 d. Restrict or prohibit the use of [Assignment: organization-defined types of system media]. 03.08.07 a.]	Data and Information Management	Preventive
Control access to restricted storage media. CC ID 04889	Data and Information Management	Preventive
Physically secure all electronic storage media that store restricted data or restricted information. CC ID 11664 [Physically control and securely store system media that contain CUI. 03.08.01 ¶ 1]	Physical and Environmental Protection	Preventive
Separate duplicate originals and backup media from the original electronic storage media. CC ID 00961	Records Management	Preventive
Treat archive media as evidence. CC ID 00960	Records Management	Preventive
Log the transfer of removable storage media. CC ID 12322	Log Management	Preventive
Establish, implement, and maintain storage media access control procedures. CC ID 00959	Establish/Maintain Documentation	Preventive
Require removable storage media be in the custody of an authorized individual. CC ID 12319	Behavior	Preventive
Control the storage of restricted storage media. CC ID 00965	Records Management	Preventive
Store removable storage media containing restricted data or restricted information using electronic media storage cabinets or electronic media storage vaults. CC ID 00717	Physical and Environmental Protection	Preventive
Protect the combinations for all combination locks. CC ID 02199	Physical and Environmental Protection	Preventive
Establish, implement, and maintain electronic media storage container repair guidelines. CC ID 02200	Establish/Maintain Documentation	Preventive
Establish and maintain eavesdropping protection for vaults. CC ID 02231	Physical and Environmental Protection	Preventive
Serialize all removable storage media. CC ID 00949	Configuration	Preventive
Protect distributed assets against theft. CC ID 06799	Physical and Environmental Protection	Preventive
Establish, implement, and maintain asset removal procedures or asset decommissioning procedures. CC ID 04540 [{does not contain} Prevent the removal of system maintenance equipment containing CUI by verifying that there is no CUI on the equipment, sanitizing or destroying the equipment, or retaining the equipment within the facility. 03.07.04 c.]	Establish/Maintain Documentation	Preventive
Obtain management approval prior to decommissioning assets. CC ID 17269	Business Processes	Preventive
Prohibit assets from being taken off-site absent prior authorization. CC ID 12027	Process or Activity	Preventive
Establish, implement, and maintain end user computing device security guidelines. CC ID 00719	Establish/Maintain Documentation	Preventive
Establish, implement, and maintain a locking screen saver policy. CC ID 06717 [Prevent access to the system by [Selection (one or more): initiating a device lock after [Assignment: organization-defined time period] of inactivity; requiring the user to initiate a device lock before leaving the system unattended]. 03.01.10 a.]	Establish/Maintain Documentation	Preventive
Establish, implement, and maintain mobile device security guidelines. CC ID 04723 [Establish usage restrictions, configuration requirements, and connection requirements for mobile devices. 03.01.18 a.]	Establish/Maintain Documentation	Preventive
Include a "Return to Sender" text file on mobile devices. CC ID 17075	Process or Activity	Preventive
Include usage restrictions for untrusted networks in the mobile device security guidelines. CC ID 17076	Establish/Maintain Documentation	Preventive
Require users to refrain from leaving mobile devices unattended. CC ID 16446	Business Processes	Preventive
Include the expectation of data loss in the event of sanitizing the mobile device in the mobile device security guidelines. CC ID 12292	Establish/Maintain Documentation	Preventive
Include legal requirements in the mobile device security guidelines. CC ID 12291	Establish/Maintain Documentation	Preventive
Include the use of privacy filters in the mobile device security guidelines. CC ID 16452	Physical and Environmental Protection	Preventive
Include prohibiting the usage of unapproved application stores in the mobile device security guidelines. CC ID 12290	Establish/Maintain Documentation	Preventive
Include requiring users to create data backups in the mobile device security guidelines. CC ID 12289	Establish/Maintain Documentation	Preventive
Include the definition of mobile devices in the mobile device security guidelines. CC ID 12288	Establish/Maintain Documentation	Preventive
Refrain from responding to unsolicited Personal Identification Number requests. CC ID 12430	Physical and Environmental Protection	Preventive
Wipe information from mobile devices after a predetermined number of unsuccessful logon attempts. CC ID 14242	Data and Information Management	Preventive
Refrain from pairing Bluetooth devices in unsecured areas. CC ID 12429	Physical and Environmental Protection	Preventive
Encrypt information stored on mobile devices. CC ID 01422 [Implement full-device or container-based encryption to protect the confidentiality of CUI on mobile devices. 03.01.18 c.]	Data and Information Management	Preventive
Establish, implement, and maintain asset return procedures. CC ID 04537	Establish/Maintain Documentation	Preventive
Require the return of all assets upon notification an individual is terminated. CC ID 06679 [When individual employment is terminated: Retrieve security-related system property. 03.09.02 a.3.]	Behavior	Preventive
Prohibit the unauthorized remote activation of collaborative computing devices. CC ID 06768 [Prohibit the remote activation of collaborative computing devices and applications with the following exceptions: [Assignment: organization-defined exceptions where remote activation is to be allowed]. 03.13.12 a.]	Technical Security	Preventive
Indicate the active use of collaborative computing devices to users physically present at the device. CC ID 10647 [Provide an explicit indication of use to users physically present at the devices. 03.13.12 b.]	Technical Security	Preventive
Install and protect network cabling. CC ID 08624	Physical and Environmental Protection	Preventive
Control physical access to network cables. CC ID 00723 [Control physical access to system distribution and transmission lines within organizational facilities. 03.10.08 ¶ 1]	Process or Activity	Preventive

Records management

Mandated - bold Implied - italic Implementation - regular	TYPE	CLASS
KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term
Records management CC ID 00902	IT Impact Zone	IT Impact Zone
Establish, implement, and maintain records management policies. CC ID 00903	Establish/Maintain Documentation	Preventive
Define each system's preservation requirements for records and logs. CC ID 00904	Establish/Maintain Documentation	Detective
Determine how long to keep records and logs before disposing them. CC ID 11661	Process or Activity	Preventive
Retain records in accordance with applicable requirements. CC ID 00968 [Retain audit records for a time period consistent with the records retention policy. 03.03.03 b. Manage and retain CUI within the system and CUI output from the system in accordance with applicable laws, Executive Orders, directives, regulations, policies, standards, guidelines, and operational requirements. 03.14.08 ¶ 1]	Records Management	Preventive
Establish, implement, and maintain storage media disposition and destruction procedures. CC ID 11657	Establish/Maintain Documentation	Preventive
Sanitize electronic storage media in accordance with organizational standards. CC ID 16464	Data and Information Management	Preventive
Sanitize all electronic storage media before disposing a system or redeploying a system. CC ID 01643 [Sanitize system media that contain CUI prior to disposal, release out of organizational control, or release for reuse. 03.08.03 ¶ 1]	Data and Information Management	Preventive
Establish, implement, and maintain records management procedures. CC ID 11619	Establish/Maintain Documentation	Preventive
Establish, implement, and maintain electronic storage media management procedures. CC ID 00931	Establish/Maintain Documentation	Preventive
Establish, implement, and maintain security label procedures. CC ID 06747 [Mark system media that contain CUI to indicate distribution limitations, handling caveats, and applicable CUI markings. 03.08.04 ¶ 1]	Establish/Maintain Documentation	Preventive
Label restricted storage media appropriately. CC ID 00966	Data and Information Management	Preventive
Label printed output for specific record categories as directed by the organization's information classification standard. CC ID 01420	Records Management	Detective
Establish, implement, and maintain restricted material identification procedures. CC ID 01889	Establish/Maintain Documentation	Preventive
Conspicuously locate the restricted record's overall classification. CC ID 01890	Establish/Maintain Documentation	Preventive
Mark a restricted record's displayed pages or printed pages with the appropriate classification. CC ID 01891	Establish/Maintain Documentation	Preventive
Mark a restricted record's components (appendices, annexes) with the appropriate classification. CC ID 01892	Establish/Maintain Documentation	Preventive
Mark a restricted record's portions (paragraphs, sections) with the appropriate classification. CC ID 01893	Establish/Maintain Documentation	Preventive
Mark a restricted record's subject line or title with the appropriate classification. CC ID 01894	Establish/Maintain Documentation	Preventive
Mark all forms of electronic messages that contain restricted data or restricted information with the appropriate classification. CC ID 01896	Data and Information Management	Preventive
Establish, implement, and maintain online storage controls. CC ID 00942	Technical Security	Preventive
Establish, implement, and maintain security controls appropriate to the record types and electronic storage media. CC ID 00943	Records Management	Preventive
Provide encryption for different types of electronic storage media. CC ID 00945 [Implement cryptographic mechanisms to prevent the unauthorized disclosure of CUI during transmission and while in storage. 03.13.08 ¶ 1]	Technical Security	Preventive
Review the information that the organization collects, processes, and stores, as necessary. CC ID 12988	Business Processes	Detective
Review the information classification of the information that the organization collects, processes, and stores, as necessary. CC ID 13008 [Review the content on publicly accessible systems for CUI and remove such information, if discovered. 03.01.22 b.]	Process or Activity	Detective
Remove non-public information from publicly accessible systems. CC ID 14246 [Review the content on publicly accessible systems for CUI and remove such information, if discovered. 03.01.22 b.]	Data and Information Management	Corrective
Establish, implement, and maintain electronic storage media security controls. CC ID 13204 [Protect the confidentiality of backup information. 03.08.09 a.]	Technical Security	Preventive

System hardening through configuration management

642

Mandated - bold Implied - italic Implementation - regular	TYPE	CLASS
KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term
System hardening through configuration management CC ID 00860	IT Impact Zone	IT Impact Zone
Establish, implement, and maintain a Configuration Management program. CC ID 00867	Establish/Maintain Documentation	Preventive
Establish, implement, and maintain configuration control and Configuration Status Accounting. CC ID 00863 [Establish usage restrictions, configuration requirements, and connection requirements for each type of wireless access to the system. 03.01.16 a.]	Business Processes	Preventive
Establish, implement, and maintain appropriate system labeling. CC ID 01900	Establish/Maintain Documentation	Preventive
Include the identification number of the third party who performed the conformity assessment procedures on all promotional materials. CC ID 15041	Establish/Maintain Documentation	Preventive
Include the identification number of the third party who conducted the conformity assessment procedures after the CE marking of conformity. CC ID 15040	Establish/Maintain Documentation	Preventive
Verify configuration files requiring passwords for automation do not contain those passwords after the installation process is complete. CC ID 06555	Configuration	Preventive
Establish, implement, and maintain a configuration baseline based on the least functionality principle. CC ID 00862 [Develop and maintain under configuration control, a current baseline configuration of the system. 03.04.01 a.]	Establish/Maintain Documentation	Preventive
Include the measures used to account for any differences in operation between the test environments and production environments in the baseline configuration. CC ID 13285	Establish/Maintain Documentation	Preventive
Include the differences between test environments and production environments in the baseline configuration. CC ID 13284	Establish/Maintain Documentation	Preventive
Include the applied security patches in the baseline configuration. CC ID 13271	Establish/Maintain Documentation	Preventive
Include the installed application software and version numbers in the baseline configuration. CC ID 13270	Establish/Maintain Documentation	Preventive
Include installed custom software in the baseline configuration. CC ID 13274	Establish/Maintain Documentation	Preventive
Include network ports in the baseline configuration. CC ID 13273	Establish/Maintain Documentation	Preventive
Include the operating systems and version numbers in the baseline configuration. CC ID 13269	Establish/Maintain Documentation	Preventive
Establish, implement, and maintain a system hardening standard. CC ID 00876	Establish/Maintain Documentation	Preventive
Establish, implement, and maintain configuration standards. CC ID 11953 [Establish, document, and implement the following configuration settings for the system that reflect the most restrictive mode consistent with operational requirements: [Assignment: organization-defined configuration settings]. 03.04.02 a.]	Configuration	Preventive
Include common security parameter settings in the configuration standards for all systems. CC ID 12544	Establish/Maintain Documentation	Preventive
Apply configuration standards to all systems, as necessary. CC ID 12503	Configuration	Preventive
Document and justify system hardening standard exceptions. CC ID 06845 [Identify, document, and approve any deviations from established configuration settings. 03.04.02 b.]	Configuration	Preventive
Configure security parameter settings on all system components appropriately. CC ID 12041	Technical Security	Preventive
Provide documentation verifying devices are not susceptible to known exploits. CC ID 11987	Establish/Maintain Documentation	Preventive
Establish, implement, and maintain system hardening procedures. CC ID 12001	Establish/Maintain Documentation	Preventive
Configure session timeout and reauthentication settings according to organizational standards. CC ID 12460	Technical Security	Preventive
Configure automatic logoff to terminate the sessions based on inactivity according to organizational standards. CC ID 04490 [Terminate a user session automatically after [Assignment: organization-defined conditions or trigger events requiring session disconnect]. 03.01.11 ¶ 1 Terminate the network connection associated with a communications session at the end of the session or after [Assignment: organization-defined time period] of inactivity. 03.13.09 ¶ 1]	Configuration	Preventive
Use the latest approved version of all assets. CC ID 00897	Technical Security	Preventive
Install critical security updates and important security updates in a timely manner. CC ID 01696 [Install security-relevant software and firmware updates within [Assignment: organization-defined time period] of the release of the updates. 03.14.01 b.]	Configuration	Preventive
Include risk information when communicating critical security updates. CC ID 14948	Communicate	Preventive
Establish, implement, and maintain idle session termination and logout capabilities. CC ID 01418 [Require that users log out of the system after [Assignment: organization-defined time period] of expected inactivity or when [Assignment: organization-defined circumstances]. 03.01.01 h.]	Configuration	Preventive
Refrain from using assertion lifetimes to limit each session. CC ID 13871	Technical Security	Preventive
Configure Session Configuration settings in accordance with organizational standards. CC ID 07698	Configuration	Preventive
Invalidate unexpected session identifiers. CC ID 15307	Configuration	Preventive
Configure the "MaxStartups" settings to organizational standards. CC ID 15329	Configuration	Preventive
Reject session identifiers that are not valid. CC ID 15306	Configuration	Preventive
Configure the "MaxSessions" settings to organizational standards. CC ID 15330	Configuration	Preventive
Configure the "Interactive logon: Message title for users attempting to log on" to organizational standards. CC ID 07699	Configuration	Preventive
Configure the "LoginGraceTime" settings to organizational standards. CC ID 15328	Configuration	Preventive
Configure the "Network security: Force logoff when logon hours expire" to organizational standards. CC ID 07738	Configuration	Preventive
Configure the "MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended)" to organizational standards. CC ID 07758	Configuration	Preventive
Configure the "Microsoft network server: Disconnect clients when logon hours expire" to organizational standards. CC ID 07824	Configuration	Preventive
Configure the "Microsoft network server: Amount of idle time required before suspending session" to organizational standards. CC ID 07826	Configuration	Preventive
Configure the "Interactive logon: Do not display last user name" to organizational standards. CC ID 07832	Configuration	Preventive
Configure the "Interactive logon: Display user information when the session is locked" to organizational standards. CC ID 07848	Configuration	Preventive
Configure the "Interactive logon: Message text for users attempting to log on" to organizational standards. CC ID 07870	Configuration	Preventive
Configure the "Always prompt for password upon connection" to organizational standards. CC ID 08229	Configuration	Preventive
Configure the "Interactive logon: Machine inactivity limit" to organizational standards. CC ID 08350	Configuration	Preventive
Remove all unnecessary functionality. CC ID 00882 [{essential capabilities} Configure the system to provide only mission-essential capabilities. 03.04.06 a. Disable or remove functions, ports, protocols, connections, and services that are unnecessary or nonsecure. 03.04.06 d.]	Configuration	Preventive
Document that all enabled functions support secure configurations. CC ID 11985	Establish/Maintain Documentation	Preventive
Find and eradicate unauthorized world writable files. CC ID 01541	Configuration	Preventive
Strip dangerous/unneeded SUID/SGID system executables. CC ID 01542	Configuration	Preventive
Find and eradicate unauthorized SUID/SGID system executables. CC ID 01543	Configuration	Preventive
Find and eradicate unowned files and unowned directories. CC ID 01544	Configuration	Preventive
Disable logon prompts on serial ports. CC ID 01553	Configuration	Preventive
Disable "nobody" access for Secure RPC. CC ID 01554	Configuration	Preventive
Disable all unnecessary interfaces. CC ID 04826	Configuration	Preventive
Enable or disable all unused USB ports as appropriate. CC ID 06042	Configuration	Preventive
Disable all user-mounted removable file systems. CC ID 01536	Configuration	Preventive
Set the Bluetooth Security Mode to the organizational standard. CC ID 00587	Configuration	Preventive
Secure the Bluetooth headset connections. CC ID 00593	Configuration	Preventive
Verify wireless peripherals meet organizational security requirements. CC ID 00657	Testing	Detective
Disable automatic dial-in access to computers that have installed modems. CC ID 02036	Configuration	Preventive
Configure the "Turn off AutoPlay" setting. CC ID 01787	Configuration	Preventive
Configure the "Devices: Restrict floppy access to locally logged on users only" setting. CC ID 01732	Configuration	Preventive
Configure the "Devices: Restrict CD-ROM access to locally logged on users" setting. CC ID 01731	Configuration	Preventive
Configure the "Remove CD Burning features" setting. CC ID 04379	Configuration	Preventive
Disable Autorun. CC ID 01790	Configuration	Preventive
Disable USB devices (aka hotplugger). CC ID 01545	Configuration	Preventive
Enable or disable all unused auxiliary ports as appropriate. CC ID 06414	Configuration	Preventive
Remove rhosts support unless absolutely necessary. CC ID 01555	Configuration	Preventive
Remove weak authentication services from Pluggable Authentication Modules. CC ID 01556	Configuration	Preventive
Remove the /etc/hosts.equiv file. CC ID 01559	Configuration	Preventive
Create the /etc/ftpd/ftpusers file. CC ID 01560	Configuration	Preventive
Remove the X Wrapper and enable the X Display Manager. CC ID 01564	Configuration	Preventive
Remove empty crontab files and restrict file permissions to the file. CC ID 01571	Configuration	Preventive
Remove all compilers and assemblers from the system. CC ID 01594	Configuration	Preventive
Disable all unnecessary applications unless otherwise noted in a policy exception. CC ID 04827	Configuration	Preventive
Restrict and control the use of privileged utility programs. CC ID 12030	Technical Security	Preventive
Disable the storing of movies in cache in Apple's QuickTime. CC ID 04489	Configuration	Preventive
Install and enable file sharing utilities, as necessary. CC ID 02174	Configuration	Preventive
Disable boot services unless boot services are absolutely necessary. CC ID 01481	Configuration	Preventive
Disable File Services for Macintosh unless File Services for Macintosh are absolutely necessary. CC ID 04279	Configuration	Preventive
Configure the Trivial FTP Daemon service to organizational standards. CC ID 01484	Configuration	Preventive
Disable printer daemons or the printer service unless printer daemons or the printer service is absolutely necessary. CC ID 01487	Configuration	Preventive
Disable web server unless web server is absolutely necessary. CC ID 01490	Configuration	Preventive
Disable portmapper unless portmapper is absolutely necessary. CC ID 01492	Configuration	Preventive
Disable writesrv, pmd, and httpdlite unless writesrv, pmd, and httpdlite are absolutely necessary. CC ID 01498	Configuration	Preventive
Disable hwscan hardware detection unless hwscan hardware detection is absolutely necessary. CC ID 01504	Configuration	Preventive
Configure the “xinetd” service to organizational standards. CC ID 01509	Configuration	Preventive
Configure the /etc/xinetd.conf file permissions as appropriate. CC ID 01568	Configuration	Preventive
Disable inetd unless inetd is absolutely necessary. CC ID 01508	Configuration	Preventive
Disable Network Computing System unless it is absolutely necessary. CC ID 01497	Configuration	Preventive
Disable print server for macintosh unless print server for macintosh is absolutely necessary. CC ID 04284	Configuration	Preventive
Disable Print Server unless Print Server is absolutely necessary. CC ID 01488	Configuration	Preventive
Disable ruser/remote login/remote shell/rcp command, unless it is absolutely necessary. CC ID 01480	Configuration	Preventive
Disable xfsmd unless xfsmd is absolutely necessary. CC ID 02179	Configuration	Preventive
Disable RPC-based services unless RPC-based services are absolutely necessary. CC ID 01455	Configuration	Preventive
Disable netfs script unless netfs script is absolutely necessary. CC ID 01495	Configuration	Preventive
Disable Remote Procedure Calls unless Remote Procedure Calls are absolutely necessary and if enabled, set restrictions. CC ID 01456	Configuration	Preventive
Configure the "RPC Endpoint Mapper Client Authentication" setting. CC ID 04327	Configuration	Preventive
Disable ncpfs Script unless ncpfs Script is absolutely necessary. CC ID 01494	Configuration	Preventive
Disable sendmail server unless sendmail server is absolutely necessary. CC ID 01511	Configuration	Preventive
Disable postfix unless postfix is absolutely necessary. CC ID 01512	Configuration	Preventive
Disable directory server unless directory server is absolutely necessary. CC ID 01464	Configuration	Preventive
Disable Windows-compatibility client processes unless Windows-compatibility client processes are absolutely necessary. CC ID 01471	Configuration	Preventive
Disable Windows-compatibility servers unless Windows-compatibility servers are absolutely necessary. CC ID 01470	Configuration	Preventive
Configure the “Network File System” server to organizational standards CC ID 01472	Configuration	Preventive
Configure NFS to respond or not as appropriate to NFS client requests that do not include a User ID. CC ID 05981	Configuration	Preventive
Configure NFS with appropriate authentication methods. CC ID 05982	Configuration	Preventive
Configure the "AUTH_DES authentication mechanism" for "NFS server" setting to organizational standards. CC ID 08971	Configuration	Preventive
Configure the "AUTH_KERB authentication mechanism" for "NFS server" setting to organizational standards. CC ID 08972	Configuration	Preventive
Configure the "AUTH_NONE authentication mechanism" for "NFS server" setting to organizational standards. CC ID 08973	Configuration	Preventive
Configure the "AUTH_UNIX authentication mechanism" for "NFS server" setting to organizational standards. CC ID 08974	Configuration	Preventive
Disable webmin processes unless the webmin process is absolutely necessary. CC ID 01501	Configuration	Preventive
Disable automount daemon unless automount daemon is absolutely necessary. CC ID 01476	Configuration	Preventive
Disable CDE-related daemons unless CDE-related daemons are absolutely necessary. CC ID 01474	Configuration	Preventive
Disable finger unless finger is absolutely necessary. CC ID 01505	Configuration	Preventive
Disable Rexec unless Rexec is absolutely necessary. CC ID 02164	Configuration	Preventive
Disable Squid cache server unless Squid cache server is absolutely necessary. CC ID 01502	Configuration	Preventive
Disable Kudzu hardware detection unless Kudzu hardware detection is absolutely necessary. CC ID 01503	Configuration	Preventive
Install and enable public Instant Messaging clients as necessary. CC ID 02173	Configuration	Preventive
Disable x font server unless x font server is absolutely necessary. CC ID 01499	Configuration	Preventive
Validate, approve, and document all UNIX shells prior to use. CC ID 02161	Establish/Maintain Documentation	Preventive
Disable NFS client processes unless NFS client processes are absolutely necessary. CC ID 01475	Configuration	Preventive
Disable the use of removable storage media for systems that process restricted data or restricted information, as necessary. CC ID 06681 [{absent} Prohibit the use of removable system media without an identifiable owner. 03.08.07 b.]	Data and Information Management	Preventive
Disable removable storage media daemon unless the removable storage media daemon is absolutely necessary. CC ID 01477	Configuration	Preventive
Disable GSS daemon unless GSS daemon is absolutely necessary. CC ID 01465	Configuration	Preventive
Disable Computer Browser unless Computer Browser is absolutely necessary. CC ID 01814	Configuration	Preventive
Configure the Computer Browser ResetBrowser Frames as appropriate. CC ID 05984	Configuration	Preventive
Configure the /etc/samba/smb.conf file file permissions as appropriate. CC ID 05989	Configuration	Preventive
Disable NetMeeting remote desktop sharing unless NetMeeting remote desktop sharing is absolutely necessary. CC ID 01821	Configuration	Preventive
Disable web directory browsing on all web-enabled devices. CC ID 01874	Configuration	Preventive
Disable WWW publishing services unless WWW publishing services are absolutely necessary. CC ID 01833	Configuration	Preventive
Install and enable samba, as necessary. CC ID 02175	Configuration	Preventive
Configure the samba hosts allow option with an appropriate set of networks. CC ID 05985	Configuration	Preventive
Configure the samba security option option as appropriate. CC ID 05986	Configuration	Preventive
Configure the samba encrypt passwords option as appropriate. CC ID 05987	Configuration	Preventive
Configure the Samba 'smb passwd file' option with an appropriate password file or no password file. CC ID 05988	Configuration	Preventive
Disable Usenet Internet news package file capabilities unless Usenet Internet news package file capabilities are absolutely necessary. CC ID 02176	Configuration	Preventive
Disable iPlanet Web Server unless iPlanet Web Server is absolutely necessary. CC ID 02172	Configuration	Preventive
Disable volume manager unless volume manager is absolutely necessary. CC ID 01469	Configuration	Preventive
Disable Solaris Management Console unless Solaris Management Console is absolutely necessary. CC ID 01468	Configuration	Preventive
Disable the Graphical User Interface unless it is absolutely necessary. CC ID 01466	Configuration	Preventive
Disable help and support unless help and support is absolutely necessary. CC ID 04280	Configuration	Preventive
Disable speech recognition unless speech recognition is absolutely necessary. CC ID 04491	Configuration	Preventive
Disable or secure the NetWare QuickFinder search engine. CC ID 04453	Configuration	Preventive
Disable messenger unless messenger is absolutely necessary. CC ID 01819	Configuration	Preventive
Configure the "Do not allow Windows Messenger to be run" setting. CC ID 04516	Configuration	Preventive
Configure the "Do not automatically start Windows Messenger initially" setting. CC ID 04517	Configuration	Preventive
Configure the "Turn off the Windows Messenger Customer Experience Improvement Program" setting. CC ID 04330	Configuration	Preventive
Disable automatic updates unless automatic updates are absolutely necessary. CC ID 01811	Configuration	Preventive
Configure automatic update installation and shutdown/restart options and shutdown/restart procedures to organizational standards. CC ID 05979	Configuration	Preventive
Disable Name Service Cache Daemon unless Name Service Cache Daemon is absolutely necessary. CC ID 04846	Configuration	Preventive
Prohibit R-command files from existing for root or administrator. CC ID 16322	Configuration	Preventive
Verify the /bin/rsh file exists or not, as appropriate. CC ID 05101	Configuration	Preventive
Verify the /sbin/rsh file exists or not, as appropriate. CC ID 05102	Configuration	Preventive
Verify the /usr/bin/rsh file exists or not, as appropriate. CC ID 05103	Configuration	Preventive
Verify the /etc/ftpusers file exists or not, as appropriate. CC ID 05104	Configuration	Preventive
Verify the /etc/rsh file exists or not, as appropriate. CC ID 05105	Configuration	Preventive
Install or uninstall the AIDE package, as appropriate. CC ID 05106	Configuration	Preventive
Enable the GNOME automounter (gnome-volume-manager) as necessary. CC ID 05107	Configuration	Preventive
Install or uninstall the setroubleshoot package, as appropriate. CC ID 05108	Configuration	Preventive
Configure Avahi properly. CC ID 05109	Configuration	Preventive
Install or uninstall OpenNTPD, as appropriate. CC ID 05110	Configuration	Preventive
Configure the "httpd" service to organizational standards. CC ID 05111	Configuration	Preventive
Install or uninstall the net-smtp package properly. CC ID 05112	Configuration	Preventive
Configure the apache web service properly. CC ID 05113	Configuration	Preventive
Configure the vlock package properly. CC ID 05114	Configuration	Preventive
Establish, implement, and maintain service accounts. CC ID 13861	Technical Security	Preventive
Review the ownership of service accounts, as necessary. CC ID 13863	Technical Security	Detective
Manage access credentials for service accounts. CC ID 13862	Technical Security	Preventive
Configure the daemon account properly. CC ID 05115	Configuration	Preventive
Configure the bin account properly. CC ID 05116	Configuration	Preventive
Configure the nuucp account properly. CC ID 05117	Configuration	Preventive
Configure the smmsp account properly. CC ID 05118	Configuration	Preventive
Configure the listen account properly. CC ID 05119	Configuration	Preventive
Configure the gdm account properly. CC ID 05120	Configuration	Preventive
Configure the webservd account properly. CC ID 05121	Configuration	Preventive
Configure the nobody account properly. CC ID 05122	Configuration	Preventive
Configure the noaccess account properly. CC ID 05123	Configuration	Preventive
Configure the nobody4 account properly. CC ID 05124	Configuration	Preventive
Configure the sys account properly. CC ID 05125	Configuration	Preventive
Configure the adm account properly. CC ID 05126	Configuration	Preventive
Configure the lp account properly. CC ID 05127	Configuration	Preventive
Configure the uucp account properly. CC ID 05128	Configuration	Preventive
Install or uninstall the tftp-server package, as appropriate. CC ID 05130	Configuration	Preventive
Enable the web console as necessary. CC ID 05131	Configuration	Preventive
Enable rlogin auth by Pluggable Authentication Modules or pam.d properly. CC ID 05132	Configuration	Preventive
Enable rsh auth by Pluggable Authentication Modules properly. CC ID 05133	Configuration	Preventive
Enable the listening sendmail daemon, as appropriate. CC ID 05134	Configuration	Preventive
Configure Squid properly. CC ID 05135	Configuration	Preventive
Configure the "global Package signature checking" setting to organizational standards. CC ID 08735	Establish/Maintain Documentation	Preventive
Configure the "Package signature checking" setting for "all configured repositories" to organizational standards. CC ID 08736	Establish/Maintain Documentation	Preventive
Configure the "verify against the package database" setting for "all installed software packages" to organizational standards. CC ID 08737	Establish/Maintain Documentation	Preventive
Configure the "isdn4k-utils" package to organizational standards. CC ID 08738	Establish/Maintain Documentation	Preventive
Configure the "postfix" package to organizational standards. CC ID 08739	Establish/Maintain Documentation	Preventive
Configure the "vsftpd" package to organizational standards. CC ID 08740	Establish/Maintain Documentation	Preventive
Configure the "net-snmpd" package to organizational standards. CC ID 08741	Establish/Maintain Documentation	Preventive
Configure the "rsyslog" package to organizational standards. CC ID 08742	Establish/Maintain Documentation	Preventive
Configure the "ipsec-tools" package to organizational standards. CC ID 08743	Establish/Maintain Documentation	Preventive
Configure the "pam_ccreds" package to organizational standards. CC ID 08744	Establish/Maintain Documentation	Preventive
Configure the "talk-server" package to organizational standards. CC ID 08745	Establish/Maintain Documentation	Preventive
Configure the "talk" package to organizational standards. CC ID 08746	Establish/Maintain Documentation	Preventive
Configure the "irda-utils" package to organizational standards. CC ID 08747	Establish/Maintain Documentation	Preventive
Configure the "/etc/shells" file to organizational standards. CC ID 08978	Configuration	Preventive
Configure the LDAP package to organizational standards. CC ID 09937	Configuration	Preventive
Configure the "FTP server" package to organizational standards. CC ID 09938	Configuration	Preventive
Configure the "HTTP Proxy Server" package to organizational standards. CC ID 09939	Configuration	Preventive
Configure the "prelink" package to organizational standards. CC ID 11379	Configuration	Preventive
Configure the Network Information Service (NIS) package to organizational standards. CC ID 11380	Configuration	Preventive
Configure the "time" setting to organizational standards. CC ID 11381	Configuration	Preventive
Configure the "biosdevname" package to organizational standards. CC ID 11383	Configuration	Preventive
Configure the "ufw" setting to organizational standards. CC ID 11384	Configuration	Preventive
Configure the "Devices: Allow undock without having to log on" setting. CC ID 01728	Configuration	Preventive
Limit the user roles that are allowed to format and eject removable storage media. CC ID 01729	Configuration	Preventive
Prevent users from installing printer drivers. CC ID 01730	Configuration	Preventive
Minimize the inetd.conf file and set the file to the appropriate permissions. CC ID 01506	Configuration	Preventive
Configure the unsigned driver installation behavior. CC ID 01733	Configuration	Preventive
Configure the unsigned non-driver installation behavior. CC ID 02038	Configuration	Preventive
Remove all demonstration applications on the system. CC ID 01875	Configuration	Preventive
Configure the system to disallow optional Subsystems. CC ID 04265	Configuration	Preventive
Configure the "Remove Security tab" setting. CC ID 04380	Configuration	Preventive
Disable all unnecessary services unless otherwise noted in a policy exception. CC ID 00880	Configuration	Preventive
Disable rquotad unless rquotad is absolutely necessary. CC ID 01473	Configuration	Preventive
Configure the rquotad service to use a static port or a dynamic portmapper port as appropriate. CC ID 05983	Configuration	Preventive
Disable telnet unless telnet use is absolutely necessary. CC ID 01478	Configuration	Preventive
Disable File Transfer Protocol unless File Transfer Protocol use is absolutely necessary. CC ID 01479	Configuration	Preventive
Configure anonymous FTP to restrict the use of restricted data. CC ID 16314	Configuration	Preventive
Disable anonymous access to File Transfer Protocol. CC ID 06739	Configuration	Preventive
Disable Internet Message Access Protocol unless Internet Message Access Protocol use is absolutely necessary. CC ID 01485	Configuration	Preventive
Disable Post Office Protocol unless its use is absolutely necessary. CC ID 01486	Configuration	Preventive
Disable SQLServer processes unless SQLServer processes use is absolutely necessary. CC ID 01500	Configuration	Preventive
Disable alerter unless alerter use is absolutely necessary. CC ID 01810	Configuration	Preventive
Disable Background Intelligent Transfer Service unless Background Intelligent Transfer Service use is absolutely necessary. CC ID 01812	Configuration	Preventive
Disable ClipBook unless ClipBook use is absolutely necessary. CC ID 01813	Configuration	Preventive
Disable Fax Service unless Fax Service use is absolutely necessary. CC ID 01815	Configuration	Preventive
Disable IIS admin service unless IIS admin service use is absolutely necessary. CC ID 01817	Configuration	Preventive
Disable indexing service unless indexing service use is absolutely necessary. CC ID 01818	Configuration	Preventive
Disable net logon unless net logon use is absolutely necessary. CC ID 01820	Configuration	Preventive
Disable Remote Desktop Help Session Manager unless Remote Desktop Help Session Manager use is absolutely necessary. CC ID 01822	Configuration	Preventive
Disable the "Offer Remote Assistance" setting. CC ID 04325	Configuration	Preventive
Disable the "Solicited Remote Assistance" setting. CC ID 04326	Configuration	Preventive
Disable Remote Registry Service unless Remote Registry Service use is absolutely necessary. CC ID 01823	Configuration	Preventive
Disable Routing and Remote Access unless Routing and Remote Access use is necessary. CC ID 01824	Configuration	Preventive
Disable task scheduler unless task scheduler use is absolutely necessary. CC ID 01829	Configuration	Preventive
Disable Terminal Services unless Terminal Services use is absolutely necessary. CC ID 01831	Configuration	Preventive
Disable Universal Plug and Play device host unless Universal Plug and Play device host use is absolutely necessary. CC ID 01832	Configuration	Preventive
Disable File Service Protocol. CC ID 02167	Configuration	Preventive
Disable the License Logging Service unless unless it is absolutely necessary. CC ID 04282	Configuration	Preventive
Disable Remote Access Auto Connection Manager unless Remote Access Auto Connection Manager use is absolutely necessary. CC ID 04285	Configuration	Preventive
Disable Remote Access Connection Manager unless Remote Access Connection Manager use is absolutely necessary. CC ID 04286	Configuration	Preventive
Disable Remote Administration Service unless remote administration management is absolutely necessary. CC ID 04287	Configuration	Preventive
Disable remote installation unless remote installation is absolutely necessary. CC ID 04288	Configuration	Preventive
Disable Remote Server Manager unless Remote Server Manager is absolutely necessary. CC ID 04289	Configuration	Preventive
Disable Remote Server Monitor unless Remote Server Monitor use is absolutely necessary. CC ID 04290	Configuration	Preventive
Disable Remote Storage Notification unless Remote Storage Notification use is absolutely necessary. CC ID 04291	Configuration	Preventive
Disable Remote Storage Server unless Remote Storage Server use is absolutely necessary. CC ID 04292	Configuration	Preventive
Disable telephony services unless telephony services use is absolutely necessary. CC ID 04293	Configuration	Preventive
Disable Wireless Zero Configuration service unless Wireless Zero Configuration service use is absolutely necessary. CC ID 04294	Configuration	Preventive
Disable SSDP/UPnp unless SSDP/UPnP is absolutely necessary. CC ID 04315	Configuration	Preventive
Configure the "ntpd service" setting to organizational standards. CC ID 04911	Configuration	Preventive
Configure the "echo service" setting to organizational standards. CC ID 04912	Configuration	Preventive
Configure the "echo-dgram service" setting to organizational standards. CC ID 09927	Configuration	Preventive
Configure the "echo-stream service" setting to organizational standards. CC ID 09928	Configuration	Preventive
Configure the "AllowTcpForwarding" to organizational standards. CC ID 15327	Configuration	Preventive
Configure the "tcpmux-server" setting to organizational standards. CC ID 09929	Configuration	Preventive
Configure the "netstat service" setting to organizational standards. CC ID 04913	Configuration	Preventive
Configure the "character generator protocol (chargen)" setting to organizational standards. CC ID 04914	Configuration	Preventive
Configure the "tftpd service" setting to organizational standards. CC ID 04915	Configuration	Preventive
Configure the "walld service" setting to organizational standards. CC ID 04916	Configuration	Preventive
Configure the "rstatd service" setting to organizational standards. CC ID 04917	Configuration	Preventive
Configure the "sprayd service" setting to organizational standards. CC ID 04918	Configuration	Preventive
Configure the "rusersd service" setting to organizational standards. CC ID 04919	Configuration	Preventive
Configure the "inn service" setting to organizational standards. CC ID 04920	Configuration	Preventive
Configure the "font service" setting to organizational standards. CC ID 04921	Configuration	Preventive
Configure the "ident service" setting to organizational standards. CC ID 04922	Configuration	Preventive
Configure the "rexd service" setting to organizational standards. CC ID 04923	Configuration	Preventive
Configure the "daytime service" setting to organizational standards. CC ID 04924	Configuration	Preventive
Configure the "dtspc (cde-spc) service" setting to organizational standards. CC ID 04925	Configuration	Preventive
Configure the "cmsd service" setting to organizational standards. CC ID 04926	Configuration	Preventive
Configure the "ToolTalk service" setting to organizational standards. CC ID 04927	Configuration	Preventive
Configure the "discard service" setting to organizational standards. CC ID 04928	Configuration	Preventive
Configure the "vino-server service" setting to organizational standards. CC ID 04929	Configuration	Preventive
Configure the "bind service" setting to organizational standards. CC ID 04930	Configuration	Preventive
Configure the "nfsd service" setting to organizational standards. CC ID 04931	Configuration	Preventive
Configure the "mountd service" setting to organizational standards. CC ID 04932	Configuration	Preventive
Configure the "statd service" setting to organizational standards. CC ID 04933	Configuration	Preventive
Configure the "lockd service" setting to organizational standards. CC ID 04934	Configuration	Preventive
Configure the lockd service to use a static port or a dynamic portmapper port for User Datagram Protocol as appropriate. CC ID 05980	Configuration	Preventive
Configure the "decode sendmail alias" setting to organizational standards. CC ID 04935	Configuration	Preventive
Configure the sendmail vrfy command, as appropriate. CC ID 04936	Configuration	Preventive
Configure the sendmail expn command, as appropriate. CC ID 04937	Configuration	Preventive
Configure .netrc with an appropriate set of services. CC ID 04938	Configuration	Preventive
Enable NFS insecure locks as necessary. CC ID 04939	Configuration	Preventive
Configure the "X server ac" setting to organizational standards. CC ID 04940	Configuration	Preventive
Configure the "X server core" setting to organizational standards. CC ID 04941	Configuration	Preventive
Enable or disable the setroubleshoot service, as appropriate. CC ID 05540	Configuration	Preventive
Configure the "X server nolock" setting to organizational standards. CC ID 04942	Configuration	Preventive
Enable or disable the mcstrans service, as appropriate. CC ID 05541	Configuration	Preventive
Configure the "PAM console" setting to organizational standards. CC ID 04943	Configuration	Preventive
Enable or disable the restorecond service, as appropriate. CC ID 05542	Configuration	Preventive
Enable the rhnsd service as necessary. CC ID 04944	Configuration	Preventive
Enable the yum-updatesd service as necessary. CC ID 04945	Configuration	Preventive
Enable the autofs service as necessary. CC ID 04946	Configuration	Preventive
Enable the ip6tables service as necessary. CC ID 04947	Configuration	Preventive
Configure syslog to organizational standards. CC ID 04949	Configuration	Preventive
Enable the auditd service as necessary. CC ID 04950	Configuration	Preventive
Enable the logwatch service as necessary. CC ID 04951	Configuration	Preventive
Enable the logrotate (syslog rotator) service as necessary. CC ID 04952	Configuration	Preventive
Install or uninstall the telnet server package, only if absolutely necessary. CC ID 04953	Configuration	Preventive
Enable the ypbind service as necessary. CC ID 04954	Configuration	Preventive
Enable the ypserv service as necessary. CC ID 04955	Configuration	Preventive
Enable the firstboot service as necessary. CC ID 04956	Configuration	Preventive
Enable the gpm service as necessary. CC ID 04957	Configuration	Preventive
Enable the irqbalance service as necessary. CC ID 04958	Configuration	Preventive
Enable the isdn service as necessary. CC ID 04959	Configuration	Preventive
Enable the kdump service as necessary. CC ID 04960	Configuration	Preventive
Enable the mdmonitor service as necessary. CC ID 04961	Configuration	Preventive
Enable the microcode_ctl service as necessary. CC ID 04962	Configuration	Preventive
Enable the pcscd service as necessary. CC ID 04963	Configuration	Preventive
Enable the smartd service as necessary. CC ID 04964	Configuration	Preventive
Enable the readahead_early service as necessary. CC ID 04965	Configuration	Preventive
Enable the readahead_later service as necessary. CC ID 04966	Configuration	Preventive
Enable the messagebus service as necessary. CC ID 04967	Configuration	Preventive
Enable the haldaemon service as necessary. CC ID 04968	Configuration	Preventive
Enable the apmd service as necessary. CC ID 04969	Configuration	Preventive
Enable the acpid service as necessary. CC ID 04970	Configuration	Preventive
Enable the cpuspeed service as necessary. CC ID 04971	Configuration	Preventive
Enable the network service as necessary. CC ID 04972	Configuration	Preventive
Enable the hidd service as necessary. CC ID 04973	Configuration	Preventive
Enable the crond service as necessary. CC ID 04974	Configuration	Preventive
Install and enable the anacron service as necessary. CC ID 04975	Configuration	Preventive
Enable the xfs service as necessary. CC ID 04976	Configuration	Preventive
Install and enable the Avahi daemon service, as necessary. CC ID 04977	Configuration	Preventive
Enable the CUPS service, as necessary. CC ID 04978	Configuration	Preventive
Enable the hplip service as necessary. CC ID 04979	Configuration	Preventive
Enable the dhcpd service as necessary. CC ID 04980	Configuration	Preventive
Enable the nfslock service as necessary. CC ID 04981	Configuration	Preventive
Enable the rpcgssd service as necessary. CC ID 04982	Configuration	Preventive
Enable the rpcidmapd service as necessary. CC ID 04983	Configuration	Preventive
Enable the rpcsvcgssd service as necessary. CC ID 04985	Configuration	Preventive
Configure root squashing for all NFS shares, as appropriate. CC ID 04986	Configuration	Preventive
Configure write access to NFS shares, as appropriate. CC ID 04987	Configuration	Preventive
Configure the named service, as appropriate. CC ID 04988	Configuration	Preventive
Configure the vsftpd service, as appropriate. CC ID 04989	Configuration	Preventive
Configure the “dovecot” service to organizational standards. CC ID 04990	Configuration	Preventive
Configure Server Message Block (SMB) to organizational standards. CC ID 04991	Configuration	Preventive
Enable the snmpd service as necessary. CC ID 04992	Configuration	Preventive
Enable the calendar manager as necessary. CC ID 04993	Configuration	Preventive
Enable the GNOME logon service as necessary. CC ID 04994	Configuration	Preventive
Enable the WBEM services as necessary. CC ID 04995	Configuration	Preventive
Enable the keyserv service as necessary. CC ID 04996	Configuration	Preventive
Enable the Generic Security Service daemon as necessary. CC ID 04997	Configuration	Preventive
Enable the volfs service as necessary. CC ID 04998	Configuration	Preventive
Enable the smserver service as necessary. CC ID 04999	Configuration	Preventive
Enable the mpxio-upgrade service as necessary. CC ID 05000	Configuration	Preventive
Enable the metainit service as necessary. CC ID 05001	Configuration	Preventive
Enable the meta service as necessary. CC ID 05003	Configuration	Preventive
Enable the metaed service as necessary. CC ID 05004	Configuration	Preventive
Enable the metamh service as necessary. CC ID 05005	Configuration	Preventive
Enable the Local RPC Port Mapping Service as necessary. CC ID 05006	Configuration	Preventive
Enable the Kerberos kadmind service as necessary. CC ID 05007	Configuration	Preventive
Enable the Kerberos krb5kdc service as necessary. CC ID 05008	Configuration	Preventive
Enable the Kerberos kpropd service as necessary. CC ID 05009	Configuration	Preventive
Enable the Kerberos ktkt_warnd service as necessary. CC ID 05010	Configuration	Preventive
Enable the sadmin service as necessary. CC ID 05011	Configuration	Preventive
Enable the IPP listener as necessary. CC ID 05012	Configuration	Preventive
Enable the serial port listener as necessary. CC ID 05013	Configuration	Preventive
Enable the Smart Card Helper service as necessary. CC ID 05014	Configuration	Preventive
Enable the Application Management service as necessary. CC ID 05015	Configuration	Preventive
Enable the Resultant Set of Policy (RSoP) Provider service as necessary. CC ID 05016	Configuration	Preventive
Enable the Network News Transport Protocol service as necessary. CC ID 05017	Configuration	Preventive
Enable the network Dynamic Data Exchange service as necessary. CC ID 05018	Configuration	Preventive
Enable the Distributed Link Tracking Server service as necessary. CC ID 05019	Configuration	Preventive
Enable the RARP service as necessary. CC ID 05020	Configuration	Preventive
Configure the ".NET Framework service" setting to organizational standards. CC ID 05021	Configuration	Preventive
Enable the Network DDE Share Database Manager service as necessary. CC ID 05022	Configuration	Preventive
Enable the Certificate Services service as necessary. CC ID 05023	Configuration	Preventive
Configure the ATI hotkey poller service properly. CC ID 05024	Configuration	Preventive
Configure the Interix Subsystem Startup service properly. CC ID 05025	Configuration	Preventive
Configure the Cluster Service service properly. CC ID 05026	Configuration	Preventive
Configure the IAS Jet Database Access service properly. CC ID 05027	Configuration	Preventive
Configure the IAS service properly. CC ID 05028	Configuration	Preventive
Configure the IP Version 6 Helper service properly. CC ID 05029	Configuration	Preventive
Configure "Message Queuing service" to organizational standards. CC ID 05030	Configuration	Preventive
Configure the Message Queuing Down Level Clients service properly. CC ID 05031	Configuration	Preventive
Configure the Windows Management Instrumentation Driver Extensions service properly. CC ID 05033	Configuration	Preventive
Configure the TCP/IP NetBIOS Helper Service properly. CC ID 05034	Configuration	Preventive
Configure the Utility Manager service properly. CC ID 05035	Configuration	Preventive
Configure the secondary logon service properly. CC ID 05036	Configuration	Preventive
Configure the Windows Management Instrumentation service properly. CC ID 05037	Configuration	Preventive
Configure the Workstation service properly. CC ID 05038	Configuration	Preventive
Configure the Windows Installer service properly. CC ID 05039	Configuration	Preventive
Configure the Windows System Resource Manager service properly. CC ID 05040	Configuration	Preventive
Configure the WinHTTP Web Proxy Auto-Discovery Service properly. CC ID 05041	Configuration	Preventive
Configure the Services for Unix Client for NFS service properly. CC ID 05042	Configuration	Preventive
Configure the Services for Unix Server for PCNFS service properly. CC ID 05043	Configuration	Preventive
Configure the Services for Unix Perl Socket service properly. CC ID 05044	Configuration	Preventive
Configure the Services for Unix User Name Mapping service properly. CC ID 05045	Configuration	Preventive
Configure the Services for Unix Windows Cron service properly. CC ID 05046	Configuration	Preventive
Configure the Windows Media Services service properly. CC ID 05047	Configuration	Preventive
Configure the Services for Netware Service Advertising Protocol (SAP) Agent properly. CC ID 05048	Configuration	Preventive
Configure the Web Element Manager service properly. CC ID 05049	Configuration	Preventive
Configure the Remote Installation Services Single Instance Storage (SIS) Groveler service properly. CC ID 05050	Configuration	Preventive
Configure the Terminal Services Licensing service properly. CC ID 05051	Configuration	Preventive
Configure the COM+ Event System service properly. CC ID 05052	Configuration	Preventive
Configure the Event Log service properly. CC ID 05053	Configuration	Preventive
Configure the Infrared Monitor service properly. CC ID 05054	Configuration	Preventive
Configure the Services for Unix Server for NFS service properly. CC ID 05055	Configuration	Preventive
Configure the System Event Notification Service properly. CC ID 05056	Configuration	Preventive
Configure the NTLM Security Support Provider service properly. CC ID 05057	Configuration	Preventive
Configure the Performance Logs and Alerts service properly. CC ID 05058	Configuration	Preventive
Configure the Protected Storage service properly. CC ID 05059	Configuration	Preventive
Configure the QoS Admission Control (RSVP) service properly. CC ID 05060	Configuration	Preventive
Configure the Remote Procedure Call service properly. CC ID 05061	Configuration	Preventive
Configure the Removable Storage service properly. CC ID 05062	Configuration	Preventive
Configure the Server service properly. CC ID 05063	Configuration	Preventive
Configure the Security Accounts Manager service properly. CC ID 05064	Configuration	Preventive
Configure the “Network Connections” service to organizational standards. CC ID 05065	Configuration	Preventive
Configure the Logical Disk Manager service properly. CC ID 05066	Configuration	Preventive
Configure the Logical Disk Manager Administrative Service properly. CC ID 05067	Configuration	Preventive
Configure the File Replication service properly. CC ID 05068	Configuration	Preventive
Configure the Kerberos Key Distribution Center service properly. CC ID 05069	Configuration	Preventive
Configure the Intersite Messaging service properly. CC ID 05070	Configuration	Preventive
Configure the Remote Procedure Call locator service properly. CC ID 05071	Configuration	Preventive
Configure the Distributed File System service properly. CC ID 05072	Configuration	Preventive
Configure the Windows Internet Name Service service properly. CC ID 05073	Configuration	Preventive
Configure the FTP Publishing Service properly. CC ID 05074	Configuration	Preventive
Configure the Windows Search service properly. CC ID 05075	Configuration	Preventive
Configure the Microsoft Peer-to-Peer Networking Services service properly. CC ID 05076	Configuration	Preventive
Configure the Remote Shell service properly. CC ID 05077	Configuration	Preventive
Configure Simple TCP/IP services to organizational standards. CC ID 05078	Configuration	Preventive
Configure the Print Services for Unix service properly. CC ID 05079	Configuration	Preventive
Configure the File Shares service to organizational standards. CC ID 05080	Configuration	Preventive
Configure the NetMeeting service properly. CC ID 05081	Configuration	Preventive
Configure the Application Layer Gateway service properly. CC ID 05082	Configuration	Preventive
Configure the Cryptographic Services service properly. CC ID 05083	Configuration	Preventive
Configure the Help and Support Service properly. CC ID 05084	Configuration	Preventive
Configure the Human Interface Device Access service properly. CC ID 05085	Configuration	Preventive
Configure the IMAPI CD-Burning COM service properly. CC ID 05086	Configuration	Preventive
Configure the MS Software Shadow Copy Provider service properly. CC ID 05087	Configuration	Preventive
Configure the Network Location Awareness service properly. CC ID 05088	Configuration	Preventive
Configure the Portable Media Serial Number Service service properly. CC ID 05089	Configuration	Preventive
Configure the System Restore Service service properly. CC ID 05090	Configuration	Preventive
Configure the Themes service properly. CC ID 05091	Configuration	Preventive
Configure the Uninterruptible Power Supply service properly. CC ID 05092	Configuration	Preventive
Configure the Upload Manager service properly. CC ID 05093	Configuration	Preventive
Configure the Volume Shadow Copy Service properly. CC ID 05094	Configuration	Preventive
Configure the WebClient service properly. CC ID 05095	Configuration	Preventive
Configure the Windows Audio service properly. CC ID 05096	Configuration	Preventive
Configure the Windows Image Acquisition service properly. CC ID 05097	Configuration	Preventive
Configure the WMI Performance Adapter service properly. CC ID 05098	Configuration	Preventive
Enable file uploads via vsftpd service, as appropriate. CC ID 05100	Configuration	Preventive
Disable or remove sadmind unless use of sadmind is absolutely necessary. CC ID 06885	Configuration	Preventive
Configure the "SNMP version 1" setting to organizational standards. CC ID 08976	Configuration	Preventive
Configure the "xdmcp service" setting to organizational standards. CC ID 08985	Configuration	Preventive
Disable the automatic display of remote images in HTML-formatted e-mail. CC ID 04494	Configuration	Preventive
Disable Remote Apply Events unless Remote Apply Events are absolutely necessary. CC ID 04495	Configuration	Preventive
Disable Xgrid unless Xgrid is absolutely necessary. CC ID 04496	Configuration	Preventive
Configure the "Do Not Show First Use Dialog Boxes" setting for Windows Media Player properly. CC ID 05136	Configuration	Preventive
Disable Core dumps unless absolutely necessary. CC ID 01507	Configuration	Preventive
Set hard core dump size limits, as appropriate. CC ID 05990	Configuration	Preventive
Configure the "Prevent Desktop Shortcut Creation" setting for Windows Media Player properly. CC ID 05137	Configuration	Preventive
Set the Squid EUID and Squid GUID to an appropriate user and group. CC ID 05138	Configuration	Preventive
Verify groups referenced in /etc/passwd are included in /etc/group, as appropriate. CC ID 05139	Configuration	Preventive
Use of the cron.allow file should be enabled or disabled as appropriate. CC ID 06014	Configuration	Preventive
Use of the at.allow file should be enabled or disabled as appropriate. CC ID 06015	Configuration	Preventive
Enable or disable the Dynamic DNS feature of the DHCP Server as appropriate. CC ID 06039	Configuration	Preventive
Enable or disable each user's Screen saver software, as necessary. CC ID 06050 [Conceal, via the device lock, information previously visible on the display with a publicly viewable image. 03.01.10 c.]	Configuration	Preventive
Disable any unnecessary scripting languages, as necessary. CC ID 12137	Configuration	Preventive
Enable logon authentication management techniques. CC ID 00553	Configuration	Preventive
Configure devices and users to re-authenticate, as necessary. CC ID 10609 [Re-authenticate users when [Assignment: organization-defined circumstances or situations requiring re-authentication]. 03.05.01 b.]	Configuration	Preventive
Establish, implement, and maintain authenticators. CC ID 15305	Technical Security	Preventive
Establish, implement, and maintain an authenticator standard. CC ID 01702	Establish/Maintain Documentation	Preventive
Establish, implement, and maintain an authenticator management system. CC ID 12031	Establish/Maintain Documentation	Preventive
Establish, implement, and maintain authenticator procedures. CC ID 12002 [{lost authenticators} {compromised authenticators} Establish and implement administrative procedures for initial authenticator distribution; for lost, compromised, or damaged authenticators; and for revoking authenticators. 03.05.12 c. {lost authenticators} {compromised authenticators} Establish and implement administrative procedures for initial authenticator distribution; for lost, compromised, or damaged authenticators; and for revoking authenticators. 03.05.12 c.]	Establish/Maintain Documentation	Preventive
Restrict access to authentication files to authorized personnel, as necessary. CC ID 12127	Technical Security	Preventive
Configure authenticator activation codes in accordance with organizational standards. CC ID 17032	Configuration	Preventive
Configure authenticators to comply with organizational standards. CC ID 06412 [Establish initial authenticator content for any authenticators issued by the organization. 03.05.12 b.]	Configuration	Preventive
Configure the system to require new users to change their authenticator on first use. CC ID 05268 [Select a new password upon first use after account recovery. 03.05.07 e.]	Configuration	Preventive
Configure authenticators so that group authenticators or shared authenticators are prohibited. CC ID 00519	Configuration	Preventive
Change the authenticator for shared accounts when the group membership changes. CC ID 14249	Business Processes	Corrective
Configure the system to prevent unencrypted authenticator use. CC ID 04457	Configuration	Preventive
Disable store passwords using reversible encryption. CC ID 01708	Configuration	Preventive
Configure the system to encrypt authenticators. CC ID 06735 [{encrypted format} Store passwords in a cryptographically protected form. 03.05.07 d.]	Configuration	Preventive
Configure the system to mask authenticators. CC ID 02037 [Obscure feedback of authentication information during the authentication process. 03.05.11 ¶ 1]	Configuration	Preventive
Configure the authenticator policy to ban the use of usernames or user identifiers in authenticators. CC ID 05992	Configuration	Preventive
Configure the "minimum number of digits required for new passwords" setting to organizational standards. CC ID 08717	Establish/Maintain Documentation	Preventive
Configure the "minimum number of upper case characters required for new passwords" setting to organizational standards. CC ID 08718	Establish/Maintain Documentation	Preventive
Configure the system to refrain from specifying the type of information used as password hints. CC ID 13783	Configuration	Preventive
Configure the "minimum number of lower case characters required for new passwords" setting to organizational standards. CC ID 08719	Establish/Maintain Documentation	Preventive
Disable machine account password changes. CC ID 01737	Configuration	Preventive
Configure the "minimum number of special characters required for new passwords" setting to organizational standards. CC ID 08720	Establish/Maintain Documentation	Preventive
Configure the "require new passwords to differ from old ones by the appropriate minimum number of characters" setting to organizational standards. CC ID 08722	Establish/Maintain Documentation	Preventive
Configure the "password reuse" setting to organizational standards. CC ID 08724	Establish/Maintain Documentation	Preventive
Configure the "Disable Remember Password" setting. CC ID 05270	Configuration	Preventive
Configure the "Minimum password age" to organizational standards. CC ID 01703	Configuration	Preventive
Configure the LILO/GRUB password. CC ID 01576	Configuration	Preventive
Configure the system to use Apple's Keychain Access to store passwords and certificates. CC ID 04481	Configuration	Preventive
Change the default password to Apple's Keychain. CC ID 04482	Configuration	Preventive
Configure Apple's Keychain items to ask for the Keychain password. CC ID 04483	Configuration	Preventive
Configure the Syskey Encryption Key and associated password. CC ID 05978	Configuration	Preventive
Configure the "Accounts: Limit local account use of blank passwords to console logon only" setting. CC ID 04505	Configuration	Preventive
Configure the "System cryptography: Force strong key protection for user keys stored in the computer" setting. CC ID 04534	Configuration	Preventive
Configure interactive logon for accounts that do not have assigned authenticators in accordance with organizational standards. CC ID 05267	Configuration	Preventive
Enable or disable remote connections from accounts with empty authenticators, as appropriate. CC ID 05269	Configuration	Preventive
Configure the "Send LanMan compatible password" setting. CC ID 05271	Configuration	Preventive
Configure the authenticator policy to ban or allow authenticators as words found in dictionaries, as appropriate. CC ID 05993	Configuration	Preventive
Configure the authenticator policy to ban or allow authenticators as proper names, as necessary. CC ID 17030	Configuration	Preventive
Set the most number of characters required for the BitLocker Startup PIN correctly. CC ID 06054	Configuration	Preventive
Set the default folder for BitLocker recovery passwords correctly. CC ID 06055	Configuration	Preventive
Notify affected parties to keep authenticators confidential. CC ID 06787	Behavior	Preventive
Discourage affected parties from recording authenticators. CC ID 06788	Behavior	Preventive
Ensure the root account is the first entry in password files. CC ID 16323	Data and Information Management	Detective
Configure the "shadow password for all accounts in /etc/passwd" setting to organizational standards. CC ID 08721	Establish/Maintain Documentation	Preventive
Configure the "password hashing algorithm" setting to organizational standards. CC ID 08723	Establish/Maintain Documentation	Preventive
Configure the "Disable password strength validation for Peer Grouping" setting to organizational standards. CC ID 10866	Configuration	Preventive
Configure the "Set the interval between synchronization retries for Password Synchronization" setting to organizational standards. CC ID 11185	Configuration	Preventive
Configure the "Set the number of synchronization retries for servers running Password Synchronization" setting to organizational standards. CC ID 11187	Configuration	Preventive
Configure the "Turn off password security in Input Panel" setting to organizational standards. CC ID 11296	Configuration	Preventive
Configure the "Turn on the Windows to NIS password synchronization for users that have been migrated to Active Directory" setting to organizational standards. CC ID 11355	Configuration	Preventive
Configure the authenticator display screen to organizational standards. CC ID 13794	Configuration	Preventive
Configure the authenticator field to disallow memorized secrets found in the memorized secret list. CC ID 13808 [{commonly used passwords} Maintain a list of commonly-used, expected, or compromised passwords, and update the list [Assignment: organization-defined frequency] and when organizational passwords are suspected to have been compromised. 03.05.07 a.]	Configuration	Preventive
Protect authenticators or authentication factors from unauthorized modification and disclosure. CC ID 15317 [{unauthorized modification} Protect authenticator content from unauthorized disclosure and modification. 03.05.12 f.]	Technical Security	Preventive
Change authenticators, as necessary. CC ID 15315 [Change or refresh authenticators [Assignment: organization-defined frequency] or when the following events occur: [Assignment: organization-defined events]. 03.05.12 e.]	Configuration	Preventive
Change all default authenticators. CC ID 15309 [Change default authenticators at first use. 03.05.12 d.]	Configuration	Preventive
Configure the system security parameters to prevent system misuse or information misappropriation. CC ID 00881	Configuration	Preventive
Configure the system to require a password before it unlocks the Screen saver software. CC ID 04443 [Retain the device lock until the user reestablishes access using established identification and authentication procedures. 03.01.10 b.]	Configuration	Preventive
Configure the system account settings and the permission settings in accordance with the organizational standards. CC ID 01538	Configuration	Preventive
Configure user accounts. CC ID 07036	Configuration	Preventive
Configure accounts with administrative privilege. CC ID 07033	Configuration	Preventive
Employ multifactor authentication for accounts with administrative privilege. CC ID 12496 [{privileged accounts} Implement multi-factor authentication for access to privileged and non-privileged accounts. 03.05.03 ¶ 1]	Technical Security	Preventive
Establish, implement, and maintain network parameter modification procedures. CC ID 01517	Establish/Maintain Documentation	Preventive
Configure wireless communication to be encrypted using strong cryptography. CC ID 06078 [Protect wireless access to the system using authentication and encryption. 03.01.16 d.]	Configuration	Preventive
Configure Wireless Access Points in accordance with organizational standards. CC ID 12477	Configuration	Preventive
Enable two-factor authentication for identifying and authenticating Wireless Local Area Network users. CC ID 04595 [Protect wireless access to the system using authentication and encryption. 03.01.16 d.]	Configuration	Preventive
Enable or disable all wireless interfaces, as necessary. CC ID 05755 [Disable, when not intended for use, wireless networking capabilities prior to issuance and deployment. 03.01.16 c.]	Configuration	Preventive
Configure mobile device settings in accordance with organizational standards. CC ID 04600 [Establish usage restrictions, configuration requirements, and connection requirements for mobile devices. 03.01.18 a.]	Configuration	Preventive
Configure mobile devices to enable remote wipe. CC ID 12212	Configuration	Preventive
Configure prohibiting the circumvention of security controls on mobile devices. CC ID 12335	Configuration	Preventive
Configure Apple iOS to Organizational Standards. CC ID 09986	Establish/Maintain Documentation	Preventive
Configure the "VPN" setting to organizational standards. CC ID 09987	Configuration	Preventive
Configure the "Fraudulent Website Warning" setting to organizational standards. CC ID 09988	Configuration	Preventive
Configure the "With Authentication" setting to organizational standards. CC ID 09989	Configuration	Preventive
Configure the "Auto-Join" setting to organizational standards. CC ID 09990	Configuration	Preventive
Configure the "AirDrop Discoverability" setting to organizational standards. CC ID 09991	Configuration	Preventive
Configure the "Wi-Fi" setting to organizational standards. CC ID 09992	Configuration	Preventive
Configure the "Personal Hotspot" setting to organizational standards. CC ID 09994	Configuration	Preventive
Configure the "Notifications View" setting for "Access on Lock Screen" to organizational standards. CC ID 09995	Configuration	Preventive
Configure the "Find My iPhone" setting to organizational standards. CC ID 09996	Configuration	Preventive
Configure the "iPhone Unlock" setting to organizational standards. CC ID 09997	Configuration	Preventive
Configure the "Access on Lock Screen" setting to organizational standards. CC ID 09998	Configuration	Preventive
Configure the "Forget this Network" setting to organizational standards. CC ID 09999	Configuration	Preventive
Configure the "Ask to Join Networks" setting to organizational standards. CC ID 10000	Configuration	Preventive
Configure the "Fraudulent Website Warning" setting to organizational standards. CC ID 10001	Configuration	Preventive
Configure the "Credit Cards" setting to organizational standards. CC ID 10002	Configuration	Preventive
Configure the "Saved Credit Card Information" setting to organizational standards. CC ID 10003	Configuration	Preventive
Configure the "Do Not Track" setting to organizational standards. CC ID 10004	Configuration	Preventive
Configure the "With Authentication" setting to organizational standards. CC ID 10005	Configuration	Preventive
Configure the "Allow Move" setting to organizational standards. CC ID 10006	Configuration	Preventive
Configure the "Use Only in Mail" setting to organizational standards. CC ID 10007	Configuration	Preventive
Configure mobile devices to organizational standards. CC ID 04639	Configuration	Preventive
Configure mobile devices to separate organizational data from personal data. CC ID 16463	Configuration	Preventive
Configure the mobile device properties to organizational standards. CC ID 04640	Configuration	Preventive
Configure the mobile device menu items to organizational standards. CC ID 04641	Configuration	Preventive
Configure the BlackBerry handheld device driver settings. CC ID 04642	Configuration	Preventive
Verify only BlackBerry Enterprise Server e-mail software and e-mail hardware is being used. CC ID 04601	Technical Security	Preventive
Configure the BlackBerry Enterprise Server with either BlackBerry DMZ Solution or the BlackBerry firewall solution. CC ID 04602	Configuration	Preventive
Configure automatic master key generation on the BlackBerry Enterprise Server. CC ID 04608	Configuration	Preventive
Train BlackBerry handheld device users on the Bluetooth Smart Card Reader's proper usage. CC ID 04603	Behavior	Preventive
Verify metamessage software is not installed on BlackBerry handheld devices. CC ID 04604	Technical Security	Preventive
Configure e-mail messages to not display a signature line stating the message was sent from a Portable Electronic Device. CC ID 04605	Configuration	Preventive
Verify only the specific mobile device web browser software is installed. CC ID 04606	Configuration	Preventive
Update the software and master keys for mobile Personal Electronic Devices every 30 days. CC ID 04607	Configuration	Preventive
Enable content protection on mobile devices. CC ID 04609	Configuration	Preventive
Configure the application policy groups for each mobile Personal Electronic Device. CC ID 04610	Configuration	Preventive
Configure the BlackBerry Messenger policy group settings. CC ID 04611	Configuration	Preventive
Configure the Camera policy group settings. CC ID 04614	Configuration	Preventive
Configure the Bluetooth policy group settings. CC ID 04612	Configuration	Preventive
Configure the Bluetooth Smart Card Reader policy group settings. CC ID 04613	Configuration	Preventive
Configure the Browser policy group settings. CC ID 04615	Configuration	Preventive
Configure the Certificate Sync policy group settings. CC ID 04616	Configuration	Preventive
Configure the CMIME policy group settings. CC ID 04617	Configuration	Preventive
Configure the Common policy group settings. CC ID 04618	Configuration	Preventive
Configure the Desktop-only policy group settings. CC ID 04619	Configuration	Preventive
Configure the IOT Application policy group settings. CC ID 04620	Configuration	Preventive
Configure the Device-only policy group settings. CC ID 04621	Configuration	Preventive
Configure the Desktop policy group settings. CC ID 04622	Configuration	Preventive
Configure the Global items policy group settings. CC ID 04623	Configuration	Preventive
Configure the Location Based Services policy group settings. CC ID 04624	Configuration	Preventive
Configure the MDS policy group settings. CC ID 04625	Configuration	Preventive
Configure the On-Device Help policy group settings. CC ID 04626	Configuration	Preventive
Configure the Password policy group settings. CC ID 04627	Configuration	Preventive
Configure the PIM Sync policy group settings. CC ID 04628	Configuration	Preventive
Configure the Secure E-mail policy group settings. CC ID 04629	Configuration	Preventive
Configure the Memory Cleaner policy group settings. CC ID 04630	Configuration	Preventive
Configure the Security policy group settings. CC ID 04631	Configuration	Preventive
Configure the Service Exclusivity policy group settings. CC ID 04632	Configuration	Preventive
Configure the SIM Application Toolkit policy group settings. CC ID 04633	Configuration	Preventive
Configure the Smart Dialing policy group settings. CC ID 04634	Configuration	Preventive
Configure the S/MIME policy group settings. CC ID 04635	Configuration	Preventive
Configure the TCP policy group settings. CC ID 04636	Configuration	Preventive
Configure the WTLS (Application) policy group settings. CC ID 04638	Configuration	Preventive
Configure emergency and critical e-mail notifications so that they are digitally signed. CC ID 04841	Configuration	Preventive
Enable data-at-rest encryption on mobile devices. CC ID 04842	Configuration	Preventive
Disable the capability to automatically execute code on mobile devices absent user direction. CC ID 08705	Configuration	Preventive
Configure environmental sensors on mobile devices. CC ID 10667	Configuration	Preventive
Prohibit the remote activation of environmental sensors on mobile devices. CC ID 10666	Configuration	Preventive
Configure the mobile device to explicitly show when an environmental sensor is in use. CC ID 10668	Configuration	Preventive
Configure the environmental sensor to report collected data to designated personnel only. CC ID 10669	Configuration	Preventive
Configure Account settings in accordance with organizational standards. CC ID 07603	Configuration	Preventive
Configure the "Account lockout duration" to organizational standards. CC ID 07771 [Automatically [Selection (one or more): lock the account or node for an [Assignment: organization-defined time period]; lock the account or node until released by an administrator; delay next logon prompt; notify system administrator; take other action] when the maximum number of unsuccessful attempts is exceeded. 03.01.08 b.]	Configuration	Preventive
Configure Logging settings in accordance with organizational standards. CC ID 07611	Configuration	Preventive
Configure the detailed data elements to be captured for all logs so that events are identified by type, location, subject, user, what data was accessed, etc. CC ID 06331 [{place} Include the following content in audit records: Where the event occurred 03.03.02 a.3. Provide additional information for audit records as needed. 03.03.02 b.]	Configuration	Preventive
Configure the log to capture creates, reads, updates, or deletes of records containing personal data. CC ID 11890	Log Management	Detective
Configure the log to capture the information referent when personal data is being accessed. CC ID 11968	Log Management	Detective
Configure the log to capture the user's identification. CC ID 01334 [Include the following content in audit records: Identity of the individuals, subjects, objects, or entities associated with the event 03.03.02 a.6.]	Configuration	Preventive
Configure the log to capture a date and time stamp. CC ID 01336 [{time} Include the following content in audit records: When the event occurred 03.03.02 a.2. Record time stamps for audit records that meet [Assignment: organization-defined granularity of time measurement] and that use Coordinated Universal Time (UTC), have a fixed local time offset from UTC, or include the local time offset as part of the time stamp. 03.03.07 b.]	Configuration	Preventive
Configure the log to capture each auditable event's origination. CC ID 01338 [Include the following content in audit records: Source of the event 03.03.02 a.4.]	Log Management	Detective
Configure the log to uniquely identify each asset. CC ID 01339 [Include the following content in audit records: Identity of the individuals, subjects, objects, or entities associated with the event 03.03.02 a.6.]	Configuration	Preventive
Configure the log to capture remote access information. CC ID 05596	Configuration	Detective
Configure the log to capture the type of each event. CC ID 06423 [Include the following content in audit records: What type of event occurred 03.03.02 a.1.]	Configuration	Preventive
Configure the log to capture the details of electronic signature transactions. CC ID 16910	Log Management	Preventive
Configure the log to uniquely identify each accessed record. CC ID 16909	Log Management	Preventive
Configure the log to capture each event's success or failure indication. CC ID 06424 [Include the following content in audit records: Outcome of the event 03.03.02 a.5.]	Configuration	Preventive
Configure all logs to capture auditable events or actionable events. CC ID 06332	Configuration	Preventive
Configure the log to capture actions taken by individuals with root privileges or administrative privileges and add logging option to the root file system. CC ID 00645 [Log the execution of privileged functions. 03.01.07 b.]	Log Management	Detective
Configure the event log settings for specific Operating System functions. CC ID 06337	Configuration	Preventive
Generate an alert when an audit log failure occurs. CC ID 06737 [Alert organizational personnel or roles within [Assignment: organization-defined time period] in the event of an audit logging process failure. 03.03.04 a.]	Configuration	Preventive
Configure Key, Certificate, Password, Authentication and Identity Management settings in accordance with organizational standards. CC ID 07621	Configuration	Preventive
Configure the "Password must meet complexity requirements" to organizational standards. CC ID 07743 [Enforce the following composition and complexity rules for passwords: [Assignment: organization-defined composition and complexity rules]. 03.05.07 f.]	Configuration	Preventive
Configure the "Enforce password history" to organizational standards. CC ID 07877 [Prevent the reuse of identifiers for [Assignment: organization-defined time period]. 03.05.05 c.]	Configuration	Preventive
Configure security and protection software according to Organizational Standards. CC ID 11917	Configuration	Preventive
Configure security and protection software to check for up-to-date signature files. CC ID 00576 [Update malicious code protection mechanisms as new releases are available in accordance with configuration management policies and procedures. 03.14.02 b.]	Testing	Detective
Configure security and protection software to check e-mail attachments. CC ID 11860 [Configure malicious code protection mechanisms to: Perform scans of the system [Assignment: organization-defined frequency] and real-time scans of files from external sources at endpoints or system entry and exit points as the files are downloaded, opened, or executed; and 03.14.02 c.1.]	Configuration	Preventive
Establish, implement, and maintain a Configuration Baseline Documentation Record. CC ID 02130 [Review and update the baseline configuration of the system [Assignment: organization-defined frequency] and when system components are installed or modified. 03.04.01 b.]	Establish/Maintain Documentation	Preventive
Document and approve any changes to the Configuration Baseline Documentation Record. CC ID 12104	Establish/Maintain Documentation	Preventive
Create a hardened image of the baseline configuration to be used for building new systems. CC ID 07063	Configuration	Preventive
Store master images on securely configured servers. CC ID 12089	Technical Security	Preventive
Test systems to ensure they conform to configuration baselines. CC ID 13062	Testing	Detective
Update the security configuration of hardened images, as necessary. CC ID 12088	Technical Security	Corrective
Audit the configuration of organizational assets, as necessary. CC ID 13653 [Monitor and review activities associated with configuration-controlled changes to the system. 03.04.03 d.]	Audits and Risk Management	Detective
Audit assets after maintenance was performed. CC ID 13657	Audits and Risk Management	Detective

Systems design, build, and implementation

Mandated - bold Implied - italic Implementation - regular	TYPE	CLASS
KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term
Systems design, build, and implementation CC ID 00989	IT Impact Zone	IT Impact Zone
Initiate the System Development Life Cycle planning phase. CC ID 06266	Systems Design, Build, and Implementation	Preventive
Establish, implement, and maintain system design principles and system design guidelines. CC ID 01057	Establish/Maintain Documentation	Preventive
Establish, implement, and maintain security design principles. CC ID 14718 [Apply the following systems security engineering principles to the development or modification of the system and system components: [Assignment: organization-defined systems security engineering principles]. 03.16.01 ¶ 1]	Systems Design, Build, and Implementation	Preventive
Include reduced complexity of systems or system components in the security design principles. CC ID 14753	Systems Design, Build, and Implementation	Preventive
Include self-reliant trustworthiness of systems or system components in the security design principles. CC ID 14752	Systems Design, Build, and Implementation	Preventive
Include partially ordered dependencies of systems or system components in the security design principles. CC ID 14751	Systems Design, Build, and Implementation	Preventive
Include modularity and layering of systems or system components in the security design principles. CC ID 14750	Systems Design, Build, and Implementation	Preventive
Include secure evolvability of systems or system components in the security design principles. CC ID 14749	Systems Design, Build, and Implementation	Preventive
Include continuous protection of systems or system components in the security design principles. CC ID 14748	Establish/Maintain Documentation	Preventive
Include least common mechanisms between systems or system components in the security design principles. CC ID 14747	Systems Design, Build, and Implementation	Preventive
Include secure system modification of systems or system components in the security design principles. CC ID 14746	Systems Design, Build, and Implementation	Preventive
Include clear abstractions of systems or system components in the security design principles. CC ID 14745	Systems Design, Build, and Implementation	Preventive
Include secure failure and recovery of systems or system components in the security design principles. CC ID 14744	Systems Design, Build, and Implementation	Preventive
Include repeatable and documented procedures for systems or system components in the security design principles. CC ID 14743	Systems Design, Build, and Implementation	Preventive
Include least privilege of systems or system components in the security design principles. CC ID 14742	Systems Design, Build, and Implementation	Preventive
Include minimized sharing of systems or system components in the security design principles. CC ID 14741	Systems Design, Build, and Implementation	Preventive
Include acceptable security of systems or system components in the security design principles. CC ID 14740	Systems Design, Build, and Implementation	Preventive
Include minimized security elements in systems or system components in the security design principles. CC ID 14739	Systems Design, Build, and Implementation	Preventive
Include hierarchical protection in systems or system components in the security design principles. CC ID 14738	Systems Design, Build, and Implementation	Preventive
Include self-analysis of systems or system components in the security design principles. CC ID 14737	Systems Design, Build, and Implementation	Preventive
Include inverse modification thresholds in systems or system components in the security design principles. CC ID 14736	Systems Design, Build, and Implementation	Preventive
Include efficiently mediated access to systems or system components in the security design principles. CC ID 14735	Systems Design, Build, and Implementation	Preventive
Include secure distributed composition of systems or system components in the security design principles. CC ID 14734	Systems Design, Build, and Implementation	Preventive
Include minimization of systems or system components in the security design principles. CC ID 14733	Systems Design, Build, and Implementation	Preventive
Include secure defaults in systems or system components in the security design principles. CC ID 14732	Systems Design, Build, and Implementation	Preventive
Include trusted communications channels for systems or system components in the security design principles. CC ID 14731	Systems Design, Build, and Implementation	Preventive
Include economic security in systems or system components in the security design principles. CC ID 14730	Systems Design, Build, and Implementation	Preventive
Include trusted components of systems or system components in the security design principles. CC ID 14729	Systems Design, Build, and Implementation	Preventive
Include procedural rigor in systems or system components in the security design principles. CC ID 14728	Systems Design, Build, and Implementation	Preventive
Include accountability and traceability of systems or system components in the security design principles. CC ID 14727	Systems Design, Build, and Implementation	Preventive
Include hierarchical trust in systems or system components in the security design principles. CC ID 14726	Systems Design, Build, and Implementation	Preventive
Include sufficient documentation for systems or system components in the security design principles. CC ID 14725	Systems Design, Build, and Implementation	Preventive
Include performance security of systems or system components in the security design principles. CC ID 14724	Systems Design, Build, and Implementation	Preventive
Include human factored security in systems or system components in the security design principles. CC ID 14723	Systems Design, Build, and Implementation	Preventive
Include secure metadata management of systems or system components in the security design principles. CC ID 14722	Systems Design, Build, and Implementation	Preventive
Include predicate permission of systems or system components in the security design principles. CC ID 14721	Systems Design, Build, and Implementation	Preventive

Technical security

359

Mandated - bold Implied - italic Implementation - regular	TYPE	CLASS
KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term
Technical security CC ID 00508	IT Impact Zone	IT Impact Zone
Establish, implement, and maintain an access control program. CC ID 11702	Establish/Maintain Documentation	Preventive
Establish, implement, and maintain an access rights management plan. CC ID 00513	Establish/Maintain Documentation	Preventive
Inventory all user accounts. CC ID 13732 [Define the types of system accounts allowed and prohibited. 03.01.01 a.]	Establish/Maintain Documentation	Preventive
Identify information system users. CC ID 12081 [Specify: Authorized users of the system, 03.01.01 c.1.]	Technical Security	Detective
Review user accounts. CC ID 00525 [Monitor the use of system accounts. 03.01.01 e.]	Technical Security	Detective
Match user accounts to authorized parties. CC ID 12126	Configuration	Detective
Identify and authenticate processes running on information systems that act on behalf of users. CC ID 12082 [Allow only authorized system access for users (or processes acting on behalf of users) that is necessary to accomplish assigned organizational tasks. 03.01.05 a. Uniquely identify and authenticate system users, and associate that unique identification with processes acting on behalf of those users. 03.05.01 a.]	Technical Security	Detective
Establish and maintain contact information for user accounts, as necessary. CC ID 15418	Data and Information Management	Preventive
Review shared accounts. CC ID 11840	Technical Security	Detective
Control access rights to organizational assets. CC ID 00004 [Restrict access to CUI on system media to authorized personnel or roles. 03.08.02 ¶ 1]	Technical Security	Preventive
Configure access control lists in accordance with organizational standards. CC ID 16465	Configuration	Preventive
Add all devices requiring access control to the Access Control List. CC ID 06264	Establish/Maintain Documentation	Preventive
Generate but refrain from storing authenticators or Personal Identification Numbers for systems involved in high risk activities. CC ID 06835	Technical Security	Preventive
Disallow application IDs from running as privileged users. CC ID 10050	Configuration	Detective
Define roles for information systems. CC ID 12454 [Specify: Group and role membership, and 03.01.01 c.2.]	Human Resources Management	Preventive
Define access needs for each role assigned to an information system. CC ID 12455	Human Resources Management	Preventive
Define access needs for each system component of an information system. CC ID 12456	Technical Security	Preventive
Define the level of privilege required for each system component of an information system. CC ID 12457	Technical Security	Preventive
Establish access rights based on least privilege. CC ID 01411 [Allow only authorized system access for users (or processes acting on behalf of users) that is necessary to accomplish assigned organizational tasks. 03.01.05 a.]	Technical Security	Preventive
Assign user permissions based on job responsibilities. CC ID 00538 [Authorize access to the system based on: Intended system usage. 03.01.01 d.2.]	Technical Security	Preventive
Assign user privileges after they have management sign off. CC ID 00542	Technical Security	Preventive
Separate processing domains to segregate user privileges and enhance information flow control. CC ID 06767	Configuration	Preventive
Establish, implement, and maintain lockout procedures or lockout mechanisms to be triggered after a predetermined number of consecutive logon attempts. CC ID 01412 [Enforce a limit of [Assignment: organization-defined number] consecutive invalid logon attempts by a user during a [Assignment: organization-defined time period]. 03.01.08 a. Automatically [Selection (one or more): lock the account or node for an [Assignment: organization-defined time period]; lock the account or node until released by an administrator; delay next logon prompt; notify system administrator; take other action] when the maximum number of unsuccessful attempts is exceeded. 03.01.08 b. Automatically [Selection (one or more): lock the account or node for an [Assignment: organization-defined time period]; lock the account or node until released by an administrator; delay next logon prompt; notify system administrator; take other action] when the maximum number of unsuccessful attempts is exceeded. 03.01.08 b.]	Technical Security	Preventive
Configure the lockout procedure to disregard failed logon attempts after the user is authenticated. CC ID 13822	Configuration	Preventive
Notify appropriate parties when the maximum number of unsuccessful logon attempts is exceeded. CC ID 17164 [Automatically [Selection (one or more): lock the account or node for an [Assignment: organization-defined time period]; lock the account or node until released by an administrator; delay next logon prompt; notify system administrator; take other action] when the maximum number of unsuccessful attempts is exceeded. 03.01.08 b.]	Communicate	Preventive
Notify the user when an authentication is attempted using an expired authenticator. CC ID 13818	Communicate	Corrective
Disallow unlocking user accounts absent system administrator approval. CC ID 01413 [Automatically [Selection (one or more): lock the account or node for an [Assignment: organization-defined time period]; lock the account or node until released by an administrator; delay next logon prompt; notify system administrator; take other action] when the maximum number of unsuccessful attempts is exceeded. 03.01.08 b.]	Technical Security	Preventive
Establish, implement, and maintain session lock capabilities. CC ID 01417 [Prevent access to the system by [Selection (one or more): initiating a device lock after [Assignment: organization-defined time period] of inactivity; requiring the user to initiate a device lock before leaving the system unattended]. 03.01.10 a.]	Configuration	Preventive
Limit concurrent sessions according to account type. CC ID 01416	Configuration	Preventive
Establish session authenticity through Transport Layer Security. CC ID 01627 [Protect the authenticity of communications sessions. 03.13.15 ¶ 1]	Technical Security	Preventive
Configure the "tlsverify" argument to organizational standards. CC ID 14460	Configuration	Preventive
Configure the "tlscacert" argument to organizational standards. CC ID 14521	Configuration	Preventive
Configure the "tlscert" argument to organizational standards. CC ID 14520	Configuration	Preventive
Configure the "tlskey" argument to organizational standards. CC ID 14519	Configuration	Preventive
Enable access control for objects and users on each system. CC ID 04553	Configuration	Preventive
Include all system components in the access control system. CC ID 11939	Technical Security	Preventive
Set access control for objects and users to "deny all" unless explicitly authorized. CC ID 06301	Process or Activity	Preventive
Enable access control for objects and users to match restrictions set by the system's security classification. CC ID 04850	Technical Security	Preventive
Enable attribute-based access control for objects and users on information systems. CC ID 16351	Technical Security	Preventive
Enable role-based access control for objects and users on information systems. CC ID 12458	Technical Security	Preventive
Include the objects and users subject to access control in the security policy. CC ID 11836	Establish/Maintain Documentation	Preventive
Assign Information System access authorizations if implementing segregation of duties. CC ID 06323	Establish Roles	Preventive
Enforce access restrictions for change control. CC ID 01428 [{physical access restriction} Define, document, approve, and enforce physical and logical access restrictions associated with changes to the system. 03.04.05 ¶ 1 {physical access restriction} Define, document, approve, and enforce physical and logical access restrictions associated with changes to the system. 03.04.05 ¶ 1 {physical access restriction} Define, document, approve, and enforce physical and logical access restrictions associated with changes to the system. 03.04.05 ¶ 1]	Technical Security	Preventive
Enforce access restrictions for restricted data. CC ID 01921	Data and Information Management	Preventive
Permit a limited set of user actions absent identification and authentication. CC ID 04849	Technical Security	Preventive
Perform a risk assessment prior to activating third party access to the organization's critical systems. CC ID 06455	Testing	Detective
Activate third party maintenance accounts and user identifiers, as necessary. CC ID 04262	Technical Security	Preventive
Establish, implement, and maintain a system use agreement for each information system. CC ID 06500 [Prohibit the use of external systems unless the systems are specifically authorized. 03.01.20 a. Establish the following security requirements to be satisfied on external systems prior to allowing use of or access to those systems by authorized individuals: [Assignment: organization-defined security requirements]. 03.01.20 b.]	Establish/Maintain Documentation	Preventive
Accept and sign the system use agreement before data or system access is enabled. CC ID 06501	Establish/Maintain Documentation	Preventive
Display a logon banner and appropriate logon message before granting access to the system. CC ID 06770 [{privacy notices} Display a system use notification message with privacy and security notices consistent with applicable CUI rules before granting access to the system. 03.01.09 ¶ 1]	Technical Security	Preventive
Display previous logon information in the logon banner. CC ID 01415	Configuration	Preventive
Document actions that can be performed on an information system absent identification and authentication of the user. CC ID 06771	Establish/Maintain Documentation	Preventive
Use automatic equipment identification as a method of connection authentication absent an individual's identification and authentication. CC ID 06964	Technical Security	Preventive
Control user privileges. CC ID 11665 [{information system} Restrict s="term_primary-noun">privileged accounts on the system to [Assignment: organization-defined personnel or roles]. 03.01.06 a. Specify: Access authorizations (i.e., privileges) for each account. 03.01.01 c.3.]	Technical Security	Preventive
Establish and maintain a list of individuals authorized to perform privileged functions. CC ID 17005	Establish/Maintain Documentation	Preventive
Review all user privileges, as necessary. CC ID 06784 [Review the privileges assigned to roles or classes of users [Assignment: organization-defined frequency] to validate the need for such privileges. 03.01.05 c. Reassign or remove privileges, as necessary. 03.01.05 d.]	Technical Security	Preventive
Revoke asset access when a personnel status change occurs or an individual is terminated. CC ID 00516	Behavior	Corrective
Encrypt files and move them to a secure file server when a user account is disabled. CC ID 07065	Configuration	Preventive
Review and update accounts and access rights when notified of personnel status changes. CC ID 00788 [When individuals are reassigned or transferred to other positions in the organization: Review and confirm the ongoing operational need for current logical and physical access authorizations to the system and facility, and 03.09.02 b.1. When individuals are reassigned or transferred to other positions in the organization: Modify access authorization to correspond with any changes in operational need. 03.09.02 b.2.]	Behavior	Corrective
Review each user's access capabilities when their role changes. CC ID 00524	Technical Security	Preventive
Change authenticators after personnel status changes. CC ID 12284	Human Resources Management	Preventive
Establish and maintain a Digital Rights Management program. CC ID 07093	Establish/Maintain Documentation	Preventive
Enable products restricted by Digital Rights Management to be used while offline. CC ID 07094	Technical Security	Preventive
Establish, implement, and maintain User Access Management procedures. CC ID 00514	Technical Security	Preventive
Establish, implement, and maintain an authority for access authorization list. CC ID 06782	Establish/Maintain Documentation	Preventive
Review and approve logical access to all assets based upon organizational policies. CC ID 06641 [Enforce approved authorizations for logical access to CUI and system resources in accordance with applicable access control policies. 03.01.02 ¶ 1 Receive authorization from organizational personnel or roles to assign an individual, group, role, service, or device identifier. 03.05.05 a.]	Technical Security	Preventive
Control the addition and modification of user identifiers, user credentials, or other authenticators. CC ID 00515 [Select and assign an identifier that identifies an individual, group, role, service, or device. 03.05.05 b.]	Technical Security	Preventive
Assign roles and responsibilities for administering user account management. CC ID 11900	Human Resources Management	Preventive
Automate access control methods, as necessary. CC ID 11838	Technical Security	Preventive
Automate Access Control Systems, as necessary. CC ID 06854	Technical Security	Preventive
Refrain from storing logon credentials for third party applications. CC ID 13690	Technical Security	Preventive
Refrain from allowing user access to identifiers and authenticators used by applications. CC ID 10048	Technical Security	Preventive
Notify interested personnel when user accounts are added or deleted. CC ID 14327	Communicate	Detective
Remove inactive user accounts, as necessary. CC ID 00517 [Disable system accounts when: The accounts have expired, 03.01.01 f.1. Disable system accounts when: The accounts have been inactive for [Assignment: organization-defined time period], 03.01.01 f.2. Disable system accounts when: The accounts are no longer associated with a user or individual, 03.01.01 f.3. Disable system accounts when: The accounts are in violation of organizational policy, or 03.01.01 f.4.]	Technical Security	Corrective
Establish, implement, and maintain user accounts in accordance with the organizational Governance, Risk, and Compliance framework. CC ID 00526 [Define the types of system accounts allowed and prohibited. 03.01.01 a. Create, enable, modify, disable, and remove system accounts in accordance with policy, procedures, prerequisites, and criteria. 03.01.01 b. Create, enable, modify, disable, and remove system accounts in accordance with policy, procedures, prerequisites, and criteria. 03.01.01 b. Create, enable, modify, disable, and remove system accounts in accordance with policy, procedures, prerequisites, and criteria. 03.01.01 b. Create, enable, modify, disable, and remove system accounts in accordance with policy, procedures, prerequisites, and criteria. 03.01.01 b. Disable system accounts when: Significant risks associated with individuals are discovered. 03.01.01 f.5.]	Technical Security	Preventive
Establish, implement, and maintain access control procedures. CC ID 11663	Establish/Maintain Documentation	Preventive
Grant access to authorized personnel or systems. CC ID 12186 [Authorize access to the system based on: A valid access authorization and 03.01.01 d.1. Authorize access to [Assignment: organization-defined security functions] and [Assignment: organization-defined security-relevant information]. 03.01.05 b.]	Configuration	Preventive
Document approving and granting access in the access control log. CC ID 06786	Establish/Maintain Documentation	Preventive
Disseminate and communicate the access control log to interested personnel and affected parties. CC ID 16442	Communicate	Preventive
Include the user identifiers of all personnel who are authorized to access a system in the system record. CC ID 15171	Establish/Maintain Documentation	Preventive
Include identity information of all personnel who are authorized to access a system in the system record. CC ID 16406	Establish/Maintain Documentation	Preventive
Include the user's location in the system record. CC ID 16996	Log Management	Preventive
Include the date and time that access was reviewed in the system record. CC ID 16416	Data and Information Management	Preventive
Include the date and time that access rights were changed in the system record. CC ID 16415	Establish/Maintain Documentation	Preventive
Include digital identification procedures in the access control program. CC ID 11841	Technical Security	Preventive
Employ unique identifiers. CC ID 01273 [{be unique} Manage individual identifiers by uniquely identifying each individual as [Assignment: organization-defined characteristic identifying individual status]. 03.05.05 d. Select and assign an identifier that identifies an individual, group, role, service, or device. 03.05.05 b. Uniquely identify and authenticate system users, and associate that unique identification with processes acting on behalf of those users. 03.05.01 a.]	Testing	Detective
Disseminate and communicate user identifiers and authenticators using secure communication protocols. CC ID 06791 [{lost authenticators} {compromised authenticators} Establish and implement administrative procedures for initial authenticator distribution; for lost, compromised, or damaged authenticators; and for revoking authenticators. 03.05.12 c.]	Data and Information Management	Preventive
Authenticate user identities before manually resetting an authenticator. CC ID 04567 [Verify the identity of the individual, group, role, service, or device receiving the authenticator as part of the initial authenticator distribution. 03.05.12 a.]	Testing	Detective
Require proper authentication for user identifiers. CC ID 11785	Technical Security	Preventive
Assign authentication mechanisms for user account authentication. CC ID 06856	Configuration	Preventive
Establish and maintain a memorized secret list. CC ID 13791 [{commonly used passwords} Maintain a list of commonly-used, expected, or compromised passwords, and update the list [Assignment: organization-defined frequency] and when organizational passwords are suspected to have been compromised. 03.05.07 a. {commonly used passwords} Verify that passwords are not found on the list of commonly used, expected, or compromised passwords when users create or update passwords. 03.05.07 b.]	Establish/Maintain Documentation	Preventive
Identify and control all network access controls. CC ID 00529	Technical Security	Preventive
Establish, implement, and maintain a network configuration standard. CC ID 00530 [Establish usage restrictions, configuration requirements, and connection requirements for each type of allowable remote system access. 03.01.12 a.]	Establish/Maintain Documentation	Preventive
Establish, implement, and maintain network segmentation requirements. CC ID 16380	Establish/Maintain Documentation	Preventive
Enforce the network segmentation requirements. CC ID 16381	Process or Activity	Preventive
Protect system or device management and control planes from unwanted user plane traffic. CC ID 17063	Technical Security	Preventive
Ensure the data plane, control plane, and management plane have been segregated according to organizational standards. CC ID 16385	Technical Security	Preventive
Establish, implement, and maintain a network security policy. CC ID 06440	Establish/Maintain Documentation	Preventive
Include compliance requirements in the network security policy. CC ID 14205	Establish/Maintain Documentation	Preventive
Include coordination amongst entities in the network security policy. CC ID 14204	Establish/Maintain Documentation	Preventive
Include management commitment in the network security policy. CC ID 14203	Establish/Maintain Documentation	Preventive
Include roles and responsibilities in the network security policy. CC ID 14202	Establish/Maintain Documentation	Preventive
Include the scope in the network security policy. CC ID 14201	Establish/Maintain Documentation	Preventive
Include the purpose in the network security policy. CC ID 14200	Establish/Maintain Documentation	Preventive
Disseminate and communicate the network security policy to interested personnel and affected parties. CC ID 14199	Communicate	Preventive
Establish, implement, and maintain system and communications protection procedures. CC ID 14052	Establish/Maintain Documentation	Preventive
Disseminate and communicate the system and communications protection procedures to interested personnel and affected parties. CC ID 14206	Communicate	Preventive
Establish, implement, and maintain a wireless networking policy. CC ID 06732 [Establish usage restrictions, configuration requirements, and connection requirements for each type of wireless access to the system. 03.01.16 a. Establish usage restrictions, configuration requirements, and connection requirements for each type of wireless access to the system. 03.01.16 a. Authorize each type of wireless access to the system prior to establishing such connections. 03.01.16 b.]	Establish/Maintain Documentation	Preventive
Include usage restrictions for Bluetooth in the wireless networking policy. CC ID 16443	Establish/Maintain Documentation	Preventive
Maintain up-to-date network diagrams. CC ID 00531	Establish/Maintain Documentation	Preventive
Include the date of the most recent update on the network diagram. CC ID 14319	Establish/Maintain Documentation	Preventive
Include virtual systems in the network diagram. CC ID 16324	Data and Information Management	Preventive
Include the organization's name in the network diagram. CC ID 14318	Establish/Maintain Documentation	Preventive
Use a passive asset inventory discovery tool to identify assets when network mapping. CC ID 13735	Process or Activity	Detective
Include Internet Protocol addresses in the network diagram. CC ID 16244	Establish/Maintain Documentation	Preventive
Include Domain Name System names in the network diagram. CC ID 16240	Establish/Maintain Documentation	Preventive
Accept, by formal signature, the security implications of the network topology. CC ID 12323	Establish/Maintain Documentation	Preventive
Disseminate and communicate network diagrams to interested personnel and affected parties. CC ID 13137	Communicate	Preventive
Maintain up-to-date data flow diagrams. CC ID 10059	Establish/Maintain Documentation	Preventive
Use an active asset inventory discovery tool to identify sensitive information for data flow diagrams. CC ID 13737	Process or Activity	Detective
Establish, implement, and maintain a sensitive information inventory. CC ID 13736	Establish/Maintain Documentation	Detective
Include information flows to third parties in the data flow diagram. CC ID 13185	Establish/Maintain Documentation	Preventive
Document where data-at-rest and data in transit is encrypted on the data flow diagram. CC ID 16412	Establish/Maintain Documentation	Preventive
Disseminate and communicate the data flow diagrams to interested personnel and affected parties. CC ID 16407	Communicate	Preventive
Manage all external network connections. CC ID 11842 [Authorize the connection of mobile devices to the system. 03.01.18 b. Terminate the network connection associated with a communications session at the end of the session or after [Assignment: organization-defined time period] of inactivity. 03.13.09 ¶ 1]	Technical Security	Preventive
Route outbound Internet traffic through a proxy server that supports decrypting network traffic. CC ID 12116	Technical Security	Preventive
Prevent the insertion of unauthorized network traffic into secure networks. CC ID 17050	Technical Security	Preventive
Prohibit systems from connecting directly to external networks. CC ID 08709	Configuration	Preventive
Prohibit systems from connecting directly to internal networks outside the demilitarized zone (DMZ). CC ID 16360	Technical Security	Preventive
Establish, implement, and maintain a Boundary Defense program. CC ID 00544 [Monitor and control communications at external managed interfaces to the system and key internal managed interfaces within the system. 03.13.01 a. Connect to external systems only through managed interfaces that consist of boundary protection devices arranged in accordance with an organizational security architecture. 03.13.01 c.]	Establish/Maintain Documentation	Preventive
Refrain from disclosing Internet Protocol addresses, routing information, and DNS names, unless necessary. CC ID 11891	Technical Security	Preventive
Authorize the disclosure of private Internet Protocol addresses and routing information to external entities. CC ID 12034	Communicate	Preventive
Segregate systems in accordance with organizational standards. CC ID 12546	Technical Security	Preventive
Implement gateways between security domains. CC ID 16493	Systems Design, Build, and Implementation	Preventive
Implement resource-isolation mechanisms in organizational networks. CC ID 16438	Technical Security	Preventive
Segregate servers that contain restricted data or restricted information from direct public access. CC ID 00533	Technical Security	Preventive
Prevent logical access to dedicated networks from outside the secure areas. CC ID 12310	Technical Security	Preventive
Design Demilitarized Zones with proper isolation rules. CC ID 00532	Technical Security	Preventive
Restrict outbound network traffic out of the Demilitarized Zone. CC ID 16881	Technical Security	Preventive
Restrict inbound network traffic into the Demilitarized Zone. CC ID 01285	Data and Information Management	Preventive
Restrict inbound network traffic into the Demilitarized Zone to destination addresses within the Demilitarized Zone. CC ID 11998	Technical Security	Preventive
Restrict inbound Internet traffic within the Demilitarized Zone to system components that provide publicly accessible services, protocols, and ports. CC ID 11993	Technical Security	Preventive
Segregate applications and databases that contain restricted data or restricted information in an internal network zone. CC ID 01289 [Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. 03.13.01 b.]	Data and Information Management	Preventive
Establish, implement, and maintain a network access control standard. CC ID 00546 [Establish usage restrictions, configuration requirements, and connection requirements for each type of allowable remote system access. 03.01.12 a.]	Establish/Maintain Documentation	Preventive
Include assigned roles and responsibilities in the network access control standard. CC ID 06410	Establish Roles	Preventive
Employ firewalls to secure network connections between networks of different security categorizations. CC ID 16373	Technical Security	Preventive
Employ firewalls to secure network connections between trusted networks and untrusted networks, as necessary. CC ID 11821	Technical Security	Preventive
Place firewalls between security domains and between any Demilitarized Zone and internal network zones. CC ID 01274	Configuration	Preventive
Place firewalls between wireless networks and applications or databases that contain restricted data or restricted information. CC ID 01293	Configuration	Preventive
Place firewalls between all security domains and between any secure subnet and internal network zones. CC ID 11784	Configuration	Preventive
Separate the wireless access points and wireless bridges from the wired network via a firewall. CC ID 04588	Technical Security	Preventive
Include configuration management and rulesets in the network access control standard. CC ID 11845	Establish/Maintain Documentation	Preventive
Secure the network access control standard against unauthorized changes. CC ID 11920	Establish/Maintain Documentation	Preventive
Employ centralized management systems to configure and control networks, as necessary. CC ID 12540	Technical Security	Preventive
Establish, implement, and maintain a firewall and router configuration standard. CC ID 00541	Configuration	Preventive
Include testing and approving all network connections through the firewall in the firewall and router configuration standard. CC ID 01270	Process or Activity	Detective
Include compensating controls implemented for insecure protocols in the firewall and router configuration standard. CC ID 11948	Establish/Maintain Documentation	Preventive
Include reviewing the rulesets for firewalls and routers in the firewall and router configuration standard, as necessary. CC ID 11903	Technical Security	Corrective
Include restricting inbound network traffic in the firewall and router configuration standard. CC ID 11960	Establish/Maintain Documentation	Preventive
Include restricting outbound network traffic in the firewall and router configuration standard. CC ID 11961	Establish/Maintain Documentation	Preventive
Include requirements for a firewall at each Internet connection and between any demilitarized zone and the internal network zone in the firewall and router configuration standard. CC ID 12435	Establish/Maintain Documentation	Preventive
Include network diagrams that identify connections between all subnets and wireless networks in the firewall and router configuration standard. CC ID 12434	Establish/Maintain Documentation	Preventive
Include network diagrams that identify storage or processing locations of all restricted data in the firewall and router configuration standard. CC ID 12426	Establish/Maintain Documentation	Preventive
Deny or strictly control wireless traffic to applications or databases that contain restricted data or restricted information. CC ID 11847	Configuration	Preventive
Include a protocols, ports, applications, and services list in the firewall and router configuration standard. CC ID 00537 [Prohibit or restrict use of the following functions, ports, protocols, connections, and services: [Assignment: organization-defined functions, ports, protocols, connections, and services]. 03.04.06 b.]	Establish/Maintain Documentation	Preventive
Configure network ports to organizational standards. CC ID 14007	Configuration	Preventive
Include approval of the protocols, ports, applications, and services list in the firewall and router configuration standard. CC ID 12547	Establish/Maintain Documentation	Preventive
Include the use of protocols above and beyond common information service protocols in the protocols, ports, applications, and services list in the firewall and router configuration standard. CC ID 00539	Establish/Maintain Documentation	Preventive
Include justifying the use of risky protocols in the protocols, ports, applications, and services list in the firewall and router configuration standard. CC ID 01280	Establish/Maintain Documentation	Preventive
Document and implement security features for each identified insecure service, protocol, and port in the protocols, ports, applications, and services list. CC ID 12033	Establish/Maintain Documentation	Preventive
Identify the insecure services, protocols, and ports in the protocols, ports, applications, and services list in the firewall and router configuration. CC ID 12032 [Review the system [Assignment: organization-defined frequency] to identify unnecessary or nonsecure functions, ports, protocols, connections, and services. 03.04.06 c.]	Establish/Maintain Documentation	Preventive
Disseminate and communicate the protocols, ports, applications, and services list to interested personnel and affected parties. CC ID 17089	Communicate	Preventive
Install and configure firewalls to be enabled on all mobile devices, if possible. CC ID 00550	Configuration	Preventive
Lock personal firewall configurations to prevent them from being disabled or changed by end users. CC ID 06420	Technical Security	Preventive
Configure network access and control points to protect restricted information and restricted functions. CC ID 01284	Configuration	Preventive
Protect data stored at external locations. CC ID 16333	Data and Information Management	Preventive
Configure security alerts in firewalls to include the source Internet protocol address and destination Internet protocol address associated with long sessions. CC ID 12174	Configuration	Detective
Protect the firewall's network connection interfaces. CC ID 01955	Technical Security	Preventive
Configure firewalls to deny all traffic by default, except explicitly designated traffic. CC ID 00547 [Deny network communications traffic by default, and allow network communications traffic by exception. 03.13.06 ¶ 1]	Configuration	Preventive
Allow local program exceptions on the firewall, as necessary. CC ID 01956	Configuration	Preventive
Allow remote administration exceptions on the firewall, as necessary. CC ID 01957	Configuration	Preventive
Allow file sharing exceptions on the firewall, as necessary. CC ID 01958	Configuration	Preventive
Allow printer sharing exceptions on the firewall, as necessary. CC ID 11849	Configuration	Preventive
Allow Internet Control Message Protocol exceptions on the firewall, as necessary. CC ID 01959	Configuration	Preventive
Allow Remote Desktop Connection exceptions on the firewall, as necessary. CC ID 01960	Configuration	Preventive
Allow UPnP framework exceptions on the firewall, as necessary. CC ID 01961	Configuration	Preventive
Allow notification exceptions on the firewall, as necessary. CC ID 01962	Configuration	Preventive
Allow unicast response to multicast or broadcast exceptions on the firewall, as necessary. CC ID 01964	Configuration	Preventive
Allow protocol port exceptions on the firewall, as necessary. CC ID 01965	Configuration	Preventive
Allow local port exceptions on the firewall, as necessary. CC ID 01966	Configuration	Preventive
Establish, implement, and maintain internet protocol address filters on the firewall, as necessary CC ID 01287	Configuration	Preventive
Configure firewalls to perform dynamic packet filtering. CC ID 01288	Testing	Detective
Establish, implement, and maintain packet filtering requirements. CC ID 16362	Technical Security	Preventive
Filter packets based on IPv6 header fields. CC ID 17048	Technical Security	Preventive
Configure firewall filtering to only permit established connections into the network. CC ID 12482	Technical Security	Preventive
Restrict outbound network traffic from systems that contain restricted data or restricted information. CC ID 01295	Data and Information Management	Preventive
Filter traffic at firewalls based on application layer attributes. CC ID 17054	Technical Security	Preventive
Deny direct Internet access to databases that store restricted data or restricted information. CC ID 01271	Data and Information Management	Preventive
Synchronize and secure all router configuration files. CC ID 01291	Configuration	Preventive
Synchronize and secure all firewall configuration files. CC ID 11851	Configuration	Preventive
Configure firewalls to generate an audit log. CC ID 12038	Audits and Risk Management	Preventive
Configure firewalls to generate an alert when a potential security incident is detected. CC ID 12165	Configuration	Preventive
Record the configuration rules for network access and control points in the configuration management system. CC ID 12105	Establish/Maintain Documentation	Preventive
Record the duration of the business need associated with changes to the configuration rules for network access and control points in the configuration management system. CC ID 12107	Establish/Maintain Documentation	Preventive
Record each individual's name and business need associated with changes to the configuration rules for network access and control points in the configuration management system. CC ID 12106	Establish/Maintain Documentation	Preventive
Configure network access and control points to organizational standards. CC ID 12442	Configuration	Detective
Install and configure application layer firewalls for all key web-facing applications. CC ID 01450	Configuration	Preventive
Update application layer firewalls to the most current version. CC ID 12037	Process or Activity	Preventive
Enforce information flow control. CC ID 11781	Monitor and Evaluate Occurrences	Preventive
Establish, implement, and maintain information flow control configuration standards. CC ID 01924	Establish/Maintain Documentation	Preventive
Require the system to identify and authenticate approved devices before establishing a connection. CC ID 01429 [Uniquely identify and authenticate [Assignment: organization-defined devices or types of devices] before establishing a system connection. 03.05.02 ¶ 1]	Testing	Preventive
Maintain a record of the challenge state during identification and authentication in an automated information exchange. CC ID 06629	Establish/Maintain Documentation	Preventive
Establish, implement, and maintain information flow control policies inside the system and between interconnected systems. CC ID 01410 [Enforce approved authorizations for controlling the flow of CUI within the system and between connected systems. 03.01.03 ¶ 1]	Establish/Maintain Documentation	Preventive
Define risk tolerance to illicit data flow for each type of information classification. CC ID 01923	Data and Information Management	Preventive
Establish, implement, and maintain a document printing policy. CC ID 14384	Establish/Maintain Documentation	Preventive
Include printing to personal printers during a continuity event in the document printing policy. CC ID 14396	Establish/Maintain Documentation	Preventive
Establish, implement, and maintain information flow procedures. CC ID 04542	Establish/Maintain Documentation	Preventive
Disclose non-privacy related restricted information after a court makes a determination the information is material to a court case. CC ID 06242	Data and Information Management	Preventive
Exchange non-privacy related restricted information with approved third parties if the information supports an approved activity. CC ID 06243	Data and Information Management	Preventive
Establish, implement, and maintain information exchange procedures. CC ID 11782 [Approve and manage the exchange of CUI between the system and other systems using [Selection (one or more): interconnection security agreements; information exchange security agreements; memoranda of understanding or agreement; service-level agreements; user agreements; non-disclosure agreements; other types of agreements]. 03.12.05 a. Approve and manage the exchange of CUI between the system and other systems using [Selection (one or more): interconnection security agreements; information exchange security agreements; memoranda of understanding or agreement; service-level agreements; user agreements; non-disclosure agreements; other types of agreements]. 03.12.05 a.]	Establish/Maintain Documentation	Preventive
Include the connected Information Technology assets in the information exchange procedures. CC ID 17025	Establish/Maintain Documentation	Preventive
Include connection termination procedures in the information exchange procedures. CC ID 17027	Establish/Maintain Documentation	Preventive
Include the data sensitivity levels in the information exchange procedures. CC ID 17024	Establish/Maintain Documentation	Preventive
Include communication requirements in the information exchange procedures. CC ID 17026	Establish/Maintain Documentation	Preventive
Include roles and responsibilities in the information exchange procedures. CC ID 17023	Establish/Maintain Documentation	Preventive
Include implementation procedures in the information exchange procedures. CC ID 17022	Establish/Maintain Documentation	Preventive
Include security controls in the information exchange procedures. CC ID 17021	Establish/Maintain Documentation	Preventive
Include testing procedures in the information exchange procedures. CC ID 17020	Establish/Maintain Documentation	Preventive
Include measurement criteria in the information exchange procedures. CC ID 17019	Establish/Maintain Documentation	Preventive
Include training requirements in the information exchange procedures. CC ID 17017	Establish/Maintain Documentation	Preventive
Test the information exchange procedures. CC ID 17115	Testing	Preventive
Perform content sanitization on data-in-transit. CC ID 16512	Data and Information Management	Preventive
Perform content conversion on data-in-transit. CC ID 16510	Data and Information Management	Preventive
Protect data from unauthorized access while transmitting between separate parts of the system. CC ID 16499	Data and Information Management	Preventive
Protect data from modification or loss while transmitting between separate parts of the system. CC ID 04554	Data and Information Management	Preventive
Protect data from unauthorized disclosure while transmitting between separate parts of the system. CC ID 11859	Data and Information Management	Preventive
Review and approve information exchange system connections. CC ID 07143	Technical Security	Preventive
Log issuers who send personal data in cleartext in the transfer audit log. CC ID 12312	Log Management	Preventive
Establish, implement, and maintain measures to detect and prevent the use of unsafe internet services. CC ID 13104	Technical Security	Preventive
Refrain from storing restricted data at unsafe Internet services or virtual servers. CC ID 13107	Technical Security	Preventive
Establish, implement, and maintain whitelists and blacklists of domain names. CC ID 07097	Establish/Maintain Documentation	Preventive
Revoke membership in the whitelist, as necessary. CC ID 13827	Establish/Maintain Documentation	Corrective
Deploy sender policy framework records in the organization's Domain Name Servers. CC ID 12183	Configuration	Preventive
Block uncategorized sites using URL filtering. CC ID 12140	Technical Security	Preventive
Subscribe to a URL categorization service to maintain website category definitions in the URL filter list. CC ID 12139	Technical Security	Detective
Establish, implement, and maintain whitelists and blacklists of web content. CC ID 15234	Data and Information Management	Preventive
Establish, implement, and maintain whitelists and blacklists of software. CC ID 11780 [Identify software programs authorized to execute on the system. 03.04.08 a. Review and update the list of authorized software programs [Assignment: organization-defined frequency]. 03.04.08 c.]	Establish/Maintain Documentation	Preventive
Implement information flow control policies when making decisions about information sharing or collaboration. CC ID 10094	Behavior	Preventive
Secure access to each system component operating system. CC ID 00551	Configuration	Preventive
Enforce privileged accounts and non-privileged accounts for system access. CC ID 00558 [Require that users (or roles) with privileged accounts use non-privileged accounts when accessing non-security functions or non-security information. 03.01.06 b. Prevent non-privileged users from executing privileged functions. 03.01.07 a.]	Technical Security	Preventive
Create a full text analysis on executed privileged functions. CC ID 06778	Monitor and Evaluate Occurrences	Detective
Control all methods of remote access and teleworking. CC ID 00559 [Authorize each type of remote system access prior to establishing such connections. 03.01.12 b. Authorize the remote execution of privileged commands and remote access to security-relevant information. 03.01.12 d.]	Technical Security	Preventive
Assign virtual escorting to authorized personnel. CC ID 16440	Process or Activity	Preventive
Establish, implement, and maintain a remote access and teleworking program. CC ID 04545 [Establish usage restrictions, configuration requirements, and connection requirements for each type of allowable remote system access. 03.01.12 a.]	Establish/Maintain Documentation	Preventive
Include information security requirements in the remote access and teleworking program. CC ID 15704	Establish/Maintain Documentation	Preventive
Refrain from allowing remote users to copy files to remote devices. CC ID 06792	Technical Security	Preventive
Control remote administration in accordance with organizational standards. CC ID 04459 [Authorize the remote execution of privileged commands and remote access to security-relevant information. 03.01.12 d.]	Configuration	Preventive
Scan the system to verify modems are disabled or removed, except the modems that are explicitly approved. CC ID 00560	Testing	Detective
Control remote access through a network access control. CC ID 01421 [Route remote access to the system through authorized and managed access control points. 03.01.12 c.]	Technical Security	Preventive
Install and maintain remote control software and other remote control mechanisms on critical systems. CC ID 06371	Configuration	Preventive
Prohibit remote access to systems processing cleartext restricted data or restricted information. CC ID 12324	Technical Security	Preventive
Employ multifactor authentication for remote access to the organization's network. CC ID 12505 [Implement multi-factor authentication and replay resistance in the establishment of nonlocal maintenance and diagnostic sessions. 03.07.05 b.]	Technical Security	Preventive
Implement multifactor authentication techniques. CC ID 00561 [{privileged accounts} Implement multi-factor authentication for access to privileged and non-privileged accounts. 03.05.03 ¶ 1]	Configuration	Preventive
Refrain from allowing individuals to self-enroll into multifactor authentication from untrusted devices. CC ID 17173	Technical Security	Preventive
Implement phishing-resistant multifactor authentication techniques. CC ID 16541	Technical Security	Preventive
Document and approve requests to bypass multifactor authentication. CC ID 15464	Establish/Maintain Documentation	Preventive
Limit the source addresses from which remote administration is performed. CC ID 16393	Technical Security	Preventive
Protect remote access accounts with encryption. CC ID 00562	Configuration	Preventive
Monitor and evaluate all remote access usage. CC ID 00563	Monitor and Evaluate Occurrences	Detective
Manage the use of encryption controls and cryptographic controls. CC ID 00570	Technical Security	Preventive
Employ cryptographic controls that comply with applicable requirements. CC ID 12491 [Implement the following types of cryptography to protect the confidentiality of CUI: [Assignment: organization-defined types of cryptography]. 03.13.11 ¶ 1]	Technical Security	Preventive
Establish, implement, and maintain cryptographic key management procedures. CC ID 00571 [Establish and manage cryptographic keys in the system in accordance with the following key management requirements: [Assignment: organization-defined requirements for key generation, distribution, storage, access, and destruction]. 03.13.10 ¶ 1]	Establish/Maintain Documentation	Preventive
Disseminate and communicate cryptographic key management procedures to interested personnel and affected parties. CC ID 13164	Communicate	Preventive
Bind keys to each identity. CC ID 12337	Technical Security	Preventive
Include recommended cryptographic key management procedures for cloud service providers in the cryptographic key management procedures. CC ID 13152	Establish/Maintain Documentation	Preventive
Include requesting cryptographic key types in the cryptographic key management procedures. CC ID 13151	Establish/Maintain Documentation	Preventive
Include cryptographic key expiration in the cryptographic key management procedures. CC ID 17079	Establish/Maintain Documentation	Preventive
Recover encrypted data for lost cryptographic keys, compromised cryptographic keys, or damaged cryptographic keys. CC ID 01301	Data and Information Management	Preventive
Generate strong cryptographic keys. CC ID 01299	Data and Information Management	Preventive
Generate unique cryptographic keys for each user. CC ID 12169	Technical Security	Preventive
Use approved random number generators for creating cryptographic keys. CC ID 06574	Data and Information Management	Preventive
Implement decryption keys so that they are not linked to user accounts. CC ID 06851	Technical Security	Preventive
Include the establishment of cryptographic keys in the cryptographic key management procedures. CC ID 06540	Establish/Maintain Documentation	Preventive
Disseminate and communicate cryptographic keys securely. CC ID 01300	Data and Information Management	Preventive
Control the input and output of cryptographic keys from a cryptographic module. CC ID 06541	Data and Information Management	Preventive
Store cryptographic keys securely. CC ID 01298	Data and Information Management	Preventive
Restrict access to cryptographic keys. CC ID 01297	Data and Information Management	Preventive
Store cryptographic keys in encrypted format. CC ID 06084	Data and Information Management	Preventive
Store key-encrypting keys and data-encrypting keys in different locations. CC ID 06085	Technical Security	Preventive
Include offsite backups of cryptographic keys in the cryptographic key management procedures. CC ID 13127	Establish/Maintain Documentation	Preventive
Change cryptographic keys in accordance with organizational standards. CC ID 01302	Data and Information Management	Preventive
Notify interested personnel and affected parties upon cryptographic key supersession. CC ID 17084	Communicate	Preventive
Destroy cryptographic keys promptly after the retention period. CC ID 01303	Data and Information Management	Preventive
Control cryptographic keys with split knowledge and dual control. CC ID 01304	Data and Information Management	Preventive
Prevent the unauthorized substitution of cryptographic keys. CC ID 01305	Data and Information Management	Preventive
Manage outdated cryptographic keys, compromised cryptographic keys, or revoked cryptographic keys. CC ID 06852	Technical Security	Preventive
Revoke old cryptographic keys or invalid cryptographic keys immediately. CC ID 01307	Data and Information Management	Corrective
Replace known or suspected compromised cryptographic keys immediately. CC ID 01306	Data and Information Management	Corrective
Archive outdated cryptographic keys. CC ID 06884	Data and Information Management	Preventive
Archive revoked cryptographic keys. CC ID 11819	Data and Information Management	Preventive
Require key custodians to sign the cryptographic key management policy. CC ID 01308	Establish/Maintain Documentation	Preventive
Require key custodians to sign the key custodian's roles and responsibilities. CC ID 11820	Human Resources Management	Preventive
Test cryptographic key management applications, as necessary. CC ID 04829	Testing	Detective
Manage the digital signature cryptographic key pair. CC ID 06576	Data and Information Management	Preventive
Establish, implement, and maintain requirements for Personal Identity Verification authentication certificates. CC ID 06587	Establish/Maintain Documentation	Preventive
Establish, implement, and maintain Public Key certificate application procedures. CC ID 07079	Establish/Maintain Documentation	Preventive
Establish a Registration Authority to support the Public Key Infrastructure. CC ID 15725	Establish Roles	Preventive
Include the Identification and Authentication of individuals or entities in the Public Key certificate application procedures. CC ID 07080	Establish/Maintain Documentation	Preventive
Include approving or rejecting Public Key certificate applications in the Public Key certificate application procedure. CC ID 07081	Establish/Maintain Documentation	Preventive
Include revocation of Public Key certificates in the Public Key certificate procedures. CC ID 07082	Establish/Maintain Documentation	Preventive
Publish revoked Public Key certificates in the Certificate Revocation List. CC ID 07089	Establish/Maintain Documentation	Preventive
Establish, implement, and maintain Public Key renewal or rekeying request procedures. CC ID 07083	Establish/Maintain Documentation	Preventive
Include identification and authentication in Public Key renewal or rekeying request procedures. CC ID 11816	Establish/Maintain Documentation	Preventive
Issue authentication mechanisms that support the Public Key Infrastructure. CC ID 07092	Technical Security	Preventive
Establish a Root Certification Authority to support the Public Key Infrastructure. CC ID 07084	Technical Security	Preventive
Establish, implement, and maintain Public Key certificate procedures. CC ID 07085	Establish/Maintain Documentation	Preventive
Include signing and issuing Public Key certificates in the Public Key certificate procedures. CC ID 11817	Establish/Maintain Documentation	Preventive
Include publishing Public Key certificates in the Public Key certificate procedures. CC ID 07087	Establish/Maintain Documentation	Preventive
Include access to issued Public Key certificates in the Public Key certificate procedures. CC ID 07086	Establish/Maintain Documentation	Preventive
Connect the Public Key Infrastructure to the organization's identity and access management system. CC ID 07091	Technical Security	Preventive
Archive Public Key certificate records according to organizational Records Management rules. CC ID 07090	Records Management	Preventive
Use strong data encryption to transmit in scope data or in scope information, as necessary. CC ID 00564 [Transmit passwords only over cryptographically protected channels. 03.05.07 c.]	Technical Security	Preventive
Ensure restricted data or restricted information are encrypted prior to or at the time of transmission. CC ID 01749 [Implement cryptographic mechanisms to prevent the unauthorized disclosure of CUI during transmission and while in storage. 03.13.08 ¶ 1]	Configuration	Preventive
Configure the encryption strength to be appropriate for the encryption methodology of the cryptographic controls. CC ID 12492	Technical Security	Preventive
Encrypt traffic over networks with trusted cryptographic keys. CC ID 12490	Technical Security	Preventive
Authorize transactions of data transmitted over public networks or shared data networks. CC ID 00566	Establish/Maintain Documentation	Preventive
Implement non-repudiation for transactions. CC ID 00567	Testing	Detective
Treat data messages that do not receive an acknowledgment as never been sent. CC ID 14416	Technical Security	Preventive
Establish trusted paths to transmit restricted data or restricted information over public networks or wireless networks. CC ID 00568	Technical Security	Preventive
Protect application services information transmitted over a public network from unauthorized modification. CC ID 12021	Technical Security	Preventive
Protect application services information transmitted over a public network from unauthorized disclosure. CC ID 12020	Technical Security	Preventive
Protect application services information transmitted over a public network from contract disputes. CC ID 12019	Technical Security	Preventive
Protect application services information transmitted over a public network from fraudulent activity. CC ID 12018	Technical Security	Preventive
Establish, implement, and maintain a malicious code protection program. CC ID 00574 [Configure malicious code protection mechanisms to: Block malicious code, quarantine malicious code, or take other mitigation actions in response to malicious code detection. 03.14.02 c.2. Configure malicious code protection mechanisms to: Block malicious code, quarantine malicious code, or take other mitigation actions in response to malicious code detection. 03.14.02 c.2. Configure malicious code protection mechanisms to: Block malicious code, quarantine malicious code, or take other mitigation actions in response to malicious code detection. 03.14.02 c.2.]	Establish/Maintain Documentation	Preventive
Disseminate and communicate the malicious code protection policy to all interested personnel and affected parties. CC ID 15485	Communicate	Preventive
Disseminate and communicate the malicious code protection procedures to all interested personnel and affected parties. CC ID 15484	Communicate	Preventive
Establish, implement, and maintain malicious code protection procedures. CC ID 15483	Establish/Maintain Documentation	Preventive
Establish, implement, and maintain a malicious code protection policy. CC ID 15478	Establish/Maintain Documentation	Preventive
Restrict downloading to reduce malicious code attacks. CC ID 04576	Behavior	Preventive
Install security and protection software, as necessary. CC ID 00575 [{entry points} Implement malicious code protection mechanisms at system entry and exit points to detect and eradicate malicious code. 03.14.02 a.]	Configuration	Preventive
Install and maintain container security solutions. CC ID 16178	Technical Security	Preventive
Scan for malicious code, as necessary. CC ID 11941 [Configure malicious code protection mechanisms to: Perform scans of the system [Assignment: organization-defined frequency] and real-time scans of files from external sources at endpoints or system entry and exit points as the files are downloaded, opened, or executed; and 03.14.02 c.1.]	Investigate	Detective
Test all removable storage media for viruses and malicious code. CC ID 11861 [{diagnostic programs} Check media with diagnostic and test programs for malicious code before it is used in the system. 03.07.04 b.]	Testing	Detective
Test all untrusted files or unverified files for viruses and malicious code. CC ID 01311	Testing	Detective
Remove malware when malicious code is discovered. CC ID 13691	Process or Activity	Corrective
Notify interested personnel and affected parties when malware is detected. CC ID 13689	Communicate	Corrective
Protect systems and devices from fragmentation based attacks and anomalies. CC ID 17058	Technical Security	Preventive
Protect the system against replay attacks. CC ID 04552 [{privileged accounts} Implement replay-resistant authentication mechanisms for access to privileged and non-privileged accounts. 03.05.04 ¶ 1 Implement multi-factor authentication and replay resistance in the establishment of nonlocal maintenance and diagnostic sessions. 03.07.05 b.]	Technical Security	Preventive
Define and assign roles and responsibilities for malicious code protection. CC ID 15474	Establish Roles	Preventive
Establish, implement, and maintain a malicious code outbreak recovery plan. CC ID 01310	Establish/Maintain Documentation	Corrective
Log and react to all malicious code activity. CC ID 07072	Monitor and Evaluate Occurrences	Detective
Analyze the behavior and characteristics of the malicious code. CC ID 10672	Technical Security	Detective
Incorporate the malicious code analysis into the patch management program. CC ID 10673	Technical Security	Corrective
Lock antivirus configurations. CC ID 10047	Configuration	Preventive
Establish, implement, and maintain a virtual environment and shared resources security program. CC ID 06551	Establish/Maintain Documentation	Preventive
Establish, implement, and maintain a shared resources management program. CC ID 07096 [Prevent unauthorized and unintended information transfer via shared system resources. 03.13.04 ¶ 1]	Establish/Maintain Documentation	Preventive
Maintain ownership of all shared resources. CC ID 12180	Business Processes	Preventive
Employ resource-isolation mechanisms in virtual environments. CC ID 12178	Configuration	Preventive

Third Party and supply chain oversight

Mandated - bold Implied - italic Implementation - regular	TYPE	CLASS
KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term
Third Party and supply chain oversight CC ID 08807	IT Impact Zone	IT Impact Zone
Establish, implement, and maintain a supply chain management program. CC ID 11742	Establish/Maintain Documentation	Preventive
Formalize client and third party relationships with contracts or nondisclosure agreements. CC ID 00794	Process or Activity	Detective
Establish, implement, and maintain information flow agreements with all third parties. CC ID 04543 [Permit authorized individuals to use external systems to access the organizational system or to process, store, or transmit CUI only after: Retaining approved system connection or processing agreements with the organizational entities hosting the external systems. 03.01.20 c.2. Approve and manage the exchange of CUI between the system and other systems using [Selection (one or more): interconnection security agreements; information exchange security agreements; memoranda of understanding or agreement; service-level agreements; user agreements; non-disclosure agreements; other types of agreements]. 03.12.05 a. Approve and manage the exchange of CUI between the system and other systems using [Selection (one or more): interconnection security agreements; information exchange security agreements; memoranda of understanding or agreement; service-level agreements; user agreements; non-disclosure agreements; other types of agreements]. 03.12.05 a.]	Establish/Maintain Documentation	Preventive
Include the purpose in the information flow agreement. CC ID 17016	Establish/Maintain Documentation	Preventive
Include the type of information being transmitted in the information flow agreement. CC ID 14245 [Document interface characteristics, security requirements, and responsibilities for each system as part of the exchange agreements. 03.12.05 b.]	Establish/Maintain Documentation	Preventive
Include the costs in the information flow agreement. CC ID 17018	Establish/Maintain Documentation	Preventive
Include the security requirements in the information flow agreement. CC ID 14244 [Document interface characteristics, security requirements, and responsibilities for each system as part of the exchange agreements. 03.12.05 b.]	Establish/Maintain Documentation	Preventive
Include the interface characteristics in the information flow agreement. CC ID 14240 [Document interface characteristics, security requirements, and responsibilities for each system as part of the exchange agreements. 03.12.05 b.]	Establish/Maintain Documentation	Preventive
Include a description of the data or information to be covered in third party contracts. CC ID 06510 [Approve and manage the exchange of CUI between the system and other systems using [Selection (one or more): interconnection security agreements; information exchange security agreements; memoranda of understanding or agreement; service-level agreements; user agreements; non-disclosure agreements; other types of agreements]. 03.12.05 a.]	Establish/Maintain Documentation	Preventive
Include text about access, use, disclosure, and transfer of data or information in third party contracts. CC ID 11610	Business Processes	Preventive
Include text about data ownership in third party contracts. CC ID 06502	Establish/Maintain Documentation	Preventive
Include third party acknowledgment of their data protection responsibilities in third party contracts. CC ID 01364	Testing	Detective
Include auditing third party security controls and compliance controls in third party contracts. CC ID 01366 [Implement processes, methods, and techniques to monitor security requirement compliance by external service providers on an ongoing basis. 03.16.03 c.]	Testing	Detective
Establish, implement, and maintain Service Level Agreements with the organization's supply chain. CC ID 00838 [Approve and manage the exchange of CUI between the system and other systems using [Selection (one or more): interconnection security agreements; information exchange security agreements; memoranda of understanding or agreement; service-level agreements; user agreements; non-disclosure agreements; other types of agreements]. 03.12.05 a.]	Process or Activity	Preventive
Monitor and report on the efficacy of all Service Level Agreements using a Service Level Agreement Monitoring Chart or equivalent. CC ID 00842	Establish/Maintain Documentation	Detective
Include the responsible party for managing complaints in third party contracts. CC ID 10022	Establish Roles	Preventive
Approve all Service Level Agreements. CC ID 00843 [Review and update the exchange agreements [Assignment: organization-defined frequency]. 03.12.05 c.]	Establish/Maintain Documentation	Detective
Track all chargeable items in Service Level Agreements. CC ID 11616	Business Processes	Detective
Document all chargeable items in Service Level Agreements. CC ID 00844	Establish/Maintain Documentation	Detective
Enforce third party Service Level Agreements, as necessary. CC ID 07098	Business Processes	Corrective
Include risk management procedures in the supply chain management policy. CC ID 08811 [Enforce the following security requirements to protect against supply chain risks to the system, system components, or system services and to limit the harm or consequences from supply chain-related events: [Assignment: organization-defined security requirements]. 03.17.03 b.]	Establish/Maintain Documentation	Preventive
Perform risk assessments of third parties, as necessary. CC ID 06454	Testing	Detective
Include a determination on the impact of services provided by third-party service providers in the supply chain risk assessment report. CC ID 17187	Establish/Maintain Documentation	Preventive
Include a determination of the complexity of the third party relationships in the supply chain risk assessment. CC ID 10024	Business Processes	Preventive
Include a determination of financial benefits over actual costs of third party relationships in the supply chain risk assessment report. CC ID 10025	Establish/Maintain Documentation	Preventive
Include a determination of how third party relationships affect strategic initiatives in the supply chain risk assessment report. CC ID 10026	Establish/Maintain Documentation	Preventive
Include a determination if the third party relationship will affect employees in the supply chain risk assessment report. CC ID 10027	Business Processes	Preventive
Include a determination of customer interactions with third parties in the supply chain risk assessment report. CC ID 10028	Establish/Maintain Documentation	Preventive
Include a determination on the risks third parties pose to Information Security in the supply chain risk assessment report. CC ID 10029	Establish/Maintain Documentation	Preventive
Re-evaluate risk assessments of third parties, as necessary. CC ID 12158	Audits and Risk Management	Detective
Conduct all parts of the supply chain due diligence process. CC ID 08854	Business Processes	Preventive
Include a provision in outsourcing contracts that requires supply chain members' security requirements comply with organizational security requirements. CC ID 00359 [Require the providers of external system services used for the processing, storage, or transmission of CUI to comply with the following security requirements: [Assignment: organization-defined security requirements]. 03.16.03 a.]	Testing	Detective
Include a requirement in outsourcing contracts that supply chain members must implement security controls to protect information. CC ID 13353	Establish/Maintain Documentation	Preventive
Assess third parties' compliance environment during due diligence. CC ID 13134	Process or Activity	Detective
Request attestation of compliance from third parties. CC ID 12067	Establish/Maintain Documentation	Detective
Document the third parties compliance with the organization's system hardening framework. CC ID 04263 [Permit authorized individuals to use external systems to access the organizational system or to process, store, or transmit CUI only after: Verifying that the security requirements on the external systems as specified in the organization’s system security plans have been satisfied and 03.01.20 c.1.]	Technical Security	Detective

Common Controls and
mandates by Type 253 Mandated Controls - bold
149 Implied Controls - italic 1753 Implementation

Number of Controls

2155 Total

Acquisition/Sale of Assets or Services

Mandated - bold Implied - italic Implementation - regular	IMPACT ZONE	CLASS
KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term
Prohibit the sale or transfer of a debt caused by identity theft. CC ID 16983	Monitoring and measurement	Preventive
Implement automated audit tools. CC ID 04882	Monitoring and measurement	Preventive
Plan for acquiring facilities, technology, or services. CC ID 06892	Acquisition or sale of facilities, technology, and services	Preventive

Actionable Reports or Measurements

Mandated - bold Implied - italic Implementation - regular	IMPACT ZONE	CLASS
KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term
Refrain from including restricted information in the incident response notification. CC ID 16806	Operational management	Preventive
Document the results of incident response tests and provide them to senior management. CC ID 14857	Operational management	Preventive

Audits and Risk Management

Mandated - bold Implied - italic Implementation - regular	IMPACT ZONE	CLASS
KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term
Address operational anomalies within the incident management system. CC ID 11633	Monitoring and measurement	Preventive
Establish, implement, and maintain an Identity Theft Prevention Program. CC ID 11634	Monitoring and measurement	Preventive
Compile the event logs of multiple components into a system-wide time-correlated audit trail. CC ID 01424 [Analyze and correlate audit records across different repositories to gain organization-wide situational awareness. 03.03.05 c.]	Monitoring and measurement	Preventive
Verify segmentation controls are operational and effective. CC ID 12545	Monitoring and measurement	Detective
Audit in scope audit items and compliance documents. CC ID 06730	Audits and risk management	Preventive
Review incident management audit logs to determine the effectiveness of in scope controls. CC ID 12157	Audits and risk management	Detective
Review audit reports to determine the effectiveness of in scope controls. CC ID 12156	Audits and risk management	Detective
Observe processes to determine the effectiveness of in scope controls. CC ID 12155	Audits and risk management	Detective
Interview stakeholders to determine the effectiveness of in scope controls. CC ID 12154	Audits and risk management	Detective
Review policies and procedures to determine the effectiveness of in scope controls. CC ID 12144	Audits and risk management	Detective
Evaluate personnel status changes to determine the effectiveness of in scope controls. CC ID 16556	Audits and risk management	Detective
Determine whether individuals performing a control have the appropriate staff qualifications, staff clearances, and staff competencies. CC ID 16555	Audits and risk management	Detective
Approve the results of the risk assessment as documented in the risk assessment report. CC ID 07109	Audits and risk management	Preventive
Review risks to the organization's audit function when changes in the supply chain occur. CC ID 01154	Audits and risk management	Preventive
Review the risk to the audit function when the audit personnel status changes. CC ID 01153	Audits and risk management	Preventive
Conduct external audits of risk assessments, as necessary. CC ID 13308	Audits and risk management	Detective
Configure firewalls to generate an audit log. CC ID 12038	Technical security	Preventive
Audit the configuration of organizational assets, as necessary. CC ID 13653 [Monitor and review activities associated with configuration-controlled changes to the system. 03.04.03 d.]	System hardening through configuration management	Detective
Audit assets after maintenance was performed. CC ID 13657	System hardening through configuration management	Detective
Re-evaluate risk assessments of third parties, as necessary. CC ID 12158	Third Party and supply chain oversight	Detective

Behavior

Mandated - bold Implied - italic Implementation - regular	IMPACT ZONE	CLASS
KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term
Disseminate and communicate compliance documents to all interested personnel and affected parties. CC ID 06282 [Develop, document, and disseminate to organizational personnel or roles the policies and procedures needed to satisfy the security requirements for the protection of CUI. 03.15.01 a.]	Leadership and high level objectives	Preventive
Disseminate and communicate any compliance document changes when the documents are updated to interested personnel and affected parties. CC ID 06283	Leadership and high level objectives	Preventive
Establish, implement, and maintain a testing program. CC ID 00654 [Develop and implement a system-level continuous monitoring strategy that includes ongoing monitoring and security assessments. 03.12.03 ¶ 1]	Monitoring and measurement	Preventive
Obtain the data subject's consent to participate in testing in real-world conditions. CC ID 17232	Monitoring and measurement	Preventive
Establish, implement, and maintain a penetration test program. CC ID 01105	Monitoring and measurement	Preventive
Notify the interested personnel and affected parties after the failure of an automated security test. CC ID 06748	Monitoring and measurement	Corrective
Revoke asset access when a personnel status change occurs or an individual is terminated. CC ID 00516	Technical security	Corrective
Review and update accounts and access rights when notified of personnel status changes. CC ID 00788 [When individuals are reassigned or transferred to other positions in the organization: Review and confirm the ongoing operational need for current logical and physical access authorizations to the system and facility, and 03.09.02 b.1. When individuals are reassigned or transferred to other positions in the organization: Modify access authorization to correspond with any changes in operational need. 03.09.02 b.2.]	Technical security	Corrective
Implement information flow control policies when making decisions about information sharing or collaboration. CC ID 10094	Technical security	Preventive
Restrict downloading to reduce malicious code attacks. CC ID 04576	Technical security	Preventive
Disseminate and communicate the right of the organization to search visitors while at the facility. CC ID 06702	Physical and environmental protection	Preventive
Manage constituent identification inside the facility. CC ID 02215	Physical and environmental protection	Preventive
Issue visitor identification badges to all non-employees. CC ID 00543	Physical and environmental protection	Preventive
Retrieve visitor identification badges prior to the exit of a visitor from the facility. CC ID 01331	Physical and environmental protection	Preventive
Require all visitors to sign out of the visitor log before the exit of a visitor from the facility. CC ID 06649	Physical and environmental protection	Preventive
Require removable storage media be in the custody of an authorized individual. CC ID 12319	Physical and environmental protection	Preventive
Require the return of all assets upon notification an individual is terminated. CC ID 06679 [When individual employment is terminated: Retrieve security-related system property. 03.09.02 a.3.]	Physical and environmental protection	Preventive
Notify all interested personnel and affected parties when personnel status changes or an individual is terminated. CC ID 06677 [Notify account managers and designated personnel or roles within: [Assignment: organization-defined time period] when accounts are no longer required. 03.01.01 g.1. Notify account managers and designated personnel or roles within: [Assignment: organization-defined time period] when users are terminated or transferred. 03.01.01 g.2. Notify account managers and designated personnel or roles within: [Assignment: organization-defined time period] when system usage or the need-to-know changes for an individual. 03.01.01 g.3.]	Human Resources management	Preventive
Train all personnel and third parties, as necessary. CC ID 00785 [Train authorized individuals to ensure that publicly accessible information does not contain CUI. 03.01.22 a.]	Human Resources management	Preventive
Retrain all personnel, as necessary. CC ID 01362 [{security training} Provide security literacy training to system users: When required by system changes or following [Assignment: organization-defined events], and 03.02.01 a.2. Provide role-based security training to organizational personnel: When required by system changes or following [Assignment: organization-defined events]. 03.02.02 a.2.]	Human Resources management	Preventive
Tailor training to meet published guidance on the subject being taught. CC ID 02217	Human Resources management	Preventive
Tailor training to be taught at each person's level of responsibility. CC ID 06674 [Provide role-based security training to organizational personnel: Before authorizing access to the system or CUI, before performing assigned duties, and [Assignment: organization-defined frequency] thereafter 03.02.02 a.1.]	Human Resources management	Preventive
Conduct cross-training or staff backup training to minimize dependency on critical individuals. CC ID 00786	Human Resources management	Preventive
Use automated mechanisms in the training environment, where appropriate. CC ID 06752	Human Resources management	Preventive
Conduct Archives and Records Management training. CC ID 00975	Human Resources management	Preventive
Disseminate and communicate the security awareness program to all interested personnel and affected parties. CC ID 00823	Human Resources management	Preventive
Train all personnel and third parties on how to recognize and report security incidents. CC ID 01211 [{security training} Provide security literacy training to system users: On recognizing and reporting indicators of insider threat, social engineering, and social mining. 03.02.01 a.3.]	Human Resources management	Preventive
Conduct secure coding and development training for developers. CC ID 06822	Human Resources management	Corrective
Conduct crime prevention training. CC ID 06350	Human Resources management	Preventive
Maintain contact with the device manufacturer or component manufacturer for maintenance requests. CC ID 06388	Operational management	Preventive
Respond to all alerts from security systems in a timely manner. CC ID 06434	Operational management	Corrective
Share data loss event information with the media. CC ID 01759	Operational management	Corrective
Report to breach notification organizations the time frame in which the organization will send data loss event notifications to interested personnel and affected parties. CC ID 04731	Operational management	Corrective
Notify interested personnel and affected parties of the privacy breach that affects their personal data. CC ID 00365	Operational management	Corrective
Determine whether or not incident response notifications are necessary during the privacy breach investigation. CC ID 00801	Operational management	Detective
Delay sending incident response notifications under predetermined conditions. CC ID 00804	Operational management	Corrective
Avoid false positive incident response notifications. CC ID 04732	Operational management	Detective
Send paper incident response notifications to affected parties, as necessary. CC ID 00366	Operational management	Corrective
Determine if a substitute incident response notification is permitted if notifying affected parties. CC ID 00803	Operational management	Corrective
Use a substitute incident response notification to notify interested personnel and affected parties of the privacy breach that affects their personal data. CC ID 00368	Operational management	Corrective
Telephone incident response notifications to affected parties, as necessary. CC ID 04650	Operational management	Corrective
Send electronic substitute incident response notifications to affected parties, as necessary. CC ID 04747	Operational management	Preventive
Send substitute incident response notifications to breach notification organizations, as necessary. CC ID 04750	Operational management	Preventive
Publish the incident response notification in a general circulation periodical. CC ID 04651	Operational management	Corrective
Publish the substitute incident response notification in a general circulation periodical, as necessary. CC ID 04769	Operational management	Preventive
Send electronic incident response notifications to affected parties, as necessary. CC ID 00367	Operational management	Corrective
Disseminate and communicate proposed changes to all interested personnel and affected parties. CC ID 06807	Operational management	Preventive
Disseminate and communicate software update information to users and regulators. CC ID 06602	Operational management	Preventive
Notify affected parties to keep authenticators confidential. CC ID 06787	System hardening through configuration management	Preventive
Discourage affected parties from recording authenticators. CC ID 06788	System hardening through configuration management	Preventive
Train BlackBerry handheld device users on the Bluetooth Smart Card Reader's proper usage. CC ID 04603	System hardening through configuration management	Preventive

Business Processes

Mandated - bold Implied - italic Implementation - regular	IMPACT ZONE	CLASS
KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term
Establish, implement, and maintain a reporting methodology program. CC ID 02072	Leadership and high level objectives	Preventive
Correct errors and deficiencies in a timely manner. CC ID 13501 [Identify, report, and correct system flaws. 03.14.01 a.]	Leadership and high level objectives	Corrective
Assess the impact of changes to organizational policies, standards, and procedures, as necessary. CC ID 14824	Leadership and high level objectives	Preventive
Review the compliance exceptions in the exceptions document, as necessary. CC ID 01632	Leadership and high level objectives	Preventive
Implement a fraud detection system. CC ID 13081	Monitoring and measurement	Preventive
Approve the system security plan. CC ID 14241	Monitoring and measurement	Preventive
Employ an approved third party to perform external vulnerability scans on the organization's systems. CC ID 12467	Monitoring and measurement	Preventive
Accept the attestation engagement when all preconditions are met. CC ID 13933	Audits and risk management	Preventive
Maintain ownership of all shared resources. CC ID 12180	Technical security	Preventive
Include an appeal process in the identification issuance procedures. CC ID 15428	Physical and environmental protection	Preventive
Charge a fee for replacement of identification cards or badges, as necessary. CC ID 17001	Physical and environmental protection	Preventive
Transport restricted media using a delivery method that can be tracked. CC ID 11777	Physical and environmental protection	Preventive
Obtain management approval prior to decommissioning assets. CC ID 17269	Physical and environmental protection	Preventive
Require users to refrain from leaving mobile devices unattended. CC ID 16446	Physical and environmental protection	Preventive
Establish, implement, and maintain an education methodology. CC ID 06671	Human Resources management	Preventive
Establish, implement, and maintain an occupational health and safety management system. CC ID 16201	Human Resources management	Preventive
Establish, implement, and maintain an Asset Management program. CC ID 06630	Operational management	Preventive
Establish, implement, and maintain an asset inventory. CC ID 06631 [Develop and document an inventory of system components. 03.04.10 a. Review and update the system component inventory [Assignment: organization-defined frequency]. 03.04.10 b. Update the system component inventory as part of installations, removals, and system updates. 03.04.10 c.]	Operational management	Preventive
Obtain approval before removing maintenance tools from the facility. CC ID 14298	Operational management	Preventive
Establish, implement, and maintain an Incident Management program. CC ID 00853 [Implement an incident-handling capability that is consistent with the incident response plan and includes preparation, detection and analysis, containment, eradication, and recovery. 03.06.01 ¶ 1]	Operational management	Preventive
Establish, implement, and maintain an anti-money laundering program. CC ID 13675	Operational management	Detective
Remediate security violations according to organizational standards. CC ID 12338 [Implement an incident-handling capability that is consistent with the incident response plan and includes preparation, detection and analysis, containment, eradication, and recovery. 03.06.01 ¶ 1]	Operational management	Preventive
Refrain from charging for providing incident response notifications. CC ID 13876	Operational management	Preventive
Offer identity theft prevention services or identity theft mitigation services at no cost to the affected parties. CC ID 13766	Operational management	Corrective
Eradicate the cause of the incident after the incident has been contained. CC ID 01757	Operational management	Corrective
Manage change requests. CC ID 00887 [Review proposed configuration-controlled changes to the system, and approve or disapprove such changes with explicit consideration for security impacts. 03.04.03 b.]	Operational management	Preventive
Examine all changes to ensure they correspond with the change request. CC ID 12345	Operational management	Detective
Implement changes according to the change control program. CC ID 11776 [Implement and document approved configuration-controlled changes to the system. 03.04.03 c.]	Operational management	Preventive
Prioritize deploying patches according to vulnerability risk metrics. CC ID 06796	Operational management	Preventive
Mitigate the adverse effects of unauthorized changes. CC ID 12244	Operational management	Corrective
Establish, implement, and maintain configuration control and Configuration Status Accounting. CC ID 00863 [Establish usage restrictions, configuration requirements, and connection requirements for each type of wireless access to the system. 03.01.16 a.]	System hardening through configuration management	Preventive
Change the authenticator for shared accounts when the group membership changes. CC ID 14249	System hardening through configuration management	Corrective
Review the information that the organization collects, processes, and stores, as necessary. CC ID 12988	Records management	Detective
Include text about access, use, disclosure, and transfer of data or information in third party contracts. CC ID 11610	Third Party and supply chain oversight	Preventive
Track all chargeable items in Service Level Agreements. CC ID 11616	Third Party and supply chain oversight	Detective
Enforce third party Service Level Agreements, as necessary. CC ID 07098	Third Party and supply chain oversight	Corrective
Include a determination of the complexity of the third party relationships in the supply chain risk assessment. CC ID 10024	Third Party and supply chain oversight	Preventive
Include a determination if the third party relationship will affect employees in the supply chain risk assessment report. CC ID 10027	Third Party and supply chain oversight	Preventive
Conduct all parts of the supply chain due diligence process. CC ID 08854	Third Party and supply chain oversight	Preventive

Communicate

Mandated - bold Implied - italic Implementation - regular	IMPACT ZONE	CLASS
KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term
Disseminate and communicate emerging threats to all interested personnel and affected parties. CC ID 12185 [Generate and disseminate internal system security alerts, advisories, and directives, as necessary. 03.14.03 b.]	Leadership and high level objectives	Preventive
Disseminate and communicate updated guidance documentation to interested personnel and affected parties upon discovery of a new threat. CC ID 12191	Leadership and high level objectives	Corrective
Disseminate and communicate the organization’s policies, standards, and procedures to all interested personnel and affected parties. CC ID 12901	Leadership and high level objectives	Preventive
Disseminate and communicate compliance exceptions to interested personnel and affected parties. CC ID 16945	Leadership and high level objectives	Preventive
Report errors and faults to the appropriate personnel, as necessary. CC ID 14296 [Identify, report, and correct system flaws. 03.14.01 a.]	Monitoring and measurement	Corrective
Disseminate and communicate information to customers about clock synchronization methods used by the organization. CC ID 13044	Monitoring and measurement	Preventive
Disseminate and communicate the system security plan to interested personnel and affected parties. CC ID 14275	Monitoring and measurement	Preventive
Disseminate and communicate the security assessment and authorization policy to interested personnel and affected parties. CC ID 14218	Monitoring and measurement	Preventive
Disseminate and communicate security assessment and authorization procedures to interested personnel and affected parties. CC ID 14224	Monitoring and measurement	Preventive
Notify interested personnel and affected parties prior to performing testing. CC ID 17034	Monitoring and measurement	Preventive
Share conformity assessment results with affected parties and interested personnel. CC ID 15113	Monitoring and measurement	Preventive
Notify affected parties and interested personnel of technical documentation assessment certificates that have been issued. CC ID 15112	Monitoring and measurement	Preventive
Notify affected parties and interested personnel of technical documentation assessment certificates that have been refused, withdrawn, suspended or restricted. CC ID 15111	Monitoring and measurement	Preventive
Disseminate and communicate the testing program to all interested personnel and affected parties. CC ID 11871	Monitoring and measurement	Preventive
Disseminate and communicate the vulnerability scan results to interested personnel and affected parties. CC ID 16418	Monitoring and measurement	Preventive
Disseminate and communicate the test results to interested personnel and affected parties. CC ID 17103	Monitoring and measurement	Preventive
Disseminate and communicate the approved risk assessment report to interested personnel and affected parties. CC ID 10633	Audits and risk management	Preventive
Notify the organization upon completion of the external audits of the organization's risk assessment. CC ID 13313	Audits and risk management	Preventive
Disseminate and communicate the supply chain risk management procedures to all interested personnel and affected parties. CC ID 14712	Audits and risk management	Preventive
Notify appropriate parties when the maximum number of unsuccessful logon attempts is exceeded. CC ID 17164 [Automatically [Selection (one or more): lock the account or node for an [Assignment: organization-defined time period]; lock the account or node until released by an administrator; delay next logon prompt; notify system administrator; take other action] when the maximum number of unsuccessful attempts is exceeded. 03.01.08 b.]	Technical security	Preventive
Notify the user when an authentication is attempted using an expired authenticator. CC ID 13818	Technical security	Corrective
Notify interested personnel when user accounts are added or deleted. CC ID 14327	Technical security	Detective
Disseminate and communicate the access control log to interested personnel and affected parties. CC ID 16442	Technical security	Preventive
Disseminate and communicate the network security policy to interested personnel and affected parties. CC ID 14199	Technical security	Preventive
Disseminate and communicate the system and communications protection procedures to interested personnel and affected parties. CC ID 14206	Technical security	Preventive
Disseminate and communicate network diagrams to interested personnel and affected parties. CC ID 13137	Technical security	Preventive
Disseminate and communicate the data flow diagrams to interested personnel and affected parties. CC ID 16407	Technical security	Preventive
Authorize the disclosure of private Internet Protocol addresses and routing information to external entities. CC ID 12034	Technical security	Preventive
Disseminate and communicate the protocols, ports, applications, and services list to interested personnel and affected parties. CC ID 17089	Technical security	Preventive
Disseminate and communicate cryptographic key management procedures to interested personnel and affected parties. CC ID 13164	Technical security	Preventive
Notify interested personnel and affected parties upon cryptographic key supersession. CC ID 17084	Technical security	Preventive
Disseminate and communicate the malicious code protection policy to all interested personnel and affected parties. CC ID 15485	Technical security	Preventive
Disseminate and communicate the malicious code protection procedures to all interested personnel and affected parties. CC ID 15484	Technical security	Preventive
Notify interested personnel and affected parties when malware is detected. CC ID 13689	Technical security	Corrective
Assign the data processor to notify the data controller when personal data processing could infringe on regulations. CC ID 12617	Human Resources management	Preventive
Disseminate and communicate the security awareness and training procedures to interested personnel and affected parties. CC ID 14138	Human Resources management	Preventive
Disseminate and communicate the Acceptable Use Policy to all interested personnel and affected parties. CC ID 12431 [Provide rules to individuals who require access to the system. 03.15.03 b.]	Operational management	Preventive
Disseminate and communicate nondisclosure agreements to interested personnel and affected parties. CC ID 16191	Operational management	Preventive
Disseminate and communicate the incident management policy to interested personnel and affected parties. CC ID 16885	Operational management	Preventive
Notify interested personnel and affected parties of an extortion payment in the event of a cybersecurity event. CC ID 16539	Operational management	Preventive
Notify interested personnel and affected parties of the reasons for the extortion payment, along with any alternative solutions. CC ID 16538	Operational management	Preventive
Report to breach notification organizations the reasons for a delay in sending breach notifications. CC ID 16797	Operational management	Preventive
Report to breach notification organizations the distribution list to which the organization will send data loss event notifications. CC ID 16782	Operational management	Preventive
Submit written requests to delay the notification of affected parties. CC ID 16783	Operational management	Preventive
Provide enrollment information for identity theft prevention services or identity theft mitigation services. CC ID 13767	Operational management	Corrective
Include a copy of the incident response notification in breach notifications, as necessary. CC ID 13085	Operational management	Preventive
Notify interested personnel and affected parties of the privacy breach about any recovered restricted data. CC ID 13347	Operational management	Corrective
Establish, implement, and maintain incident reporting time frame standards. CC ID 12142	Operational management	Preventive
Provide customer security advice, as necessary. CC ID 13674 [Provide an incident response support resource that offers advice and assistance to system users on handling and reporting incidents. 03.06.02 d.]	Operational management	Preventive
Use simple understandable language when providing customer security advice. CC ID 13685	Operational management	Preventive
Disseminate and communicate to customers the risks associated with transaction limits. CC ID 13686	Operational management	Preventive
Notify interested personnel and affected parties that a security breach was detected. CC ID 11788	Operational management	Corrective
Assign the distribution of incident response procedures to the appropriate role in the incident response program. CC ID 12474	Operational management	Preventive
Include risk information when communicating critical security updates. CC ID 14948	System hardening through configuration management	Preventive

Configuration

636

Mandated - bold Implied - italic Implementation - regular	IMPACT ZONE	CLASS
KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term
Document the event information to be logged in the event information log specification. CC ID 00639 [Specify the following event types selected for logging within the system: [Assignment: organization-defined event types]. 03.03.01 a.]	Monitoring and measurement	Preventive
Synchronize system clocks to an accurate and universal time source on all devices. CC ID 01340 [Use internal system clocks to generate time stamps for audit records. 03.03.07 a.]	Monitoring and measurement	Preventive
Centralize network time servers to as few as practical. CC ID 06308	Monitoring and measurement	Preventive
Deny network access to rogue devices until network access approval has been received. CC ID 11852	Monitoring and measurement	Preventive
Isolate rogue devices after a rogue device has been detected. CC ID 07061	Monitoring and measurement	Corrective
Update the vulnerability scanners' vulnerability list. CC ID 10634 [Update system vulnerabilities to be scanned [Assignment: organization-defined frequency] and when new vulnerabilities are identified and reported. 03.11.02 c.]	Monitoring and measurement	Corrective
Test in scope systems for compliance with the Configuration Baseline Documentation Record. CC ID 12130	Monitoring and measurement	Detective
Disallow the use of payment applications when a vulnerability scan report indicates vulnerabilities are present. CC ID 12188	Monitoring and measurement	Corrective
Match user accounts to authorized parties. CC ID 12126	Technical security	Detective
Configure access control lists in accordance with organizational standards. CC ID 16465	Technical security	Preventive
Disallow application IDs from running as privileged users. CC ID 10050	Technical security	Detective
Separate processing domains to segregate user privileges and enhance information flow control. CC ID 06767	Technical security	Preventive
Configure the lockout procedure to disregard failed logon attempts after the user is authenticated. CC ID 13822	Technical security	Preventive
Establish, implement, and maintain session lock capabilities. CC ID 01417 [Prevent access to the system by [Selection (one or more): initiating a device lock after [Assignment: organization-defined time period] of inactivity; requiring the user to initiate a device lock before leaving the system unattended]. 03.01.10 a.]	Technical security	Preventive
Limit concurrent sessions according to account type. CC ID 01416	Technical security	Preventive
Configure the "tlsverify" argument to organizational standards. CC ID 14460	Technical security	Preventive
Configure the "tlscacert" argument to organizational standards. CC ID 14521	Technical security	Preventive
Configure the "tlscert" argument to organizational standards. CC ID 14520	Technical security	Preventive
Configure the "tlskey" argument to organizational standards. CC ID 14519	Technical security	Preventive
Enable access control for objects and users on each system. CC ID 04553	Technical security	Preventive
Display previous logon information in the logon banner. CC ID 01415	Technical security	Preventive
Encrypt files and move them to a secure file server when a user account is disabled. CC ID 07065	Technical security	Preventive
Grant access to authorized personnel or systems. CC ID 12186 [Authorize access to the system based on: A valid access authorization and 03.01.01 d.1. Authorize access to [Assignment: organization-defined security functions] and [Assignment: organization-defined security-relevant information]. 03.01.05 b.]	Technical security	Preventive
Assign authentication mechanisms for user account authentication. CC ID 06856	Technical security	Preventive
Prohibit systems from connecting directly to external networks. CC ID 08709	Technical security	Preventive
Place firewalls between security domains and between any Demilitarized Zone and internal network zones. CC ID 01274	Technical security	Preventive
Place firewalls between wireless networks and applications or databases that contain restricted data or restricted information. CC ID 01293	Technical security	Preventive
Place firewalls between all security domains and between any secure subnet and internal network zones. CC ID 11784	Technical security	Preventive
Establish, implement, and maintain a firewall and router configuration standard. CC ID 00541	Technical security	Preventive
Deny or strictly control wireless traffic to applications or databases that contain restricted data or restricted information. CC ID 11847	Technical security	Preventive
Configure network ports to organizational standards. CC ID 14007	Technical security	Preventive
Install and configure firewalls to be enabled on all mobile devices, if possible. CC ID 00550	Technical security	Preventive
Configure network access and control points to protect restricted information and restricted functions. CC ID 01284	Technical security	Preventive
Configure security alerts in firewalls to include the source Internet protocol address and destination Internet protocol address associated with long sessions. CC ID 12174	Technical security	Detective
Configure firewalls to deny all traffic by default, except explicitly designated traffic. CC ID 00547 [Deny network communications traffic by default, and allow network communications traffic by exception. 03.13.06 ¶ 1]	Technical security	Preventive
Allow local program exceptions on the firewall, as necessary. CC ID 01956	Technical security	Preventive
Allow remote administration exceptions on the firewall, as necessary. CC ID 01957	Technical security	Preventive
Allow file sharing exceptions on the firewall, as necessary. CC ID 01958	Technical security	Preventive
Allow printer sharing exceptions on the firewall, as necessary. CC ID 11849	Technical security	Preventive
Allow Internet Control Message Protocol exceptions on the firewall, as necessary. CC ID 01959	Technical security	Preventive
Allow Remote Desktop Connection exceptions on the firewall, as necessary. CC ID 01960	Technical security	Preventive
Allow UPnP framework exceptions on the firewall, as necessary. CC ID 01961	Technical security	Preventive
Allow notification exceptions on the firewall, as necessary. CC ID 01962	Technical security	Preventive
Allow unicast response to multicast or broadcast exceptions on the firewall, as necessary. CC ID 01964	Technical security	Preventive
Allow protocol port exceptions on the firewall, as necessary. CC ID 01965	Technical security	Preventive
Allow local port exceptions on the firewall, as necessary. CC ID 01966	Technical security	Preventive
Establish, implement, and maintain internet protocol address filters on the firewall, as necessary CC ID 01287	Technical security	Preventive
Synchronize and secure all router configuration files. CC ID 01291	Technical security	Preventive
Synchronize and secure all firewall configuration files. CC ID 11851	Technical security	Preventive
Configure firewalls to generate an alert when a potential security incident is detected. CC ID 12165	Technical security	Preventive
Configure network access and control points to organizational standards. CC ID 12442	Technical security	Detective
Install and configure application layer firewalls for all key web-facing applications. CC ID 01450	Technical security	Preventive
Deploy sender policy framework records in the organization's Domain Name Servers. CC ID 12183	Technical security	Preventive
Secure access to each system component operating system. CC ID 00551	Technical security	Preventive
Control remote administration in accordance with organizational standards. CC ID 04459 [Authorize the remote execution of privileged commands and remote access to security-relevant information. 03.01.12 d.]	Technical security	Preventive
Install and maintain remote control software and other remote control mechanisms on critical systems. CC ID 06371	Technical security	Preventive
Implement multifactor authentication techniques. CC ID 00561 [{privileged accounts} Implement multi-factor authentication for access to privileged and non-privileged accounts. 03.05.03 ¶ 1]	Technical security	Preventive
Protect remote access accounts with encryption. CC ID 00562	Technical security	Preventive
Ensure restricted data or restricted information are encrypted prior to or at the time of transmission. CC ID 01749 [Implement cryptographic mechanisms to prevent the unauthorized disclosure of CUI during transmission and while in storage. 03.13.08 ¶ 1]	Technical security	Preventive
Install security and protection software, as necessary. CC ID 00575 [{entry points} Implement malicious code protection mechanisms at system entry and exit points to detect and eradicate malicious code. 03.14.02 a.]	Technical security	Preventive
Lock antivirus configurations. CC ID 10047	Technical security	Preventive
Employ resource-isolation mechanisms in virtual environments. CC ID 12178	Technical security	Preventive
Use locks with electronic authentication systems or cipher locks, as necessary. CC ID 06650	Physical and environmental protection	Preventive
Configure video cameras to cover all physical entry points. CC ID 06302	Physical and environmental protection	Preventive
Configure video cameras to prevent physical tampering or disablement. CC ID 06303	Physical and environmental protection	Preventive
Serialize all removable storage media. CC ID 00949	Physical and environmental protection	Preventive
Encrypt backup data. CC ID 00958 [Implement cryptographic mechanisms to prevent the unauthorized disclosure of CUI at backup storage locations. 03.08.09 b.]	Operational and Systems Continuity	Preventive
Configure the alternate facility to meet the least needed operational capabilities. CC ID 01395 [Employ the following security requirements at alternate work sites: [Assignment: organization-defined security requirements]. 03.10.06 b.]	Operational and Systems Continuity	Preventive
Issue devices with secure configurations to individuals traveling to locations deemed to be of risk. CC ID 10598 [Issue systems or system components with the following configurations to individuals traveling to high-risk locations: [Assignment: organization-defined system configurations]. 03.04.12 a.]	Human Resources management	Preventive
Separate remote maintenance sessions from other network sessions with a logically separate communications path based upon encryption. CC ID 10614	Operational management	Preventive
Deploy software patches in accordance with organizational standards. CC ID 07032	Operational management	Corrective
Deploy software patches in the disaster recovery environment to mirror those in the production environment. CC ID 13174	Operational management	Corrective
Remove outdated software after software has been updated. CC ID 11792	Operational management	Corrective
Update computer firmware, as necessary. CC ID 11755 [Install security-relevant software and firmware updates within [Assignment: organization-defined time period] of the release of the updates. 03.14.01 b.]	Operational management	Corrective
Remove outdated computer firmware after the computer firmware has been updated. CC ID 10671	Operational management	Corrective
Establish, implement, and maintain a configuration change log. CC ID 08710 [Monitor and review activities associated with configuration-controlled changes to the system. 03.04.03 d.]	Operational management	Detective
Verify configuration files requiring passwords for automation do not contain those passwords after the installation process is complete. CC ID 06555	System hardening through configuration management	Preventive
Establish, implement, and maintain configuration standards. CC ID 11953 [Establish, document, and implement the following configuration settings for the system that reflect the most restrictive mode consistent with operational requirements: [Assignment: organization-defined configuration settings]. 03.04.02 a.]	System hardening through configuration management	Preventive
Apply configuration standards to all systems, as necessary. CC ID 12503	System hardening through configuration management	Preventive
Document and justify system hardening standard exceptions. CC ID 06845 [Identify, document, and approve any deviations from established configuration settings. 03.04.02 b.]	System hardening through configuration management	Preventive
Configure automatic logoff to terminate the sessions based on inactivity according to organizational standards. CC ID 04490 [Terminate a user session automatically after [Assignment: organization-defined conditions or trigger events requiring session disconnect]. 03.01.11 ¶ 1 Terminate the network connection associated with a communications session at the end of the session or after [Assignment: organization-defined time period] of inactivity. 03.13.09 ¶ 1]	System hardening through configuration management	Preventive
Install critical security updates and important security updates in a timely manner. CC ID 01696 [Install security-relevant software and firmware updates within [Assignment: organization-defined time period] of the release of the updates. 03.14.01 b.]	System hardening through configuration management	Preventive
Establish, implement, and maintain idle session termination and logout capabilities. CC ID 01418 [Require that users log out of the system after [Assignment: organization-defined time period] of expected inactivity or when [Assignment: organization-defined circumstances]. 03.01.01 h.]	System hardening through configuration management	Preventive
Configure Session Configuration settings in accordance with organizational standards. CC ID 07698	System hardening through configuration management	Preventive
Invalidate unexpected session identifiers. CC ID 15307	System hardening through configuration management	Preventive
Configure the "MaxStartups" settings to organizational standards. CC ID 15329	System hardening through configuration management	Preventive
Reject session identifiers that are not valid. CC ID 15306	System hardening through configuration management	Preventive
Configure the "MaxSessions" settings to organizational standards. CC ID 15330	System hardening through configuration management	Preventive
Configure the "Interactive logon: Message title for users attempting to log on" to organizational standards. CC ID 07699	System hardening through configuration management	Preventive
Configure the "LoginGraceTime" settings to organizational standards. CC ID 15328	System hardening through configuration management	Preventive
Configure the "Network security: Force logoff when logon hours expire" to organizational standards. CC ID 07738	System hardening through configuration management	Preventive
Configure the "MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended)" to organizational standards. CC ID 07758	System hardening through configuration management	Preventive
Configure the "Microsoft network server: Disconnect clients when logon hours expire" to organizational standards. CC ID 07824	System hardening through configuration management	Preventive
Configure the "Microsoft network server: Amount of idle time required before suspending session" to organizational standards. CC ID 07826	System hardening through configuration management	Preventive
Configure the "Interactive logon: Do not display last user name" to organizational standards. CC ID 07832	System hardening through configuration management	Preventive
Configure the "Interactive logon: Display user information when the session is locked" to organizational standards. CC ID 07848	System hardening through configuration management	Preventive
Configure the "Interactive logon: Message text for users attempting to log on" to organizational standards. CC ID 07870	System hardening through configuration management	Preventive
Configure the "Always prompt for password upon connection" to organizational standards. CC ID 08229	System hardening through configuration management	Preventive
Configure the "Interactive logon: Machine inactivity limit" to organizational standards. CC ID 08350	System hardening through configuration management	Preventive
Remove all unnecessary functionality. CC ID 00882 [{essential capabilities} Configure the system to provide only mission-essential capabilities. 03.04.06 a. Disable or remove functions, ports, protocols, connections, and services that are unnecessary or nonsecure. 03.04.06 d.]	System hardening through configuration management	Preventive
Find and eradicate unauthorized world writable files. CC ID 01541	System hardening through configuration management	Preventive
Strip dangerous/unneeded SUID/SGID system executables. CC ID 01542	System hardening through configuration management	Preventive
Find and eradicate unauthorized SUID/SGID system executables. CC ID 01543	System hardening through configuration management	Preventive
Find and eradicate unowned files and unowned directories. CC ID 01544	System hardening through configuration management	Preventive
Disable logon prompts on serial ports. CC ID 01553	System hardening through configuration management	Preventive
Disable "nobody" access for Secure RPC. CC ID 01554	System hardening through configuration management	Preventive
Disable all unnecessary interfaces. CC ID 04826	System hardening through configuration management	Preventive
Enable or disable all unused USB ports as appropriate. CC ID 06042	System hardening through configuration management	Preventive
Disable all user-mounted removable file systems. CC ID 01536	System hardening through configuration management	Preventive
Set the Bluetooth Security Mode to the organizational standard. CC ID 00587	System hardening through configuration management	Preventive
Secure the Bluetooth headset connections. CC ID 00593	System hardening through configuration management	Preventive
Disable automatic dial-in access to computers that have installed modems. CC ID 02036	System hardening through configuration management	Preventive
Configure the "Turn off AutoPlay" setting. CC ID 01787	System hardening through configuration management	Preventive
Configure the "Devices: Restrict floppy access to locally logged on users only" setting. CC ID 01732	System hardening through configuration management	Preventive
Configure the "Devices: Restrict CD-ROM access to locally logged on users" setting. CC ID 01731	System hardening through configuration management	Preventive
Configure the "Remove CD Burning features" setting. CC ID 04379	System hardening through configuration management	Preventive
Disable Autorun. CC ID 01790	System hardening through configuration management	Preventive
Disable USB devices (aka hotplugger). CC ID 01545	System hardening through configuration management	Preventive
Enable or disable all unused auxiliary ports as appropriate. CC ID 06414	System hardening through configuration management	Preventive
Remove rhosts support unless absolutely necessary. CC ID 01555	System hardening through configuration management	Preventive
Remove weak authentication services from Pluggable Authentication Modules. CC ID 01556	System hardening through configuration management	Preventive
Remove the /etc/hosts.equiv file. CC ID 01559	System hardening through configuration management	Preventive
Create the /etc/ftpd/ftpusers file. CC ID 01560	System hardening through configuration management	Preventive
Remove the X Wrapper and enable the X Display Manager. CC ID 01564	System hardening through configuration management	Preventive
Remove empty crontab files and restrict file permissions to the file. CC ID 01571	System hardening through configuration management	Preventive
Remove all compilers and assemblers from the system. CC ID 01594	System hardening through configuration management	Preventive
Disable all unnecessary applications unless otherwise noted in a policy exception. CC ID 04827	System hardening through configuration management	Preventive
Disable the storing of movies in cache in Apple's QuickTime. CC ID 04489	System hardening through configuration management	Preventive
Install and enable file sharing utilities, as necessary. CC ID 02174	System hardening through configuration management	Preventive
Disable boot services unless boot services are absolutely necessary. CC ID 01481	System hardening through configuration management	Preventive
Disable File Services for Macintosh unless File Services for Macintosh are absolutely necessary. CC ID 04279	System hardening through configuration management	Preventive
Configure the Trivial FTP Daemon service to organizational standards. CC ID 01484	System hardening through configuration management	Preventive
Disable printer daemons or the printer service unless printer daemons or the printer service is absolutely necessary. CC ID 01487	System hardening through configuration management	Preventive
Disable web server unless web server is absolutely necessary. CC ID 01490	System hardening through configuration management	Preventive
Disable portmapper unless portmapper is absolutely necessary. CC ID 01492	System hardening through configuration management	Preventive
Disable writesrv, pmd, and httpdlite unless writesrv, pmd, and httpdlite are absolutely necessary. CC ID 01498	System hardening through configuration management	Preventive
Disable hwscan hardware detection unless hwscan hardware detection is absolutely necessary. CC ID 01504	System hardening through configuration management	Preventive
Configure the “xinetd” service to organizational standards. CC ID 01509	System hardening through configuration management	Preventive
Configure the /etc/xinetd.conf file permissions as appropriate. CC ID 01568	System hardening through configuration management	Preventive
Disable inetd unless inetd is absolutely necessary. CC ID 01508	System hardening through configuration management	Preventive
Disable Network Computing System unless it is absolutely necessary. CC ID 01497	System hardening through configuration management	Preventive
Disable print server for macintosh unless print server for macintosh is absolutely necessary. CC ID 04284	System hardening through configuration management	Preventive
Disable Print Server unless Print Server is absolutely necessary. CC ID 01488	System hardening through configuration management	Preventive
Disable ruser/remote login/remote shell/rcp command, unless it is absolutely necessary. CC ID 01480	System hardening through configuration management	Preventive
Disable xfsmd unless xfsmd is absolutely necessary. CC ID 02179	System hardening through configuration management	Preventive
Disable RPC-based services unless RPC-based services are absolutely necessary. CC ID 01455	System hardening through configuration management	Preventive
Disable netfs script unless netfs script is absolutely necessary. CC ID 01495	System hardening through configuration management	Preventive
Disable Remote Procedure Calls unless Remote Procedure Calls are absolutely necessary and if enabled, set restrictions. CC ID 01456	System hardening through configuration management	Preventive
Configure the "RPC Endpoint Mapper Client Authentication" setting. CC ID 04327	System hardening through configuration management	Preventive
Disable ncpfs Script unless ncpfs Script is absolutely necessary. CC ID 01494	System hardening through configuration management	Preventive
Disable sendmail server unless sendmail server is absolutely necessary. CC ID 01511	System hardening through configuration management	Preventive
Disable postfix unless postfix is absolutely necessary. CC ID 01512	System hardening through configuration management	Preventive
Disable directory server unless directory server is absolutely necessary. CC ID 01464	System hardening through configuration management	Preventive
Disable Windows-compatibility client processes unless Windows-compatibility client processes are absolutely necessary. CC ID 01471	System hardening through configuration management	Preventive
Disable Windows-compatibility servers unless Windows-compatibility servers are absolutely necessary. CC ID 01470	System hardening through configuration management	Preventive
Configure the “Network File System” server to organizational standards CC ID 01472	System hardening through configuration management	Preventive
Configure NFS to respond or not as appropriate to NFS client requests that do not include a User ID. CC ID 05981	System hardening through configuration management	Preventive
Configure NFS with appropriate authentication methods. CC ID 05982	System hardening through configuration management	Preventive
Configure the "AUTH_DES authentication mechanism" for "NFS server" setting to organizational standards. CC ID 08971	System hardening through configuration management	Preventive
Configure the "AUTH_KERB authentication mechanism" for "NFS server" setting to organizational standards. CC ID 08972	System hardening through configuration management	Preventive
Configure the "AUTH_NONE authentication mechanism" for "NFS server" setting to organizational standards. CC ID 08973	System hardening through configuration management	Preventive
Configure the "AUTH_UNIX authentication mechanism" for "NFS server" setting to organizational standards. CC ID 08974	System hardening through configuration management	Preventive
Disable webmin processes unless the webmin process is absolutely necessary. CC ID 01501	System hardening through configuration management	Preventive
Disable automount daemon unless automount daemon is absolutely necessary. CC ID 01476	System hardening through configuration management	Preventive
Disable CDE-related daemons unless CDE-related daemons are absolutely necessary. CC ID 01474	System hardening through configuration management	Preventive
Disable finger unless finger is absolutely necessary. CC ID 01505	System hardening through configuration management	Preventive
Disable Rexec unless Rexec is absolutely necessary. CC ID 02164	System hardening through configuration management	Preventive
Disable Squid cache server unless Squid cache server is absolutely necessary. CC ID 01502	System hardening through configuration management	Preventive
Disable Kudzu hardware detection unless Kudzu hardware detection is absolutely necessary. CC ID 01503	System hardening through configuration management	Preventive
Install and enable public Instant Messaging clients as necessary. CC ID 02173	System hardening through configuration management	Preventive
Disable x font server unless x font server is absolutely necessary. CC ID 01499	System hardening through configuration management	Preventive
Disable NFS client processes unless NFS client processes are absolutely necessary. CC ID 01475	System hardening through configuration management	Preventive
Disable removable storage media daemon unless the removable storage media daemon is absolutely necessary. CC ID 01477	System hardening through configuration management	Preventive
Disable GSS daemon unless GSS daemon is absolutely necessary. CC ID 01465	System hardening through configuration management	Preventive
Disable Computer Browser unless Computer Browser is absolutely necessary. CC ID 01814	System hardening through configuration management	Preventive
Configure the Computer Browser ResetBrowser Frames as appropriate. CC ID 05984	System hardening through configuration management	Preventive
Configure the /etc/samba/smb.conf file file permissions as appropriate. CC ID 05989	System hardening through configuration management	Preventive
Disable NetMeeting remote desktop sharing unless NetMeeting remote desktop sharing is absolutely necessary. CC ID 01821	System hardening through configuration management	Preventive
Disable web directory browsing on all web-enabled devices. CC ID 01874	System hardening through configuration management	Preventive
Disable WWW publishing services unless WWW publishing services are absolutely necessary. CC ID 01833	System hardening through configuration management	Preventive
Install and enable samba, as necessary. CC ID 02175	System hardening through configuration management	Preventive
Configure the samba hosts allow option with an appropriate set of networks. CC ID 05985	System hardening through configuration management	Preventive
Configure the samba security option option as appropriate. CC ID 05986	System hardening through configuration management	Preventive
Configure the samba encrypt passwords option as appropriate. CC ID 05987	System hardening through configuration management	Preventive
Configure the Samba 'smb passwd file' option with an appropriate password file or no password file. CC ID 05988	System hardening through configuration management	Preventive
Disable Usenet Internet news package file capabilities unless Usenet Internet news package file capabilities are absolutely necessary. CC ID 02176	System hardening through configuration management	Preventive
Disable iPlanet Web Server unless iPlanet Web Server is absolutely necessary. CC ID 02172	System hardening through configuration management	Preventive
Disable volume manager unless volume manager is absolutely necessary. CC ID 01469	System hardening through configuration management	Preventive
Disable Solaris Management Console unless Solaris Management Console is absolutely necessary. CC ID 01468	System hardening through configuration management	Preventive
Disable the Graphical User Interface unless it is absolutely necessary. CC ID 01466	System hardening through configuration management	Preventive
Disable help and support unless help and support is absolutely necessary. CC ID 04280	System hardening through configuration management	Preventive
Disable speech recognition unless speech recognition is absolutely necessary. CC ID 04491	System hardening through configuration management	Preventive
Disable or secure the NetWare QuickFinder search engine. CC ID 04453	System hardening through configuration management	Preventive
Disable messenger unless messenger is absolutely necessary. CC ID 01819	System hardening through configuration management	Preventive
Configure the "Do not allow Windows Messenger to be run" setting. CC ID 04516	System hardening through configuration management	Preventive
Configure the "Do not automatically start Windows Messenger initially" setting. CC ID 04517	System hardening through configuration management	Preventive
Configure the "Turn off the Windows Messenger Customer Experience Improvement Program" setting. CC ID 04330	System hardening through configuration management	Preventive
Disable automatic updates unless automatic updates are absolutely necessary. CC ID 01811	System hardening through configuration management	Preventive
Configure automatic update installation and shutdown/restart options and shutdown/restart procedures to organizational standards. CC ID 05979	System hardening through configuration management	Preventive
Disable Name Service Cache Daemon unless Name Service Cache Daemon is absolutely necessary. CC ID 04846	System hardening through configuration management	Preventive
Prohibit R-command files from existing for root or administrator. CC ID 16322	System hardening through configuration management	Preventive
Verify the /bin/rsh file exists or not, as appropriate. CC ID 05101	System hardening through configuration management	Preventive
Verify the /sbin/rsh file exists or not, as appropriate. CC ID 05102	System hardening through configuration management	Preventive
Verify the /usr/bin/rsh file exists or not, as appropriate. CC ID 05103	System hardening through configuration management	Preventive
Verify the /etc/ftpusers file exists or not, as appropriate. CC ID 05104	System hardening through configuration management	Preventive
Verify the /etc/rsh file exists or not, as appropriate. CC ID 05105	System hardening through configuration management	Preventive
Install or uninstall the AIDE package, as appropriate. CC ID 05106	System hardening through configuration management	Preventive
Enable the GNOME automounter (gnome-volume-manager) as necessary. CC ID 05107	System hardening through configuration management	Preventive
Install or uninstall the setroubleshoot package, as appropriate. CC ID 05108	System hardening through configuration management	Preventive
Configure Avahi properly. CC ID 05109	System hardening through configuration management	Preventive
Install or uninstall OpenNTPD, as appropriate. CC ID 05110	System hardening through configuration management	Preventive
Configure the "httpd" service to organizational standards. CC ID 05111	System hardening through configuration management	Preventive
Install or uninstall the net-smtp package properly. CC ID 05112	System hardening through configuration management	Preventive
Configure the apache web service properly. CC ID 05113	System hardening through configuration management	Preventive
Configure the vlock package properly. CC ID 05114	System hardening through configuration management	Preventive
Configure the daemon account properly. CC ID 05115	System hardening through configuration management	Preventive
Configure the bin account properly. CC ID 05116	System hardening through configuration management	Preventive
Configure the nuucp account properly. CC ID 05117	System hardening through configuration management	Preventive
Configure the smmsp account properly. CC ID 05118	System hardening through configuration management	Preventive
Configure the listen account properly. CC ID 05119	System hardening through configuration management	Preventive
Configure the gdm account properly. CC ID 05120	System hardening through configuration management	Preventive
Configure the webservd account properly. CC ID 05121	System hardening through configuration management	Preventive
Configure the nobody account properly. CC ID 05122	System hardening through configuration management	Preventive
Configure the noaccess account properly. CC ID 05123	System hardening through configuration management	Preventive
Configure the nobody4 account properly. CC ID 05124	System hardening through configuration management	Preventive
Configure the sys account properly. CC ID 05125	System hardening through configuration management	Preventive
Configure the adm account properly. CC ID 05126	System hardening through configuration management	Preventive
Configure the lp account properly. CC ID 05127	System hardening through configuration management	Preventive
Configure the uucp account properly. CC ID 05128	System hardening through configuration management	Preventive
Install or uninstall the tftp-server package, as appropriate. CC ID 05130	System hardening through configuration management	Preventive
Enable the web console as necessary. CC ID 05131	System hardening through configuration management	Preventive
Enable rlogin auth by Pluggable Authentication Modules or pam.d properly. CC ID 05132	System hardening through configuration management	Preventive
Enable rsh auth by Pluggable Authentication Modules properly. CC ID 05133	System hardening through configuration management	Preventive
Enable the listening sendmail daemon, as appropriate. CC ID 05134	System hardening through configuration management	Preventive
Configure Squid properly. CC ID 05135	System hardening through configuration management	Preventive
Configure the "/etc/shells" file to organizational standards. CC ID 08978	System hardening through configuration management	Preventive
Configure the LDAP package to organizational standards. CC ID 09937	System hardening through configuration management	Preventive
Configure the "FTP server" package to organizational standards. CC ID 09938	System hardening through configuration management	Preventive
Configure the "HTTP Proxy Server" package to organizational standards. CC ID 09939	System hardening through configuration management	Preventive
Configure the "prelink" package to organizational standards. CC ID 11379	System hardening through configuration management	Preventive
Configure the Network Information Service (NIS) package to organizational standards. CC ID 11380	System hardening through configuration management	Preventive
Configure the "time" setting to organizational standards. CC ID 11381	System hardening through configuration management	Preventive
Configure the "biosdevname" package to organizational standards. CC ID 11383	System hardening through configuration management	Preventive
Configure the "ufw" setting to organizational standards. CC ID 11384	System hardening through configuration management	Preventive
Configure the "Devices: Allow undock without having to log on" setting. CC ID 01728	System hardening through configuration management	Preventive
Limit the user roles that are allowed to format and eject removable storage media. CC ID 01729	System hardening through configuration management	Preventive
Prevent users from installing printer drivers. CC ID 01730	System hardening through configuration management	Preventive
Minimize the inetd.conf file and set the file to the appropriate permissions. CC ID 01506	System hardening through configuration management	Preventive
Configure the unsigned driver installation behavior. CC ID 01733	System hardening through configuration management	Preventive
Configure the unsigned non-driver installation behavior. CC ID 02038	System hardening through configuration management	Preventive
Remove all demonstration applications on the system. CC ID 01875	System hardening through configuration management	Preventive
Configure the system to disallow optional Subsystems. CC ID 04265	System hardening through configuration management	Preventive
Configure the "Remove Security tab" setting. CC ID 04380	System hardening through configuration management	Preventive
Disable all unnecessary services unless otherwise noted in a policy exception. CC ID 00880	System hardening through configuration management	Preventive
Disable rquotad unless rquotad is absolutely necessary. CC ID 01473	System hardening through configuration management	Preventive
Configure the rquotad service to use a static port or a dynamic portmapper port as appropriate. CC ID 05983	System hardening through configuration management	Preventive
Disable telnet unless telnet use is absolutely necessary. CC ID 01478	System hardening through configuration management	Preventive
Disable File Transfer Protocol unless File Transfer Protocol use is absolutely necessary. CC ID 01479	System hardening through configuration management	Preventive
Configure anonymous FTP to restrict the use of restricted data. CC ID 16314	System hardening through configuration management	Preventive
Disable anonymous access to File Transfer Protocol. CC ID 06739	System hardening through configuration management	Preventive
Disable Internet Message Access Protocol unless Internet Message Access Protocol use is absolutely necessary. CC ID 01485	System hardening through configuration management	Preventive
Disable Post Office Protocol unless its use is absolutely necessary. CC ID 01486	System hardening through configuration management	Preventive
Disable SQLServer processes unless SQLServer processes use is absolutely necessary. CC ID 01500	System hardening through configuration management	Preventive
Disable alerter unless alerter use is absolutely necessary. CC ID 01810	System hardening through configuration management	Preventive
Disable Background Intelligent Transfer Service unless Background Intelligent Transfer Service use is absolutely necessary. CC ID 01812	System hardening through configuration management	Preventive
Disable ClipBook unless ClipBook use is absolutely necessary. CC ID 01813	System hardening through configuration management	Preventive
Disable Fax Service unless Fax Service use is absolutely necessary. CC ID 01815	System hardening through configuration management	Preventive
Disable IIS admin service unless IIS admin service use is absolutely necessary. CC ID 01817	System hardening through configuration management	Preventive
Disable indexing service unless indexing service use is absolutely necessary. CC ID 01818	System hardening through configuration management	Preventive
Disable net logon unless net logon use is absolutely necessary. CC ID 01820	System hardening through configuration management	Preventive
Disable Remote Desktop Help Session Manager unless Remote Desktop Help Session Manager use is absolutely necessary. CC ID 01822	System hardening through configuration management	Preventive
Disable the "Offer Remote Assistance" setting. CC ID 04325	System hardening through configuration management	Preventive
Disable the "Solicited Remote Assistance" setting. CC ID 04326	System hardening through configuration management	Preventive
Disable Remote Registry Service unless Remote Registry Service use is absolutely necessary. CC ID 01823	System hardening through configuration management	Preventive
Disable Routing and Remote Access unless Routing and Remote Access use is necessary. CC ID 01824	System hardening through configuration management	Preventive
Disable task scheduler unless task scheduler use is absolutely necessary. CC ID 01829	System hardening through configuration management	Preventive
Disable Terminal Services unless Terminal Services use is absolutely necessary. CC ID 01831	System hardening through configuration management	Preventive
Disable Universal Plug and Play device host unless Universal Plug and Play device host use is absolutely necessary. CC ID 01832	System hardening through configuration management	Preventive
Disable File Service Protocol. CC ID 02167	System hardening through configuration management	Preventive
Disable the License Logging Service unless unless it is absolutely necessary. CC ID 04282	System hardening through configuration management	Preventive
Disable Remote Access Auto Connection Manager unless Remote Access Auto Connection Manager use is absolutely necessary. CC ID 04285	System hardening through configuration management	Preventive
Disable Remote Access Connection Manager unless Remote Access Connection Manager use is absolutely necessary. CC ID 04286	System hardening through configuration management	Preventive
Disable Remote Administration Service unless remote administration management is absolutely necessary. CC ID 04287	System hardening through configuration management	Preventive
Disable remote installation unless remote installation is absolutely necessary. CC ID 04288	System hardening through configuration management	Preventive
Disable Remote Server Manager unless Remote Server Manager is absolutely necessary. CC ID 04289	System hardening through configuration management	Preventive
Disable Remote Server Monitor unless Remote Server Monitor use is absolutely necessary. CC ID 04290	System hardening through configuration management	Preventive
Disable Remote Storage Notification unless Remote Storage Notification use is absolutely necessary. CC ID 04291	System hardening through configuration management	Preventive
Disable Remote Storage Server unless Remote Storage Server use is absolutely necessary. CC ID 04292	System hardening through configuration management	Preventive
Disable telephony services unless telephony services use is absolutely necessary. CC ID 04293	System hardening through configuration management	Preventive
Disable Wireless Zero Configuration service unless Wireless Zero Configuration service use is absolutely necessary. CC ID 04294	System hardening through configuration management	Preventive
Disable SSDP/UPnp unless SSDP/UPnP is absolutely necessary. CC ID 04315	System hardening through configuration management	Preventive
Configure the "ntpd service" setting to organizational standards. CC ID 04911	System hardening through configuration management	Preventive
Configure the "echo service" setting to organizational standards. CC ID 04912	System hardening through configuration management	Preventive
Configure the "echo-dgram service" setting to organizational standards. CC ID 09927	System hardening through configuration management	Preventive
Configure the "echo-stream service" setting to organizational standards. CC ID 09928	System hardening through configuration management	Preventive
Configure the "AllowTcpForwarding" to organizational standards. CC ID 15327	System hardening through configuration management	Preventive
Configure the "tcpmux-server" setting to organizational standards. CC ID 09929	System hardening through configuration management	Preventive
Configure the "netstat service" setting to organizational standards. CC ID 04913	System hardening through configuration management	Preventive
Configure the "character generator protocol (chargen)" setting to organizational standards. CC ID 04914	System hardening through configuration management	Preventive
Configure the "tftpd service" setting to organizational standards. CC ID 04915	System hardening through configuration management	Preventive
Configure the "walld service" setting to organizational standards. CC ID 04916	System hardening through configuration management	Preventive
Configure the "rstatd service" setting to organizational standards. CC ID 04917	System hardening through configuration management	Preventive
Configure the "sprayd service" setting to organizational standards. CC ID 04918	System hardening through configuration management	Preventive
Configure the "rusersd service" setting to organizational standards. CC ID 04919	System hardening through configuration management	Preventive
Configure the "inn service" setting to organizational standards. CC ID 04920	System hardening through configuration management	Preventive
Configure the "font service" setting to organizational standards. CC ID 04921	System hardening through configuration management	Preventive
Configure the "ident service" setting to organizational standards. CC ID 04922	System hardening through configuration management	Preventive
Configure the "rexd service" setting to organizational standards. CC ID 04923	System hardening through configuration management	Preventive
Configure the "daytime service" setting to organizational standards. CC ID 04924	System hardening through configuration management	Preventive
Configure the "dtspc (cde-spc) service" setting to organizational standards. CC ID 04925	System hardening through configuration management	Preventive
Configure the "cmsd service" setting to organizational standards. CC ID 04926	System hardening through configuration management	Preventive
Configure the "ToolTalk service" setting to organizational standards. CC ID 04927	System hardening through configuration management	Preventive
Configure the "discard service" setting to organizational standards. CC ID 04928	System hardening through configuration management	Preventive
Configure the "vino-server service" setting to organizational standards. CC ID 04929	System hardening through configuration management	Preventive
Configure the "bind service" setting to organizational standards. CC ID 04930	System hardening through configuration management	Preventive
Configure the "nfsd service" setting to organizational standards. CC ID 04931	System hardening through configuration management	Preventive
Configure the "mountd service" setting to organizational standards. CC ID 04932	System hardening through configuration management	Preventive
Configure the "statd service" setting to organizational standards. CC ID 04933	System hardening through configuration management	Preventive
Configure the "lockd service" setting to organizational standards. CC ID 04934	System hardening through configuration management	Preventive
Configure the lockd service to use a static port or a dynamic portmapper port for User Datagram Protocol as appropriate. CC ID 05980	System hardening through configuration management	Preventive
Configure the "decode sendmail alias" setting to organizational standards. CC ID 04935	System hardening through configuration management	Preventive
Configure the sendmail vrfy command, as appropriate. CC ID 04936	System hardening through configuration management	Preventive
Configure the sendmail expn command, as appropriate. CC ID 04937	System hardening through configuration management	Preventive
Configure .netrc with an appropriate set of services. CC ID 04938	System hardening through configuration management	Preventive
Enable NFS insecure locks as necessary. CC ID 04939	System hardening through configuration management	Preventive
Configure the "X server ac" setting to organizational standards. CC ID 04940	System hardening through configuration management	Preventive
Configure the "X server core" setting to organizational standards. CC ID 04941	System hardening through configuration management	Preventive
Enable or disable the setroubleshoot service, as appropriate. CC ID 05540	System hardening through configuration management	Preventive
Configure the "X server nolock" setting to organizational standards. CC ID 04942	System hardening through configuration management	Preventive
Enable or disable the mcstrans service, as appropriate. CC ID 05541	System hardening through configuration management	Preventive
Configure the "PAM console" setting to organizational standards. CC ID 04943	System hardening through configuration management	Preventive
Enable or disable the restorecond service, as appropriate. CC ID 05542	System hardening through configuration management	Preventive
Enable the rhnsd service as necessary. CC ID 04944	System hardening through configuration management	Preventive
Enable the yum-updatesd service as necessary. CC ID 04945	System hardening through configuration management	Preventive
Enable the autofs service as necessary. CC ID 04946	System hardening through configuration management	Preventive
Enable the ip6tables service as necessary. CC ID 04947	System hardening through configuration management	Preventive
Configure syslog to organizational standards. CC ID 04949	System hardening through configuration management	Preventive
Enable the auditd service as necessary. CC ID 04950	System hardening through configuration management	Preventive
Enable the logwatch service as necessary. CC ID 04951	System hardening through configuration management	Preventive
Enable the logrotate (syslog rotator) service as necessary. CC ID 04952	System hardening through configuration management	Preventive
Install or uninstall the telnet server package, only if absolutely necessary. CC ID 04953	System hardening through configuration management	Preventive
Enable the ypbind service as necessary. CC ID 04954	System hardening through configuration management	Preventive
Enable the ypserv service as necessary. CC ID 04955	System hardening through configuration management	Preventive
Enable the firstboot service as necessary. CC ID 04956	System hardening through configuration management	Preventive
Enable the gpm service as necessary. CC ID 04957	System hardening through configuration management	Preventive
Enable the irqbalance service as necessary. CC ID 04958	System hardening through configuration management	Preventive
Enable the isdn service as necessary. CC ID 04959	System hardening through configuration management	Preventive
Enable the kdump service as necessary. CC ID 04960	System hardening through configuration management	Preventive
Enable the mdmonitor service as necessary. CC ID 04961	System hardening through configuration management	Preventive
Enable the microcode_ctl service as necessary. CC ID 04962	System hardening through configuration management	Preventive
Enable the pcscd service as necessary. CC ID 04963	System hardening through configuration management	Preventive
Enable the smartd service as necessary. CC ID 04964	System hardening through configuration management	Preventive
Enable the readahead_early service as necessary. CC ID 04965	System hardening through configuration management	Preventive
Enable the readahead_later service as necessary. CC ID 04966	System hardening through configuration management	Preventive
Enable the messagebus service as necessary. CC ID 04967	System hardening through configuration management	Preventive
Enable the haldaemon service as necessary. CC ID 04968	System hardening through configuration management	Preventive
Enable the apmd service as necessary. CC ID 04969	System hardening through configuration management	Preventive
Enable the acpid service as necessary. CC ID 04970	System hardening through configuration management	Preventive
Enable the cpuspeed service as necessary. CC ID 04971	System hardening through configuration management	Preventive
Enable the network service as necessary. CC ID 04972	System hardening through configuration management	Preventive
Enable the hidd service as necessary. CC ID 04973	System hardening through configuration management	Preventive
Enable the crond service as necessary. CC ID 04974	System hardening through configuration management	Preventive
Install and enable the anacron service as necessary. CC ID 04975	System hardening through configuration management	Preventive
Enable the xfs service as necessary. CC ID 04976	System hardening through configuration management	Preventive
Install and enable the Avahi daemon service, as necessary. CC ID 04977	System hardening through configuration management	Preventive
Enable the CUPS service, as necessary. CC ID 04978	System hardening through configuration management	Preventive
Enable the hplip service as necessary. CC ID 04979	System hardening through configuration management	Preventive
Enable the dhcpd service as necessary. CC ID 04980	System hardening through configuration management	Preventive
Enable the nfslock service as necessary. CC ID 04981	System hardening through configuration management	Preventive
Enable the rpcgssd service as necessary. CC ID 04982	System hardening through configuration management	Preventive
Enable the rpcidmapd service as necessary. CC ID 04983	System hardening through configuration management	Preventive
Enable the rpcsvcgssd service as necessary. CC ID 04985	System hardening through configuration management	Preventive
Configure root squashing for all NFS shares, as appropriate. CC ID 04986	System hardening through configuration management	Preventive
Configure write access to NFS shares, as appropriate. CC ID 04987	System hardening through configuration management	Preventive
Configure the named service, as appropriate. CC ID 04988	System hardening through configuration management	Preventive
Configure the vsftpd service, as appropriate. CC ID 04989	System hardening through configuration management	Preventive
Configure the “dovecot” service to organizational standards. CC ID 04990	System hardening through configuration management	Preventive
Configure Server Message Block (SMB) to organizational standards. CC ID 04991	System hardening through configuration management	Preventive
Enable the snmpd service as necessary. CC ID 04992	System hardening through configuration management	Preventive
Enable the calendar manager as necessary. CC ID 04993	System hardening through configuration management	Preventive
Enable the GNOME logon service as necessary. CC ID 04994	System hardening through configuration management	Preventive
Enable the WBEM services as necessary. CC ID 04995	System hardening through configuration management	Preventive
Enable the keyserv service as necessary. CC ID 04996	System hardening through configuration management	Preventive
Enable the Generic Security Service daemon as necessary. CC ID 04997	System hardening through configuration management	Preventive
Enable the volfs service as necessary. CC ID 04998	System hardening through configuration management	Preventive
Enable the smserver service as necessary. CC ID 04999	System hardening through configuration management	Preventive
Enable the mpxio-upgrade service as necessary. CC ID 05000	System hardening through configuration management	Preventive
Enable the metainit service as necessary. CC ID 05001	System hardening through configuration management	Preventive
Enable the meta service as necessary. CC ID 05003	System hardening through configuration management	Preventive
Enable the metaed service as necessary. CC ID 05004	System hardening through configuration management	Preventive
Enable the metamh service as necessary. CC ID 05005	System hardening through configuration management	Preventive
Enable the Local RPC Port Mapping Service as necessary. CC ID 05006	System hardening through configuration management	Preventive
Enable the Kerberos kadmind service as necessary. CC ID 05007	System hardening through configuration management	Preventive
Enable the Kerberos krb5kdc service as necessary. CC ID 05008	System hardening through configuration management	Preventive
Enable the Kerberos kpropd service as necessary. CC ID 05009	System hardening through configuration management	Preventive
Enable the Kerberos ktkt_warnd service as necessary. CC ID 05010	System hardening through configuration management	Preventive
Enable the sadmin service as necessary. CC ID 05011	System hardening through configuration management	Preventive
Enable the IPP listener as necessary. CC ID 05012	System hardening through configuration management	Preventive
Enable the serial port listener as necessary. CC ID 05013	System hardening through configuration management	Preventive
Enable the Smart Card Helper service as necessary. CC ID 05014	System hardening through configuration management	Preventive
Enable the Application Management service as necessary. CC ID 05015	System hardening through configuration management	Preventive
Enable the Resultant Set of Policy (RSoP) Provider service as necessary. CC ID 05016	System hardening through configuration management	Preventive
Enable the Network News Transport Protocol service as necessary. CC ID 05017	System hardening through configuration management	Preventive
Enable the network Dynamic Data Exchange service as necessary. CC ID 05018	System hardening through configuration management	Preventive
Enable the Distributed Link Tracking Server service as necessary. CC ID 05019	System hardening through configuration management	Preventive
Enable the RARP service as necessary. CC ID 05020	System hardening through configuration management	Preventive
Configure the ".NET Framework service" setting to organizational standards. CC ID 05021	System hardening through configuration management	Preventive
Enable the Network DDE Share Database Manager service as necessary. CC ID 05022	System hardening through configuration management	Preventive
Enable the Certificate Services service as necessary. CC ID 05023	System hardening through configuration management	Preventive
Configure the ATI hotkey poller service properly. CC ID 05024	System hardening through configuration management	Preventive
Configure the Interix Subsystem Startup service properly. CC ID 05025	System hardening through configuration management	Preventive
Configure the Cluster Service service properly. CC ID 05026	System hardening through configuration management	Preventive
Configure the IAS Jet Database Access service properly. CC ID 05027	System hardening through configuration management	Preventive
Configure the IAS service properly. CC ID 05028	System hardening through configuration management	Preventive
Configure the IP Version 6 Helper service properly. CC ID 05029	System hardening through configuration management	Preventive
Configure "Message Queuing service" to organizational standards. CC ID 05030	System hardening through configuration management	Preventive
Configure the Message Queuing Down Level Clients service properly. CC ID 05031	System hardening through configuration management	Preventive
Configure the Windows Management Instrumentation Driver Extensions service properly. CC ID 05033	System hardening through configuration management	Preventive
Configure the TCP/IP NetBIOS Helper Service properly. CC ID 05034	System hardening through configuration management	Preventive
Configure the Utility Manager service properly. CC ID 05035	System hardening through configuration management	Preventive
Configure the secondary logon service properly. CC ID 05036	System hardening through configuration management	Preventive
Configure the Windows Management Instrumentation service properly. CC ID 05037	System hardening through configuration management	Preventive
Configure the Workstation service properly. CC ID 05038	System hardening through configuration management	Preventive
Configure the Windows Installer service properly. CC ID 05039	System hardening through configuration management	Preventive
Configure the Windows System Resource Manager service properly. CC ID 05040	System hardening through configuration management	Preventive
Configure the WinHTTP Web Proxy Auto-Discovery Service properly. CC ID 05041	System hardening through configuration management	Preventive
Configure the Services for Unix Client for NFS service properly. CC ID 05042	System hardening through configuration management	Preventive
Configure the Services for Unix Server for PCNFS service properly. CC ID 05043	System hardening through configuration management	Preventive
Configure the Services for Unix Perl Socket service properly. CC ID 05044	System hardening through configuration management	Preventive
Configure the Services for Unix User Name Mapping service properly. CC ID 05045	System hardening through configuration management	Preventive
Configure the Services for Unix Windows Cron service properly. CC ID 05046	System hardening through configuration management	Preventive
Configure the Windows Media Services service properly. CC ID 05047	System hardening through configuration management	Preventive
Configure the Services for Netware Service Advertising Protocol (SAP) Agent properly. CC ID 05048	System hardening through configuration management	Preventive
Configure the Web Element Manager service properly. CC ID 05049	System hardening through configuration management	Preventive
Configure the Remote Installation Services Single Instance Storage (SIS) Groveler service properly. CC ID 05050	System hardening through configuration management	Preventive
Configure the Terminal Services Licensing service properly. CC ID 05051	System hardening through configuration management	Preventive
Configure the COM+ Event System service properly. CC ID 05052	System hardening through configuration management	Preventive
Configure the Event Log service properly. CC ID 05053	System hardening through configuration management	Preventive
Configure the Infrared Monitor service properly. CC ID 05054	System hardening through configuration management	Preventive
Configure the Services for Unix Server for NFS service properly. CC ID 05055	System hardening through configuration management	Preventive
Configure the System Event Notification Service properly. CC ID 05056	System hardening through configuration management	Preventive
Configure the NTLM Security Support Provider service properly. CC ID 05057	System hardening through configuration management	Preventive
Configure the Performance Logs and Alerts service properly. CC ID 05058	System hardening through configuration management	Preventive
Configure the Protected Storage service properly. CC ID 05059	System hardening through configuration management	Preventive
Configure the QoS Admission Control (RSVP) service properly. CC ID 05060	System hardening through configuration management	Preventive
Configure the Remote Procedure Call service properly. CC ID 05061	System hardening through configuration management	Preventive
Configure the Removable Storage service properly. CC ID 05062	System hardening through configuration management	Preventive
Configure the Server service properly. CC ID 05063	System hardening through configuration management	Preventive
Configure the Security Accounts Manager service properly. CC ID 05064	System hardening through configuration management	Preventive
Configure the “Network Connections” service to organizational standards. CC ID 05065	System hardening through configuration management	Preventive
Configure the Logical Disk Manager service properly. CC ID 05066	System hardening through configuration management	Preventive
Configure the Logical Disk Manager Administrative Service properly. CC ID 05067	System hardening through configuration management	Preventive
Configure the File Replication service properly. CC ID 05068	System hardening through configuration management	Preventive
Configure the Kerberos Key Distribution Center service properly. CC ID 05069	System hardening through configuration management	Preventive
Configure the Intersite Messaging service properly. CC ID 05070	System hardening through configuration management	Preventive
Configure the Remote Procedure Call locator service properly. CC ID 05071	System hardening through configuration management	Preventive
Configure the Distributed File System service properly. CC ID 05072	System hardening through configuration management	Preventive
Configure the Windows Internet Name Service service properly. CC ID 05073	System hardening through configuration management	Preventive
Configure the FTP Publishing Service properly. CC ID 05074	System hardening through configuration management	Preventive
Configure the Windows Search service properly. CC ID 05075	System hardening through configuration management	Preventive
Configure the Microsoft Peer-to-Peer Networking Services service properly. CC ID 05076	System hardening through configuration management	Preventive
Configure the Remote Shell service properly. CC ID 05077	System hardening through configuration management	Preventive
Configure Simple TCP/IP services to organizational standards. CC ID 05078	System hardening through configuration management	Preventive
Configure the Print Services for Unix service properly. CC ID 05079	System hardening through configuration management	Preventive
Configure the File Shares service to organizational standards. CC ID 05080	System hardening through configuration management	Preventive
Configure the NetMeeting service properly. CC ID 05081	System hardening through configuration management	Preventive
Configure the Application Layer Gateway service properly. CC ID 05082	System hardening through configuration management	Preventive
Configure the Cryptographic Services service properly. CC ID 05083	System hardening through configuration management	Preventive
Configure the Help and Support Service properly. CC ID 05084	System hardening through configuration management	Preventive
Configure the Human Interface Device Access service properly. CC ID 05085	System hardening through configuration management	Preventive
Configure the IMAPI CD-Burning COM service properly. CC ID 05086	System hardening through configuration management	Preventive
Configure the MS Software Shadow Copy Provider service properly. CC ID 05087	System hardening through configuration management	Preventive
Configure the Network Location Awareness service properly. CC ID 05088	System hardening through configuration management	Preventive
Configure the Portable Media Serial Number Service service properly. CC ID 05089	System hardening through configuration management	Preventive
Configure the System Restore Service service properly. CC ID 05090	System hardening through configuration management	Preventive
Configure the Themes service properly. CC ID 05091	System hardening through configuration management	Preventive
Configure the Uninterruptible Power Supply service properly. CC ID 05092	System hardening through configuration management	Preventive
Configure the Upload Manager service properly. CC ID 05093	System hardening through configuration management	Preventive
Configure the Volume Shadow Copy Service properly. CC ID 05094	System hardening through configuration management	Preventive
Configure the WebClient service properly. CC ID 05095	System hardening through configuration management	Preventive
Configure the Windows Audio service properly. CC ID 05096	System hardening through configuration management	Preventive
Configure the Windows Image Acquisition service properly. CC ID 05097	System hardening through configuration management	Preventive
Configure the WMI Performance Adapter service properly. CC ID 05098	System hardening through configuration management	Preventive
Enable file uploads via vsftpd service, as appropriate. CC ID 05100	System hardening through configuration management	Preventive
Disable or remove sadmind unless use of sadmind is absolutely necessary. CC ID 06885	System hardening through configuration management	Preventive
Configure the "SNMP version 1" setting to organizational standards. CC ID 08976	System hardening through configuration management	Preventive
Configure the "xdmcp service" setting to organizational standards. CC ID 08985	System hardening through configuration management	Preventive
Disable the automatic display of remote images in HTML-formatted e-mail. CC ID 04494	System hardening through configuration management	Preventive
Disable Remote Apply Events unless Remote Apply Events are absolutely necessary. CC ID 04495	System hardening through configuration management	Preventive
Disable Xgrid unless Xgrid is absolutely necessary. CC ID 04496	System hardening through configuration management	Preventive
Configure the "Do Not Show First Use Dialog Boxes" setting for Windows Media Player properly. CC ID 05136	System hardening through configuration management	Preventive
Disable Core dumps unless absolutely necessary. CC ID 01507	System hardening through configuration management	Preventive
Set hard core dump size limits, as appropriate. CC ID 05990	System hardening through configuration management	Preventive
Configure the "Prevent Desktop Shortcut Creation" setting for Windows Media Player properly. CC ID 05137	System hardening through configuration management	Preventive
Set the Squid EUID and Squid GUID to an appropriate user and group. CC ID 05138	System hardening through configuration management	Preventive
Verify groups referenced in /etc/passwd are included in /etc/group, as appropriate. CC ID 05139	System hardening through configuration management	Preventive
Use of the cron.allow file should be enabled or disabled as appropriate. CC ID 06014	System hardening through configuration management	Preventive
Use of the at.allow file should be enabled or disabled as appropriate. CC ID 06015	System hardening through configuration management	Preventive
Enable or disable the Dynamic DNS feature of the DHCP Server as appropriate. CC ID 06039	System hardening through configuration management	Preventive
Enable or disable each user's Screen saver software, as necessary. CC ID 06050 [Conceal, via the device lock, information previously visible on the display with a publicly viewable image. 03.01.10 c.]	System hardening through configuration management	Preventive
Disable any unnecessary scripting languages, as necessary. CC ID 12137	System hardening through configuration management	Preventive
Enable logon authentication management techniques. CC ID 00553	System hardening through configuration management	Preventive
Configure devices and users to re-authenticate, as necessary. CC ID 10609 [Re-authenticate users when [Assignment: organization-defined circumstances or situations requiring re-authentication]. 03.05.01 b.]	System hardening through configuration management	Preventive
Configure authenticator activation codes in accordance with organizational standards. CC ID 17032	System hardening through configuration management	Preventive
Configure authenticators to comply with organizational standards. CC ID 06412 [Establish initial authenticator content for any authenticators issued by the organization. 03.05.12 b.]	System hardening through configuration management	Preventive
Configure the system to require new users to change their authenticator on first use. CC ID 05268 [Select a new password upon first use after account recovery. 03.05.07 e.]	System hardening through configuration management	Preventive
Configure authenticators so that group authenticators or shared authenticators are prohibited. CC ID 00519	System hardening through configuration management	Preventive
Configure the system to prevent unencrypted authenticator use. CC ID 04457	System hardening through configuration management	Preventive
Disable store passwords using reversible encryption. CC ID 01708	System hardening through configuration management	Preventive
Configure the system to encrypt authenticators. CC ID 06735 [{encrypted format} Store passwords in a cryptographically protected form. 03.05.07 d.]	System hardening through configuration management	Preventive
Configure the system to mask authenticators. CC ID 02037 [Obscure feedback of authentication information during the authentication process. 03.05.11 ¶ 1]	System hardening through configuration management	Preventive
Configure the authenticator policy to ban the use of usernames or user identifiers in authenticators. CC ID 05992	System hardening through configuration management	Preventive
Configure the system to refrain from specifying the type of information used as password hints. CC ID 13783	System hardening through configuration management	Preventive
Disable machine account password changes. CC ID 01737	System hardening through configuration management	Preventive
Configure the "Disable Remember Password" setting. CC ID 05270	System hardening through configuration management	Preventive
Configure the "Minimum password age" to organizational standards. CC ID 01703	System hardening through configuration management	Preventive
Configure the LILO/GRUB password. CC ID 01576	System hardening through configuration management	Preventive
Configure the system to use Apple's Keychain Access to store passwords and certificates. CC ID 04481	System hardening through configuration management	Preventive
Change the default password to Apple's Keychain. CC ID 04482	System hardening through configuration management	Preventive
Configure Apple's Keychain items to ask for the Keychain password. CC ID 04483	System hardening through configuration management	Preventive
Configure the Syskey Encryption Key and associated password. CC ID 05978	System hardening through configuration management	Preventive
Configure the "Accounts: Limit local account use of blank passwords to console logon only" setting. CC ID 04505	System hardening through configuration management	Preventive
Configure the "System cryptography: Force strong key protection for user keys stored in the computer" setting. CC ID 04534	System hardening through configuration management	Preventive
Configure interactive logon for accounts that do not have assigned authenticators in accordance with organizational standards. CC ID 05267	System hardening through configuration management	Preventive
Enable or disable remote connections from accounts with empty authenticators, as appropriate. CC ID 05269	System hardening through configuration management	Preventive
Configure the "Send LanMan compatible password" setting. CC ID 05271	System hardening through configuration management	Preventive
Configure the authenticator policy to ban or allow authenticators as words found in dictionaries, as appropriate. CC ID 05993	System hardening through configuration management	Preventive
Configure the authenticator policy to ban or allow authenticators as proper names, as necessary. CC ID 17030	System hardening through configuration management	Preventive
Set the most number of characters required for the BitLocker Startup PIN correctly. CC ID 06054	System hardening through configuration management	Preventive
Set the default folder for BitLocker recovery passwords correctly. CC ID 06055	System hardening through configuration management	Preventive
Configure the "Disable password strength validation for Peer Grouping" setting to organizational standards. CC ID 10866	System hardening through configuration management	Preventive
Configure the "Set the interval between synchronization retries for Password Synchronization" setting to organizational standards. CC ID 11185	System hardening through configuration management	Preventive
Configure the "Set the number of synchronization retries for servers running Password Synchronization" setting to organizational standards. CC ID 11187	System hardening through configuration management	Preventive
Configure the "Turn off password security in Input Panel" setting to organizational standards. CC ID 11296	System hardening through configuration management	Preventive
Configure the "Turn on the Windows to NIS password synchronization for users that have been migrated to Active Directory" setting to organizational standards. CC ID 11355	System hardening through configuration management	Preventive
Configure the authenticator display screen to organizational standards. CC ID 13794	System hardening through configuration management	Preventive
Configure the authenticator field to disallow memorized secrets found in the memorized secret list. CC ID 13808 [{commonly used passwords} Maintain a list of commonly-used, expected, or compromised passwords, and update the list [Assignment: organization-defined frequency] and when organizational passwords are suspected to have been compromised. 03.05.07 a.]	System hardening through configuration management	Preventive
Change authenticators, as necessary. CC ID 15315 [Change or refresh authenticators [Assignment: organization-defined frequency] or when the following events occur: [Assignment: organization-defined events]. 03.05.12 e.]	System hardening through configuration management	Preventive
Change all default authenticators. CC ID 15309 [Change default authenticators at first use. 03.05.12 d.]	System hardening through configuration management	Preventive
Configure the system security parameters to prevent system misuse or information misappropriation. CC ID 00881	System hardening through configuration management	Preventive
Configure the system to require a password before it unlocks the Screen saver software. CC ID 04443 [Retain the device lock until the user reestablishes access using established identification and authentication procedures. 03.01.10 b.]	System hardening through configuration management	Preventive
Configure the system account settings and the permission settings in accordance with the organizational standards. CC ID 01538	System hardening through configuration management	Preventive
Configure user accounts. CC ID 07036	System hardening through configuration management	Preventive
Configure accounts with administrative privilege. CC ID 07033	System hardening through configuration management	Preventive
Configure wireless communication to be encrypted using strong cryptography. CC ID 06078 [Protect wireless access to the system using authentication and encryption. 03.01.16 d.]	System hardening through configuration management	Preventive
Configure Wireless Access Points in accordance with organizational standards. CC ID 12477	System hardening through configuration management	Preventive
Enable two-factor authentication for identifying and authenticating Wireless Local Area Network users. CC ID 04595 [Protect wireless access to the system using authentication and encryption. 03.01.16 d.]	System hardening through configuration management	Preventive
Enable or disable all wireless interfaces, as necessary. CC ID 05755 [Disable, when not intended for use, wireless networking capabilities prior to issuance and deployment. 03.01.16 c.]	System hardening through configuration management	Preventive
Configure mobile device settings in accordance with organizational standards. CC ID 04600 [Establish usage restrictions, configuration requirements, and connection requirements for mobile devices. 03.01.18 a.]	System hardening through configuration management	Preventive
Configure mobile devices to enable remote wipe. CC ID 12212	System hardening through configuration management	Preventive
Configure prohibiting the circumvention of security controls on mobile devices. CC ID 12335	System hardening through configuration management	Preventive
Configure the "VPN" setting to organizational standards. CC ID 09987	System hardening through configuration management	Preventive
Configure the "Fraudulent Website Warning" setting to organizational standards. CC ID 09988	System hardening through configuration management	Preventive
Configure the "With Authentication" setting to organizational standards. CC ID 09989	System hardening through configuration management	Preventive
Configure the "Auto-Join" setting to organizational standards. CC ID 09990	System hardening through configuration management	Preventive
Configure the "AirDrop Discoverability" setting to organizational standards. CC ID 09991	System hardening through configuration management	Preventive
Configure the "Wi-Fi" setting to organizational standards. CC ID 09992	System hardening through configuration management	Preventive
Configure the "Personal Hotspot" setting to organizational standards. CC ID 09994	System hardening through configuration management	Preventive
Configure the "Notifications View" setting for "Access on Lock Screen" to organizational standards. CC ID 09995	System hardening through configuration management	Preventive
Configure the "Find My iPhone" setting to organizational standards. CC ID 09996	System hardening through configuration management	Preventive
Configure the "iPhone Unlock" setting to organizational standards. CC ID 09997	System hardening through configuration management	Preventive
Configure the "Access on Lock Screen" setting to organizational standards. CC ID 09998	System hardening through configuration management	Preventive
Configure the "Forget this Network" setting to organizational standards. CC ID 09999	System hardening through configuration management	Preventive
Configure the "Ask to Join Networks" setting to organizational standards. CC ID 10000	System hardening through configuration management	Preventive
Configure the "Fraudulent Website Warning" setting to organizational standards. CC ID 10001	System hardening through configuration management	Preventive
Configure the "Credit Cards" setting to organizational standards. CC ID 10002	System hardening through configuration management	Preventive
Configure the "Saved Credit Card Information" setting to organizational standards. CC ID 10003	System hardening through configuration management	Preventive
Configure the "Do Not Track" setting to organizational standards. CC ID 10004	System hardening through configuration management	Preventive
Configure the "With Authentication" setting to organizational standards. CC ID 10005	System hardening through configuration management	Preventive
Configure the "Allow Move" setting to organizational standards. CC ID 10006	System hardening through configuration management	Preventive
Configure the "Use Only in Mail" setting to organizational standards. CC ID 10007	System hardening through configuration management	Preventive
Configure mobile devices to organizational standards. CC ID 04639	System hardening through configuration management	Preventive
Configure mobile devices to separate organizational data from personal data. CC ID 16463	System hardening through configuration management	Preventive
Configure the mobile device properties to organizational standards. CC ID 04640	System hardening through configuration management	Preventive
Configure the mobile device menu items to organizational standards. CC ID 04641	System hardening through configuration management	Preventive
Configure the BlackBerry handheld device driver settings. CC ID 04642	System hardening through configuration management	Preventive
Configure the BlackBerry Enterprise Server with either BlackBerry DMZ Solution or the BlackBerry firewall solution. CC ID 04602	System hardening through configuration management	Preventive
Configure automatic master key generation on the BlackBerry Enterprise Server. CC ID 04608	System hardening through configuration management	Preventive
Configure e-mail messages to not display a signature line stating the message was sent from a Portable Electronic Device. CC ID 04605	System hardening through configuration management	Preventive
Verify only the specific mobile device web browser software is installed. CC ID 04606	System hardening through configuration management	Preventive
Update the software and master keys for mobile Personal Electronic Devices every 30 days. CC ID 04607	System hardening through configuration management	Preventive
Enable content protection on mobile devices. CC ID 04609	System hardening through configuration management	Preventive
Configure the application policy groups for each mobile Personal Electronic Device. CC ID 04610	System hardening through configuration management	Preventive
Configure the BlackBerry Messenger policy group settings. CC ID 04611	System hardening through configuration management	Preventive
Configure the Camera policy group settings. CC ID 04614	System hardening through configuration management	Preventive
Configure the Bluetooth policy group settings. CC ID 04612	System hardening through configuration management	Preventive
Configure the Bluetooth Smart Card Reader policy group settings. CC ID 04613	System hardening through configuration management	Preventive
Configure the Browser policy group settings. CC ID 04615	System hardening through configuration management	Preventive
Configure the Certificate Sync policy group settings. CC ID 04616	System hardening through configuration management	Preventive
Configure the CMIME policy group settings. CC ID 04617	System hardening through configuration management	Preventive
Configure the Common policy group settings. CC ID 04618	System hardening through configuration management	Preventive
Configure the Desktop-only policy group settings. CC ID 04619	System hardening through configuration management	Preventive
Configure the IOT Application policy group settings. CC ID 04620	System hardening through configuration management	Preventive
Configure the Device-only policy group settings. CC ID 04621	System hardening through configuration management	Preventive
Configure the Desktop policy group settings. CC ID 04622	System hardening through configuration management	Preventive
Configure the Global items policy group settings. CC ID 04623	System hardening through configuration management	Preventive
Configure the Location Based Services policy group settings. CC ID 04624	System hardening through configuration management	Preventive
Configure the MDS policy group settings. CC ID 04625	System hardening through configuration management	Preventive
Configure the On-Device Help policy group settings. CC ID 04626	System hardening through configuration management	Preventive
Configure the Password policy group settings. CC ID 04627	System hardening through configuration management	Preventive
Configure the PIM Sync policy group settings. CC ID 04628	System hardening through configuration management	Preventive
Configure the Secure E-mail policy group settings. CC ID 04629	System hardening through configuration management	Preventive
Configure the Memory Cleaner policy group settings. CC ID 04630	System hardening through configuration management	Preventive
Configure the Security policy group settings. CC ID 04631	System hardening through configuration management	Preventive
Configure the Service Exclusivity policy group settings. CC ID 04632	System hardening through configuration management	Preventive
Configure the SIM Application Toolkit policy group settings. CC ID 04633	System hardening through configuration management	Preventive
Configure the Smart Dialing policy group settings. CC ID 04634	System hardening through configuration management	Preventive
Configure the S/MIME policy group settings. CC ID 04635	System hardening through configuration management	Preventive
Configure the TCP policy group settings. CC ID 04636	System hardening through configuration management	Preventive
Configure the WTLS (Application) policy group settings. CC ID 04638	System hardening through configuration management	Preventive
Configure emergency and critical e-mail notifications so that they are digitally signed. CC ID 04841	System hardening through configuration management	Preventive
Enable data-at-rest encryption on mobile devices. CC ID 04842	System hardening through configuration management	Preventive
Disable the capability to automatically execute code on mobile devices absent user direction. CC ID 08705	System hardening through configuration management	Preventive
Configure environmental sensors on mobile devices. CC ID 10667	System hardening through configuration management	Preventive
Prohibit the remote activation of environmental sensors on mobile devices. CC ID 10666	System hardening through configuration management	Preventive
Configure the mobile device to explicitly show when an environmental sensor is in use. CC ID 10668	System hardening through configuration management	Preventive
Configure the environmental sensor to report collected data to designated personnel only. CC ID 10669	System hardening through configuration management	Preventive
Configure Account settings in accordance with organizational standards. CC ID 07603	System hardening through configuration management	Preventive
Configure the "Account lockout duration" to organizational standards. CC ID 07771 [Automatically [Selection (one or more): lock the account or node for an [Assignment: organization-defined time period]; lock the account or node until released by an administrator; delay next logon prompt; notify system administrator; take other action] when the maximum number of unsuccessful attempts is exceeded. 03.01.08 b.]	System hardening through configuration management	Preventive
Configure Logging settings in accordance with organizational standards. CC ID 07611	System hardening through configuration management	Preventive
Configure the detailed data elements to be captured for all logs so that events are identified by type, location, subject, user, what data was accessed, etc. CC ID 06331 [{place} Include the following content in audit records: Where the event occurred 03.03.02 a.3. Provide additional information for audit records as needed. 03.03.02 b.]	System hardening through configuration management	Preventive
Configure the log to capture the user's identification. CC ID 01334 [Include the following content in audit records: Identity of the individuals, subjects, objects, or entities associated with the event 03.03.02 a.6.]	System hardening through configuration management	Preventive
Configure the log to capture a date and time stamp. CC ID 01336 [{time} Include the following content in audit records: When the event occurred 03.03.02 a.2. Record time stamps for audit records that meet [Assignment: organization-defined granularity of time measurement] and that use Coordinated Universal Time (UTC), have a fixed local time offset from UTC, or include the local time offset as part of the time stamp. 03.03.07 b.]	System hardening through configuration management	Preventive
Configure the log to uniquely identify each asset. CC ID 01339 [Include the following content in audit records: Identity of the individuals, subjects, objects, or entities associated with the event 03.03.02 a.6.]	System hardening through configuration management	Preventive
Configure the log to capture remote access information. CC ID 05596	System hardening through configuration management	Detective
Configure the log to capture the type of each event. CC ID 06423 [Include the following content in audit records: What type of event occurred 03.03.02 a.1.]	System hardening through configuration management	Preventive
Configure the log to capture each event's success or failure indication. CC ID 06424 [Include the following content in audit records: Outcome of the event 03.03.02 a.5.]	System hardening through configuration management	Preventive
Configure all logs to capture auditable events or actionable events. CC ID 06332	System hardening through configuration management	Preventive
Configure the event log settings for specific Operating System functions. CC ID 06337	System hardening through configuration management	Preventive
Generate an alert when an audit log failure occurs. CC ID 06737 [Alert organizational personnel or roles within [Assignment: organization-defined time period] in the event of an audit logging process failure. 03.03.04 a.]	System hardening through configuration management	Preventive
Configure Key, Certificate, Password, Authentication and Identity Management settings in accordance with organizational standards. CC ID 07621	System hardening through configuration management	Preventive
Configure the "Password must meet complexity requirements" to organizational standards. CC ID 07743 [Enforce the following composition and complexity rules for passwords: [Assignment: organization-defined composition and complexity rules]. 03.05.07 f.]	System hardening through configuration management	Preventive
Configure the "Enforce password history" to organizational standards. CC ID 07877 [Prevent the reuse of identifiers for [Assignment: organization-defined time period]. 03.05.05 c.]	System hardening through configuration management	Preventive
Configure security and protection software according to Organizational Standards. CC ID 11917	System hardening through configuration management	Preventive
Configure security and protection software to check e-mail attachments. CC ID 11860 [Configure malicious code protection mechanisms to: Perform scans of the system [Assignment: organization-defined frequency] and real-time scans of files from external sources at endpoints or system entry and exit points as the files are downloaded, opened, or executed; and 03.14.02 c.1.]	System hardening through configuration management	Preventive
Create a hardened image of the baseline configuration to be used for building new systems. CC ID 07063	System hardening through configuration management	Preventive

Data and Information Management

Mandated - bold Implied - italic Implementation - regular	IMPACT ZONE	CLASS
KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term
Include the system components that generate audit records in the event logging procedures. CC ID 16426	Monitoring and measurement	Preventive
Overwrite the oldest records when audit logging fails. CC ID 14308	Monitoring and measurement	Preventive
Delete personal data upon data subject's withdrawal from testing. CC ID 17238	Monitoring and measurement	Preventive
Establish and maintain contact information for user accounts, as necessary. CC ID 15418	Technical security	Preventive
Enforce access restrictions for restricted data. CC ID 01921	Technical security	Preventive
Include the date and time that access was reviewed in the system record. CC ID 16416	Technical security	Preventive
Disseminate and communicate user identifiers and authenticators using secure communication protocols. CC ID 06791 [{lost authenticators} {compromised authenticators} Establish and implement administrative procedures for initial authenticator distribution; for lost, compromised, or damaged authenticators; and for revoking authenticators. 03.05.12 c.]	Technical security	Preventive
Include virtual systems in the network diagram. CC ID 16324	Technical security	Preventive
Restrict inbound network traffic into the Demilitarized Zone. CC ID 01285	Technical security	Preventive
Segregate applications and databases that contain restricted data or restricted information in an internal network zone. CC ID 01289 [Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. 03.13.01 b.]	Technical security	Preventive
Protect data stored at external locations. CC ID 16333	Technical security	Preventive
Restrict outbound network traffic from systems that contain restricted data or restricted information. CC ID 01295	Technical security	Preventive
Deny direct Internet access to databases that store restricted data or restricted information. CC ID 01271	Technical security	Preventive
Define risk tolerance to illicit data flow for each type of information classification. CC ID 01923	Technical security	Preventive
Disclose non-privacy related restricted information after a court makes a determination the information is material to a court case. CC ID 06242	Technical security	Preventive
Exchange non-privacy related restricted information with approved third parties if the information supports an approved activity. CC ID 06243	Technical security	Preventive
Perform content sanitization on data-in-transit. CC ID 16512	Technical security	Preventive
Perform content conversion on data-in-transit. CC ID 16510	Technical security	Preventive
Protect data from unauthorized access while transmitting between separate parts of the system. CC ID 16499	Technical security	Preventive
Protect data from modification or loss while transmitting between separate parts of the system. CC ID 04554	Technical security	Preventive
Protect data from unauthorized disclosure while transmitting between separate parts of the system. CC ID 11859	Technical security	Preventive
Establish, implement, and maintain whitelists and blacklists of web content. CC ID 15234	Technical security	Preventive
Recover encrypted data for lost cryptographic keys, compromised cryptographic keys, or damaged cryptographic keys. CC ID 01301	Technical security	Preventive
Generate strong cryptographic keys. CC ID 01299	Technical security	Preventive
Use approved random number generators for creating cryptographic keys. CC ID 06574	Technical security	Preventive
Disseminate and communicate cryptographic keys securely. CC ID 01300	Technical security	Preventive
Control the input and output of cryptographic keys from a cryptographic module. CC ID 06541	Technical security	Preventive
Store cryptographic keys securely. CC ID 01298	Technical security	Preventive
Restrict access to cryptographic keys. CC ID 01297	Technical security	Preventive
Store cryptographic keys in encrypted format. CC ID 06084	Technical security	Preventive
Change cryptographic keys in accordance with organizational standards. CC ID 01302	Technical security	Preventive
Destroy cryptographic keys promptly after the retention period. CC ID 01303	Technical security	Preventive
Control cryptographic keys with split knowledge and dual control. CC ID 01304	Technical security	Preventive
Prevent the unauthorized substitution of cryptographic keys. CC ID 01305	Technical security	Preventive
Revoke old cryptographic keys or invalid cryptographic keys immediately. CC ID 01307	Technical security	Corrective
Replace known or suspected compromised cryptographic keys immediately. CC ID 01306	Technical security	Corrective
Archive outdated cryptographic keys. CC ID 06884	Technical security	Preventive
Archive revoked cryptographic keys. CC ID 11819	Technical security	Preventive
Manage the digital signature cryptographic key pair. CC ID 06576	Technical security	Preventive
Track restricted storage media while it is in transit. CC ID 00967 [Maintain accountability of system media that contain CUI during transport outside of controlled areas. 03.08.05 b.]	Physical and environmental protection	Detective
Establish, implement, and maintain removable storage media controls. CC ID 06680 [Restrict the use of organization-controlled portable storage devices by authorized individuals on external systems. 03.01.20 d. Restrict or prohibit the use of [Assignment: organization-defined types of system media]. 03.08.07 a.]	Physical and environmental protection	Preventive
Control access to restricted storage media. CC ID 04889	Physical and environmental protection	Preventive
Wipe information from mobile devices after a predetermined number of unsuccessful logon attempts. CC ID 14242	Physical and environmental protection	Preventive
Encrypt information stored on mobile devices. CC ID 01422 [Implement full-device or container-based encryption to protect the confidentiality of CUI on mobile devices. 03.01.18 c.]	Physical and environmental protection	Preventive
Deny access to restricted data or restricted information when a personnel status change occurs or an individual is terminated. CC ID 01309 [When individual employment is terminated: Disable system access within [Assignment: organization-defined time period], 03.09.02 a.1.]	Human Resources management	Corrective
Include a removable storage media use policy in the Acceptable Use Policy. CC ID 06772	Operational management	Preventive
Identify processes, Information Systems, and third parties that transmit, process, or store restricted data. CC ID 06289	Operational management	Preventive
Record a unique name for each asset in the asset inventory. CC ID 16305	Operational management	Preventive
Record the status of information systems in the asset inventory. CC ID 16304	Operational management	Preventive
Record the communication interfaces for applicable assets in the asset inventory. CC ID 16301	Operational management	Preventive
Record software license information for each asset in the asset inventory. CC ID 11736	Operational management	Preventive
Record dependencies and interconnections between applicable assets in the asset inventory. CC ID 17196	Operational management	Preventive
Record the vendor support end date for applicable assets in the asset inventory. CC ID 17194	Operational management	Preventive
Record the operating system version for applicable assets in the asset inventory. CC ID 11748	Operational management	Preventive
Record rooms at external locations in the asset inventory. CC ID 16302	Operational management	Preventive
Record trusted keys and certificates in the asset inventory. CC ID 15486	Operational management	Preventive
Record cipher suites and protocols in the asset inventory. CC ID 15489	Operational management	Preventive
Share incident information with interested personnel and affected parties. CC ID 01212 [Develop an incident response plan that: Addresses the sharing of incident information, and 03.06.05 a.5.]	Operational management	Corrective
Comply with privacy regulations and civil liberties requirements when sharing data loss event information. CC ID 10036	Operational management	Preventive
Redact restricted data before sharing incident information. CC ID 16994	Operational management	Preventive
Report data loss event information to breach notification organizations. CC ID 01210 [Report incident information to [Assignment: organization-defined authorities]. 03.06.02 c.]	Operational management	Corrective
Include a description of the restored data that was restored manually in the restoration log. CC ID 15463	Operational management	Preventive
Include a description of the restored data in the restoration log. CC ID 15462	Operational management	Preventive
Destroy investigative materials, as necessary. CC ID 17082	Operational management	Preventive
Approve tested change requests. CC ID 11783	Operational management	Preventive
Allow interested personnel and affected parties to opt out of specific version releases and software updates. CC ID 06809	Operational management	Preventive
Disable the use of removable storage media for systems that process restricted data or restricted information, as necessary. CC ID 06681 [{absent} Prohibit the use of removable system media without an identifiable owner. 03.08.07 b.]	System hardening through configuration management	Preventive
Ensure the root account is the first entry in password files. CC ID 16323	System hardening through configuration management	Detective
Sanitize electronic storage media in accordance with organizational standards. CC ID 16464	Records management	Preventive
Sanitize all electronic storage media before disposing a system or redeploying a system. CC ID 01643 [Sanitize system media that contain CUI prior to disposal, release out of organizational control, or release for reuse. 03.08.03 ¶ 1]	Records management	Preventive
Label restricted storage media appropriately. CC ID 00966	Records management	Preventive
Mark all forms of electronic messages that contain restricted data or restricted information with the appropriate classification. CC ID 01896	Records management	Preventive
Remove non-public information from publicly accessible systems. CC ID 14246 [Review the content on publicly accessible systems for CUI and remove such information, if discovered. 03.01.22 b.]	Records management	Corrective

Establish Roles

Mandated - bold Implied - italic Implementation - regular	IMPACT ZONE	CLASS
KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term
Assign legislative body jurisdiction to the organization's assets, as necessary. CC ID 06956	Leadership and high level objectives	Preventive
Assign the appropriate roles to all applicable compliance documents. CC ID 06284	Leadership and high level objectives	Preventive
Assign the approval of compliance exceptions to the appropriate roles inside the organization. CC ID 06443	Leadership and high level objectives	Preventive
Assign penetration testing to a qualified internal resource or external third party. CC ID 06429	Monitoring and measurement	Preventive
Assign ownership of the vulnerability management program to the appropriate role. CC ID 15723	Monitoring and measurement	Preventive
Assign Information System access authorizations if implementing segregation of duties. CC ID 06323	Technical security	Preventive
Include assigned roles and responsibilities in the network access control standard. CC ID 06410	Technical security	Preventive
Establish a Registration Authority to support the Public Key Infrastructure. CC ID 15725	Technical security	Preventive
Define and assign roles and responsibilities for malicious code protection. CC ID 15474	Technical security	Preventive
Assign roles and responsibilities for physical security, as necessary. CC ID 13113	Human Resources management	Preventive
Identify and define all critical roles. CC ID 00777	Human Resources management	Preventive
Assign cybersecurity reporting responsibilities to qualified personnel. CC ID 12739	Human Resources management	Preventive
Assign the role of security management to applicable controls. CC ID 06444	Human Resources management	Preventive
Define and assign the data controller's roles and responsibilities. CC ID 00471	Human Resources management	Preventive
Assign the role of data controller to applicable controls. CC ID 00354	Human Resources management	Preventive
Assign the role of data controller to additional personnel, as necessary. CC ID 00473	Human Resources management	Preventive
Assign the role of Information Technology operations to applicable controls. CC ID 00682	Human Resources management	Preventive
Assign the role of logical access control to applicable controls. CC ID 00772	Human Resources management	Preventive
Assign the role of asset physical security to applicable controls. CC ID 00770	Human Resources management	Preventive
Assign the role of data custodian to applicable controls. CC ID 04789	Human Resources management	Preventive
Assign the role of the Quality Management committee to applicable controls. CC ID 00769	Human Resources management	Preventive
Assign interested personnel to the Quality Management committee. CC ID 07193	Human Resources management	Preventive
Assign personnel to a crime prevention unit and announce the members of the unit. CC ID 06348	Human Resources management	Preventive
Assign the role of fire protection management to applicable controls. CC ID 04891	Human Resources management	Preventive
Assign the role of Information Technology Service Continuity Management to applicable controls. CC ID 04894	Human Resources management	Preventive
Assign the role of the Computer Emergency Response Team to applicable controls. CC ID 04895	Human Resources management	Preventive
Assign the role of CRYPTO custodian to applicable controls. CC ID 06723	Human Resources management	Preventive
Establish and maintain the staff structure in line with the strategic plan. CC ID 00764	Human Resources management	Preventive
Include the incident response team member's roles and responsibilities in the Incident Response program. CC ID 01652	Operational management	Preventive
Include the incident response point of contact's roles and responsibilities in the Incident Response program. CC ID 01877	Operational management	Preventive
Include the head of information security's roles and responsibilities in the Incident Response program. CC ID 01878	Operational management	Preventive
Include the customer database owner's roles and responsibilities in the Incident Response program. CC ID 01879	Operational management	Preventive
Include the online sales department's roles and responsibilities in the Incident Response program. CC ID 01880	Operational management	Preventive
Include the incident response point of contact for credit card payment system's roles and responsibilities in the Incident Response program. CC ID 01881	Operational management	Preventive
Include the organizational legal counsel's roles and responsibilities in the Incident Response program. CC ID 01882	Operational management	Preventive
Include the Human Resources point of contact's roles and responsibilities in the Incident Response program. CC ID 01883	Operational management	Preventive
Include the organizational incident response network architecture point of contact's roles and responsibilities in the Incident Response program. CC ID 01884	Operational management	Preventive
Include the organizational incident response public relations point of contact's roles and responsibilities in the Incident Response program. CC ID 01885	Operational management	Preventive
Include the organizational incident response location manager's roles and responsibilities in the Incident Response program. CC ID 01886	Operational management	Preventive
Include the responsible party for managing complaints in third party contracts. CC ID 10022	Third Party and supply chain oversight	Preventive

Establish/Maintain Documentation

602

Mandated - bold Implied - italic Implementation - regular	IMPACT ZONE	CLASS
KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term
Establish, implement, and maintain communication protocols. CC ID 12245	Leadership and high level objectives	Preventive
Establish, implement, and maintain alert procedures. CC ID 12406 [Generate and disseminate internal system security alerts, advisories, and directives, as necessary. 03.14.03 b.]	Leadership and high level objectives	Preventive
Include the criteria for notifications in the notification system. CC ID 17139	Leadership and high level objectives	Preventive
Establish, implement, and maintain a Quality Management framework. CC ID 07196	Leadership and high level objectives	Preventive
Establish, implement, and maintain a Quality Management program. CC ID 07201	Leadership and high level objectives	Preventive
Establish and maintain the scope of the organizational compliance framework and Information Assurance controls. CC ID 01241	Leadership and high level objectives	Preventive
Establish, implement, and maintain a policy and procedure management program. CC ID 06285 [Develop, document, and disseminate to organizational personnel or roles the policies and procedures needed to satisfy the security requirements for the protection of CUI. 03.15.01 a. Review and update policies and procedures [Assignment: organization-defined frequency]. 03.15.01 b.]	Leadership and high level objectives	Preventive
Include contact information in the organization's policies, standards, and procedures. CC ID 17167	Leadership and high level objectives	Preventive
Include the effective date on all organizational policies. CC ID 06820	Leadership and high level objectives	Preventive
Include requirements in the organization’s policies, standards, and procedures. CC ID 12956	Leadership and high level objectives	Preventive
Include threats in the organization’s policies, standards, and procedures. CC ID 12953	Leadership and high level objectives	Preventive
Analyze organizational policies, as necessary. CC ID 14037	Leadership and high level objectives	Detective
Include opportunities in the organization’s policies, standards, and procedures. CC ID 12945	Leadership and high level objectives	Preventive
Establish and maintain an Authority Document list. CC ID 07113	Leadership and high level objectives	Preventive
Map in scope assets and in scope records to external requirements. CC ID 12189	Leadership and high level objectives	Detective
Document organizational procedures that harmonize external requirements, including all legal requirements. CC ID 00623	Leadership and high level objectives	Preventive
Establish, implement, and maintain full documentation of all policies, standards, and procedures that support the organization's compliance framework. CC ID 01636	Leadership and high level objectives	Preventive
Disseminate and communicate the list of Authority Documents that support the organization's compliance framework to interested personnel and affected parties. CC ID 01312	Leadership and high level objectives	Preventive
Classify controls according to their preventive, detective, or corrective status. CC ID 06436	Leadership and high level objectives	Preventive
Publish, disseminate, and communicate a Statement on Internal Control, as necessary. CC ID 06727	Leadership and high level objectives	Preventive
Include signatures of c-level executives in the Statement on Internal Control. CC ID 14778	Leadership and high level objectives	Preventive
Include management's assertions on the effectiveness of internal control in the Statement on Internal Control. CC ID 14771	Leadership and high level objectives	Corrective
Include confirmation of any significant weaknesses in the Statement on Internal Control. CC ID 06861	Leadership and high level objectives	Preventive
Include roles and responsibilities in the Statement on Internal Control. CC ID 14774	Leadership and high level objectives	Preventive
Include an assurance statement regarding the counterterror protective security plan in the Statement on Internal Control. CC ID 06866	Leadership and high level objectives	Preventive
Include limitations of internal control systems in the Statement on Internal Control. CC ID 14773	Leadership and high level objectives	Preventive
Include a description of the methodology used to evaluate internal controls in the Statement on Internal Control. CC ID 14772	Leadership and high level objectives	Preventive
Include the counterterror protective security plan test results in the Statement on Internal Control. CC ID 06867	Leadership and high level objectives	Detective
Approve all compliance documents. CC ID 06286	Leadership and high level objectives	Preventive
Align the Authority Document list with external requirements. CC ID 06288	Leadership and high level objectives	Preventive
Identify and document the Designated Approval Authority for compliance documents. CC ID 07114	Leadership and high level objectives	Preventive
Establish, implement, and maintain a compliance exception standard. CC ID 01628	Leadership and high level objectives	Preventive
Include the authority for granting exemptions in the compliance exception standard. CC ID 14329	Leadership and high level objectives	Preventive
Include all compliance exceptions in the compliance exception standard. CC ID 01630	Leadership and high level objectives	Detective
Include explanations, compensating controls, or risk acceptance in the compliance exceptions Exceptions document. CC ID 01631	Leadership and high level objectives	Preventive
Include when exemptions expire in the compliance exception standard. CC ID 14330	Leadership and high level objectives	Preventive
Include management of the exemption register in the compliance exception standard. CC ID 14328	Leadership and high level objectives	Preventive
Provide predefined suspicious activity reports for suspicious activity discovered in the event log. CC ID 06774	Monitoring and measurement	Corrective
Include identity information of suspects in the suspicious activity report. CC ID 16648	Monitoring and measurement	Preventive
Review and update the list of auditable events in the event logging procedures. CC ID 10097 [Review and update the event types selected for logging [Assignment: organization-defined frequency]. 03.03.01 b.]	Monitoring and measurement	Preventive
Establish, implement, and maintain a risk monitoring program. CC ID 00658 [Develop and implement a system-level continuous monitoring strategy that includes ongoing monitoring and security assessments. 03.12.03 ¶ 1 Develop and implement a system-level continuous monitoring strategy that includes ongoing monitoring and security assessments. 03.12.03 ¶ 1]	Monitoring and measurement	Preventive
Establish, implement, and maintain a compliance testing strategy. CC ID 00659	Monitoring and measurement	Preventive
Include a system description in the system security plan. CC ID 16467	Monitoring and measurement	Preventive
Include a description of the operational context in the system security plan. CC ID 14301	Monitoring and measurement	Preventive
Include the results of the security categorization in the system security plan. CC ID 14281	Monitoring and measurement	Preventive
Include the information types in the system security plan. CC ID 14696 [Develop a system security plan that: Identifies the information types processed, stored, and transmitted by the system; 03.15.02 a.2.]	Monitoring and measurement	Preventive
Include the security requirements in the system security plan. CC ID 14274 [Develop a system security plan that: Provides an overview of the security requirements for the system; 03.15.02 a.5. Develop a system security plan that: Describes the safeguards in place or planned for meeting the security requirements; 03.15.02 a.6. Develop a system security plan that: Includes other relevant information necessary for the protection of CUI. 03.15.02 a.8.]	Monitoring and measurement	Preventive
Include cryptographic key management procedures in the system security plan. CC ID 17029	Monitoring and measurement	Preventive
Include threats in the system security plan. CC ID 14693 [Develop a system security plan that: Describes specific threats to the system that are of concern to the organization; 03.15.02 a.3.]	Monitoring and measurement	Preventive
Include network diagrams in the system security plan. CC ID 14273 [Develop a system security plan that: Defines the constituent system components; 03.15.02 a.1. Develop a system security plan that: Describes the operational environment for the system and any dependencies on or connections to other systems or system components; 03.15.02 a.4.]	Monitoring and measurement	Preventive
Include roles and responsibilities in the system security plan. CC ID 14682 [Develop a system security plan that: Identifies individuals that fulfill system roles and responsibilities; and 03.15.02 a.7.]	Monitoring and measurement	Preventive
Include backup and recovery procedures in the system security plan. CC ID 17043	Monitoring and measurement	Preventive
Include the results of the privacy risk assessment in the system security plan. CC ID 14676	Monitoring and measurement	Preventive
Include remote access methods in the system security plan. CC ID 16441	Monitoring and measurement	Preventive
Include a description of the operational environment in the system security plan. CC ID 14272 [Develop a system security plan that: Describes the operational environment for the system and any dependencies on or connections to other systems or system components; 03.15.02 a.4.]	Monitoring and measurement	Preventive
Include the security categorizations and rationale in the system security plan. CC ID 14270	Monitoring and measurement	Preventive
Include the authorization boundary in the system security plan. CC ID 14257	Monitoring and measurement	Preventive
Include security controls in the system security plan. CC ID 14239	Monitoring and measurement	Preventive
Create specific test plans to test each system component. CC ID 00661	Monitoring and measurement	Preventive
Include the roles and responsibilities in the test plan. CC ID 14299	Monitoring and measurement	Preventive
Include the assessment team in the test plan. CC ID 14297	Monitoring and measurement	Preventive
Include the scope in the test plans. CC ID 14293	Monitoring and measurement	Preventive
Include the assessment environment in the test plan. CC ID 14271	Monitoring and measurement	Preventive
Review the test plans for each system component. CC ID 00662	Monitoring and measurement	Preventive
Document validated testing processes in the testing procedures. CC ID 06200	Monitoring and measurement	Preventive
Include error details, identifying the root causes, and mitigation actions in the testing procedures. CC ID 11827	Monitoring and measurement	Preventive
Establish, implement, and maintain a security assessment and authorization policy. CC ID 14031	Monitoring and measurement	Preventive
Establish and maintain a scoring method for Red Team exercise results. CC ID 12136	Monitoring and measurement	Preventive
Include coordination amongst entities in the security assessment and authorization policy. CC ID 14222	Monitoring and measurement	Preventive
Include the scope in the security assessment and authorization policy. CC ID 14220	Monitoring and measurement	Preventive
Include the purpose in the security assessment and authorization policy. CC ID 14219	Monitoring and measurement	Preventive
Include management commitment in the security assessment and authorization policy. CC ID 14189	Monitoring and measurement	Preventive
Include compliance requirements in the security assessment and authorization policy. CC ID 14183	Monitoring and measurement	Preventive
Include roles and responsibilities in the security assessment and authorization policy. CC ID 14179	Monitoring and measurement	Preventive
Establish, implement, and maintain security assessment and authorization procedures. CC ID 14056	Monitoring and measurement	Preventive
Document improvement actions based on test results and exercises. CC ID 16840	Monitoring and measurement	Preventive
Define the test requirements for each testing program. CC ID 13177	Monitoring and measurement	Preventive
Include mechanisms for emergency stops in the testing program. CC ID 14398	Monitoring and measurement	Preventive
Document the business need justification for authorized wireless access points. CC ID 12044	Monitoring and measurement	Preventive
Establish, implement, and maintain conformity assessment procedures. CC ID 15032	Monitoring and measurement	Preventive
Create technical documentation assessment certificates in an official language. CC ID 15110	Monitoring and measurement	Preventive
Define the test frequency for each testing program. CC ID 13176	Monitoring and measurement	Preventive
Compare port scan reports for in scope systems against their port scan baseline. CC ID 12162	Monitoring and measurement	Detective
Establish, implement, and maintain a stress test program for identification cards or badges. CC ID 15424	Monitoring and measurement	Preventive
Align the penetration test program with industry standards. CC ID 12469	Monitoring and measurement	Preventive
Establish, implement, and maintain a business line testing strategy. CC ID 13245	Monitoring and measurement	Preventive
Include facilities in the business line testing strategy. CC ID 13253	Monitoring and measurement	Preventive
Include electrical systems in the business line testing strategy. CC ID 13251	Monitoring and measurement	Preventive
Include mechanical systems in the business line testing strategy. CC ID 13250	Monitoring and measurement	Preventive
Include Heating Ventilation and Air Conditioning systems in the business line testing strategy. CC ID 13248	Monitoring and measurement	Preventive
Include emergency power supplies in the business line testing strategy. CC ID 13247	Monitoring and measurement	Preventive
Include environmental controls in the business line testing strategy. CC ID 13246	Monitoring and measurement	Preventive
Establish, implement, and maintain a vulnerability management program. CC ID 15721	Monitoring and measurement	Preventive
Establish, implement, and maintain a vulnerability assessment program. CC ID 11636	Monitoring and measurement	Preventive
Record the vulnerability scanning activity in the vulnerability scan report. CC ID 12097	Monitoring and measurement	Preventive
Include the pass or fail test status in the test results. CC ID 17106	Monitoring and measurement	Preventive
Include time information in the test results. CC ID 17105	Monitoring and measurement	Preventive
Include a description of the system tested in the test results. CC ID 17104	Monitoring and measurement	Preventive
Recommend mitigation techniques based on penetration test results. CC ID 04881	Monitoring and measurement	Corrective
Establish, implement, and maintain a compliance monitoring policy. CC ID 00671	Monitoring and measurement	Preventive
Establish, implement, and maintain a log management program. CC ID 00673	Monitoring and measurement	Preventive
Identify and communicate improvements in metrics reporting. CC ID 06921	Monitoring and measurement	Corrective
Establish, implement, and maintain an audit program. CC ID 00684	Audits and risk management	Preventive
Establish and maintain organizational audit reports. CC ID 06731	Audits and risk management	Preventive
Disseminate and communicate the audit report to all interested personnel and affected parties identified in the distribution list. CC ID 07117	Audits and risk management	Preventive
Establish, implement, and maintain a risk management program. CC ID 12051	Audits and risk management	Preventive
Establish, implement, and maintain the risk assessment framework. CC ID 00685	Audits and risk management	Preventive
Establish, implement, and maintain a risk assessment program. CC ID 00687	Audits and risk management	Preventive
Include the probability and potential impact of pandemics in the scope of the risk assessment. CC ID 13241	Audits and risk management	Preventive
Include physical assets in the scope of the risk assessment. CC ID 13075	Audits and risk management	Preventive
Include the results of the risk assessment in the risk assessment report. CC ID 06481	Audits and risk management	Preventive
Update the risk assessment upon discovery of a new threat. CC ID 00708	Audits and risk management	Detective
Update the risk assessment upon changes to the risk profile. CC ID 11627 [Update risk assessments [Assignment: organization-defined frequency]. 03.11.01 b.]	Audits and risk management	Detective
Document any reasons for modifying or refraining from modifying the organization's risk assessment when the risk assessment has been reviewed. CC ID 13312	Audits and risk management	Preventive
Create a risk assessment report based on the risk assessment results. CC ID 15695	Audits and risk management	Preventive
Document and communicate a corrective action plan based on the risk assessment findings. CC ID 00705 [Develop a plan of action and milestones for the system: 03.12.02 a.]	Audits and risk management	Corrective
Review and approve the risk assessment findings. CC ID 06485	Audits and risk management	Preventive
Include risk responses in the risk management program. CC ID 13195 [Respond to findings from security assessments, monitoring, and audits. 03.11.04 ¶ 1]	Audits and risk management	Preventive
Establish, implement, and maintain a supply chain risk management plan. CC ID 14713 [Develop a plan for managing supply chain risks associated with the research and development, design, manufacturing, acquisition, delivery, integration, operations, maintenance, and disposal of the system, system components, or system services. 03.17.01 a. Review and update the supply chain risk management plan [Assignment: organization-defined frequency]. 03.17.01 b.]	Audits and risk management	Preventive
Include processes for monitoring and reporting in the supply chain risk management plan. CC ID 15619	Audits and risk management	Preventive
Include dates in the supply chain risk management plan. CC ID 15617	Audits and risk management	Preventive
Include implementation milestones in the supply chain risk management plan. CC ID 15615	Audits and risk management	Preventive
Include roles and responsibilities in the supply chain risk management plan. CC ID 15613	Audits and risk management	Preventive
Include supply chain risk management procedures in the risk management program. CC ID 13190 [Assess the risk (including supply chain risk) of unauthorized disclosure resulting from the processing, storage, or transmission of CUI. 03.11.01 a. Establish a process for identifying and addressing weaknesses or deficiencies in the supply chain elements and processes. 03.17.03 a.]	Audits and risk management	Preventive
Establish, implement, and maintain an access control program. CC ID 11702	Technical security	Preventive
Establish, implement, and maintain an access rights management plan. CC ID 00513	Technical security	Preventive
Inventory all user accounts. CC ID 13732 [Define the types of system accounts allowed and prohibited. 03.01.01 a.]	Technical security	Preventive
Add all devices requiring access control to the Access Control List. CC ID 06264	Technical security	Preventive
Include the objects and users subject to access control in the security policy. CC ID 11836	Technical security	Preventive
Establish, implement, and maintain a system use agreement for each information system. CC ID 06500 [Prohibit the use of external systems unless the systems are specifically authorized. 03.01.20 a. Establish the following security requirements to be satisfied on external systems prior to allowing use of or access to those systems by authorized individuals: [Assignment: organization-defined security requirements]. 03.01.20 b.]	Technical security	Preventive
Accept and sign the system use agreement before data or system access is enabled. CC ID 06501	Technical security	Preventive
Document actions that can be performed on an information system absent identification and authentication of the user. CC ID 06771	Technical security	Preventive
Establish and maintain a list of individuals authorized to perform privileged functions. CC ID 17005	Technical security	Preventive
Establish and maintain a Digital Rights Management program. CC ID 07093	Technical security	Preventive
Establish, implement, and maintain an authority for access authorization list. CC ID 06782	Technical security	Preventive
Establish, implement, and maintain access control procedures. CC ID 11663	Technical security	Preventive
Document approving and granting access in the access control log. CC ID 06786	Technical security	Preventive
Include the user identifiers of all personnel who are authorized to access a system in the system record. CC ID 15171	Technical security	Preventive
Include identity information of all personnel who are authorized to access a system in the system record. CC ID 16406	Technical security	Preventive
Include the date and time that access rights were changed in the system record. CC ID 16415	Technical security	Preventive
Establish and maintain a memorized secret list. CC ID 13791 [{commonly used passwords} Maintain a list of commonly-used, expected, or compromised passwords, and update the list [Assignment: organization-defined frequency] and when organizational passwords are suspected to have been compromised. 03.05.07 a. {commonly used passwords} Verify that passwords are not found on the list of commonly used, expected, or compromised passwords when users create or update passwords. 03.05.07 b.]	Technical security	Preventive
Establish, implement, and maintain a network configuration standard. CC ID 00530 [Establish usage restrictions, configuration requirements, and connection requirements for each type of allowable remote system access. 03.01.12 a.]	Technical security	Preventive
Establish, implement, and maintain network segmentation requirements. CC ID 16380	Technical security	Preventive
Establish, implement, and maintain a network security policy. CC ID 06440	Technical security	Preventive
Include compliance requirements in the network security policy. CC ID 14205	Technical security	Preventive
Include coordination amongst entities in the network security policy. CC ID 14204	Technical security	Preventive
Include management commitment in the network security policy. CC ID 14203	Technical security	Preventive
Include roles and responsibilities in the network security policy. CC ID 14202	Technical security	Preventive
Include the scope in the network security policy. CC ID 14201	Technical security	Preventive
Include the purpose in the network security policy. CC ID 14200	Technical security	Preventive
Establish, implement, and maintain system and communications protection procedures. CC ID 14052	Technical security	Preventive
Establish, implement, and maintain a wireless networking policy. CC ID 06732 [Establish usage restrictions, configuration requirements, and connection requirements for each type of wireless access to the system. 03.01.16 a. Establish usage restrictions, configuration requirements, and connection requirements for each type of wireless access to the system. 03.01.16 a. Authorize each type of wireless access to the system prior to establishing such connections. 03.01.16 b.]	Technical security	Preventive
Include usage restrictions for Bluetooth in the wireless networking policy. CC ID 16443	Technical security	Preventive
Maintain up-to-date network diagrams. CC ID 00531	Technical security	Preventive
Include the date of the most recent update on the network diagram. CC ID 14319	Technical security	Preventive
Include the organization's name in the network diagram. CC ID 14318	Technical security	Preventive
Include Internet Protocol addresses in the network diagram. CC ID 16244	Technical security	Preventive
Include Domain Name System names in the network diagram. CC ID 16240	Technical security	Preventive
Accept, by formal signature, the security implications of the network topology. CC ID 12323	Technical security	Preventive
Maintain up-to-date data flow diagrams. CC ID 10059	Technical security	Preventive
Establish, implement, and maintain a sensitive information inventory. CC ID 13736	Technical security	Detective
Include information flows to third parties in the data flow diagram. CC ID 13185	Technical security	Preventive
Document where data-at-rest and data in transit is encrypted on the data flow diagram. CC ID 16412	Technical security	Preventive
Establish, implement, and maintain a Boundary Defense program. CC ID 00544 [Monitor and control communications at external managed interfaces to the system and key internal managed interfaces within the system. 03.13.01 a. Connect to external systems only through managed interfaces that consist of boundary protection devices arranged in accordance with an organizational security architecture. 03.13.01 c.]	Technical security	Preventive
Establish, implement, and maintain a network access control standard. CC ID 00546 [Establish usage restrictions, configuration requirements, and connection requirements for each type of allowable remote system access. 03.01.12 a.]	Technical security	Preventive
Include configuration management and rulesets in the network access control standard. CC ID 11845	Technical security	Preventive
Secure the network access control standard against unauthorized changes. CC ID 11920	Technical security	Preventive
Include compensating controls implemented for insecure protocols in the firewall and router configuration standard. CC ID 11948	Technical security	Preventive
Include restricting inbound network traffic in the firewall and router configuration standard. CC ID 11960	Technical security	Preventive
Include restricting outbound network traffic in the firewall and router configuration standard. CC ID 11961	Technical security	Preventive
Include requirements for a firewall at each Internet connection and between any demilitarized zone and the internal network zone in the firewall and router configuration standard. CC ID 12435	Technical security	Preventive
Include network diagrams that identify connections between all subnets and wireless networks in the firewall and router configuration standard. CC ID 12434	Technical security	Preventive
Include network diagrams that identify storage or processing locations of all restricted data in the firewall and router configuration standard. CC ID 12426	Technical security	Preventive
Include a protocols, ports, applications, and services list in the firewall and router configuration standard. CC ID 00537 [Prohibit or restrict use of the following functions, ports, protocols, connections, and services: [Assignment: organization-defined functions, ports, protocols, connections, and services]. 03.04.06 b.]	Technical security	Preventive
Include approval of the protocols, ports, applications, and services list in the firewall and router configuration standard. CC ID 12547	Technical security	Preventive
Include the use of protocols above and beyond common information service protocols in the protocols, ports, applications, and services list in the firewall and router configuration standard. CC ID 00539	Technical security	Preventive
Include justifying the use of risky protocols in the protocols, ports, applications, and services list in the firewall and router configuration standard. CC ID 01280	Technical security	Preventive
Document and implement security features for each identified insecure service, protocol, and port in the protocols, ports, applications, and services list. CC ID 12033	Technical security	Preventive
Identify the insecure services, protocols, and ports in the protocols, ports, applications, and services list in the firewall and router configuration. CC ID 12032 [Review the system [Assignment: organization-defined frequency] to identify unnecessary or nonsecure functions, ports, protocols, connections, and services. 03.04.06 c.]	Technical security	Preventive
Record the configuration rules for network access and control points in the configuration management system. CC ID 12105	Technical security	Preventive
Record the duration of the business need associated with changes to the configuration rules for network access and control points in the configuration management system. CC ID 12107	Technical security	Preventive
Record each individual's name and business need associated with changes to the configuration rules for network access and control points in the configuration management system. CC ID 12106	Technical security	Preventive
Establish, implement, and maintain information flow control configuration standards. CC ID 01924	Technical security	Preventive
Maintain a record of the challenge state during identification and authentication in an automated information exchange. CC ID 06629	Technical security	Preventive
Establish, implement, and maintain information flow control policies inside the system and between interconnected systems. CC ID 01410 [Enforce approved authorizations for controlling the flow of CUI within the system and between connected systems. 03.01.03 ¶ 1]	Technical security	Preventive
Establish, implement, and maintain a document printing policy. CC ID 14384	Technical security	Preventive
Include printing to personal printers during a continuity event in the document printing policy. CC ID 14396	Technical security	Preventive
Establish, implement, and maintain information flow procedures. CC ID 04542	Technical security	Preventive
Establish, implement, and maintain information exchange procedures. CC ID 11782 [Approve and manage the exchange of CUI between the system and other systems using [Selection (one or more): interconnection security agreements; information exchange security agreements; memoranda of understanding or agreement; service-level agreements; user agreements; non-disclosure agreements; other types of agreements]. 03.12.05 a. Approve and manage the exchange of CUI between the system and other systems using [Selection (one or more): interconnection security agreements; information exchange security agreements; memoranda of understanding or agreement; service-level agreements; user agreements; non-disclosure agreements; other types of agreements]. 03.12.05 a.]	Technical security	Preventive
Include the connected Information Technology assets in the information exchange procedures. CC ID 17025	Technical security	Preventive
Include connection termination procedures in the information exchange procedures. CC ID 17027	Technical security	Preventive
Include the data sensitivity levels in the information exchange procedures. CC ID 17024	Technical security	Preventive
Include communication requirements in the information exchange procedures. CC ID 17026	Technical security	Preventive
Include roles and responsibilities in the information exchange procedures. CC ID 17023	Technical security	Preventive
Include implementation procedures in the information exchange procedures. CC ID 17022	Technical security	Preventive
Include security controls in the information exchange procedures. CC ID 17021	Technical security	Preventive
Include testing procedures in the information exchange procedures. CC ID 17020	Technical security	Preventive
Include measurement criteria in the information exchange procedures. CC ID 17019	Technical security	Preventive
Include training requirements in the information exchange procedures. CC ID 17017	Technical security	Preventive
Establish, implement, and maintain whitelists and blacklists of domain names. CC ID 07097	Technical security	Preventive
Revoke membership in the whitelist, as necessary. CC ID 13827	Technical security	Corrective
Establish, implement, and maintain whitelists and blacklists of software. CC ID 11780 [Identify software programs authorized to execute on the system. 03.04.08 a. Review and update the list of authorized software programs [Assignment: organization-defined frequency]. 03.04.08 c.]	Technical security	Preventive
Establish, implement, and maintain a remote access and teleworking program. CC ID 04545 [Establish usage restrictions, configuration requirements, and connection requirements for each type of allowable remote system access. 03.01.12 a.]	Technical security	Preventive
Include information security requirements in the remote access and teleworking program. CC ID 15704	Technical security	Preventive
Document and approve requests to bypass multifactor authentication. CC ID 15464	Technical security	Preventive
Establish, implement, and maintain cryptographic key management procedures. CC ID 00571 [Establish and manage cryptographic keys in the system in accordance with the following key management requirements: [Assignment: organization-defined requirements for key generation, distribution, storage, access, and destruction]. 03.13.10 ¶ 1]	Technical security	Preventive
Include recommended cryptographic key management procedures for cloud service providers in the cryptographic key management procedures. CC ID 13152	Technical security	Preventive
Include requesting cryptographic key types in the cryptographic key management procedures. CC ID 13151	Technical security	Preventive
Include cryptographic key expiration in the cryptographic key management procedures. CC ID 17079	Technical security	Preventive
Include the establishment of cryptographic keys in the cryptographic key management procedures. CC ID 06540	Technical security	Preventive
Include offsite backups of cryptographic keys in the cryptographic key management procedures. CC ID 13127	Technical security	Preventive
Require key custodians to sign the cryptographic key management policy. CC ID 01308	Technical security	Preventive
Establish, implement, and maintain requirements for Personal Identity Verification authentication certificates. CC ID 06587	Technical security	Preventive
Establish, implement, and maintain Public Key certificate application procedures. CC ID 07079	Technical security	Preventive
Include the Identification and Authentication of individuals or entities in the Public Key certificate application procedures. CC ID 07080	Technical security	Preventive
Include approving or rejecting Public Key certificate applications in the Public Key certificate application procedure. CC ID 07081	Technical security	Preventive
Include revocation of Public Key certificates in the Public Key certificate procedures. CC ID 07082	Technical security	Preventive
Publish revoked Public Key certificates in the Certificate Revocation List. CC ID 07089	Technical security	Preventive
Establish, implement, and maintain Public Key renewal or rekeying request procedures. CC ID 07083	Technical security	Preventive
Include identification and authentication in Public Key renewal or rekeying request procedures. CC ID 11816	Technical security	Preventive
Establish, implement, and maintain Public Key certificate procedures. CC ID 07085	Technical security	Preventive
Include signing and issuing Public Key certificates in the Public Key certificate procedures. CC ID 11817	Technical security	Preventive
Include publishing Public Key certificates in the Public Key certificate procedures. CC ID 07087	Technical security	Preventive
Include access to issued Public Key certificates in the Public Key certificate procedures. CC ID 07086	Technical security	Preventive
Authorize transactions of data transmitted over public networks or shared data networks. CC ID 00566	Technical security	Preventive
Establish, implement, and maintain a malicious code protection program. CC ID 00574 [Configure malicious code protection mechanisms to: Block malicious code, quarantine malicious code, or take other mitigation actions in response to malicious code detection. 03.14.02 c.2. Configure malicious code protection mechanisms to: Block malicious code, quarantine malicious code, or take other mitigation actions in response to malicious code detection. 03.14.02 c.2. Configure malicious code protection mechanisms to: Block malicious code, quarantine malicious code, or take other mitigation actions in response to malicious code detection. 03.14.02 c.2.]	Technical security	Preventive
Establish, implement, and maintain malicious code protection procedures. CC ID 15483	Technical security	Preventive
Establish, implement, and maintain a malicious code protection policy. CC ID 15478	Technical security	Preventive
Establish, implement, and maintain a malicious code outbreak recovery plan. CC ID 01310	Technical security	Corrective
Establish, implement, and maintain a virtual environment and shared resources security program. CC ID 06551	Technical security	Preventive
Establish, implement, and maintain a shared resources management program. CC ID 07096 [Prevent unauthorized and unintended information transfer via shared system resources. 03.13.04 ¶ 1]	Technical security	Preventive
Establish, implement, and maintain a physical security program. CC ID 11757	Physical and environmental protection	Preventive
Establish, implement, and maintain a facility physical security program. CC ID 00711	Physical and environmental protection	Preventive
Identify and document physical access controls for all physical entry points. CC ID 01637	Physical and environmental protection	Preventive
Establish, implement, and maintain physical access procedures. CC ID 13629 [{entry points} Enforce physical access authorizations at entry and exit points to the facility where the system resides by: Verifying individual physical access authorizations before granting access to the facility and 03.10.07 a.1.]	Physical and environmental protection	Preventive
Establish, implement, and maintain a visitor access permission policy. CC ID 06699	Physical and environmental protection	Preventive
Escort visitors within the facility, as necessary. CC ID 06417 [Escort visitors, and control visitor activity. 03.10.07 c.]	Physical and environmental protection	Preventive
Establish, implement, and maintain procedures for changing a visitor's access requirements. CC ID 12048	Physical and environmental protection	Preventive
Maintain and review facility access lists of personnel who have been granted authorized entry to (and within) facilities that contain restricted data or restricted information. CC ID 01436 [{maintenance personnel} Maintain a list of authorized maintenance organizations or personnel. 03.07.06 b. Verify that non-escorted personnel who perform maintenance on the system possess the required access authorizations. 03.07.06 c. Develop, approve, and maintain a list of individuals with authorized access to the facility where the system resides. 03.10.01 a. Review the facility access list [Assignment: organization-defined frequency]. 03.10.01 c. Remove individuals from the facility access list when access is no longer required. 03.10.01 d.]	Physical and environmental protection	Preventive
Authorize physical access to sensitive areas based on job functions. CC ID 12462	Physical and environmental protection	Preventive
Establish, implement, and maintain physical identification procedures. CC ID 00713	Physical and environmental protection	Preventive
Establish, implement, and maintain lost or damaged identification card procedures, as necessary. CC ID 14819	Physical and environmental protection	Preventive
Document all lost badges in a lost badge list. CC ID 12448	Physical and environmental protection	Corrective
Establish, implement, and maintain identification issuance procedures for identification cards or badges. CC ID 06598 [Issue authorization credentials for facility access. 03.10.01 b.]	Physical and environmental protection	Preventive
Include error handling controls in identification issuance procedures. CC ID 13709	Physical and environmental protection	Preventive
Include information security in the identification issuance procedures. CC ID 15425	Physical and environmental protection	Preventive
Establish, implement, and maintain post-issuance update procedures for identification cards or badges. CC ID 15426	Physical and environmental protection	Preventive
Include an identity registration process in the identification issuance procedures. CC ID 11671	Physical and environmental protection	Preventive
Establish, implement, and maintain identification renewal procedures for identification cards or badges. CC ID 06599	Physical and environmental protection	Preventive
Establish, implement, and maintain identification re-issuing procedures for identification cards or badges. CC ID 06596	Physical and environmental protection	Preventive
Establish, implement, and maintain identification mechanism termination procedures. CC ID 06306	Physical and environmental protection	Preventive
Require all visitors to sign in to the visitor log before the entrance of a visitor to the facility. CC ID 06700	Physical and environmental protection	Preventive
Record the date and time of entry in the visitor log. CC ID 13255	Physical and environmental protection	Preventive
Record the onsite personnel authorizing physical access for the visitor in the visitor log. CC ID 12466	Physical and environmental protection	Preventive
Establish, implement, and maintain a physical access log. CC ID 12080 [Review physical access logs [Assignment: organization-defined frequency] and upon occurrence of [Assignment: organization-defined events or potential indications of events]. 03.10.02 b. {entry points} Maintain physical access audit logs for entry or exit points. 03.10.07 b.]	Physical and environmental protection	Preventive
Establish, implement, and maintain physical security threat reports. CC ID 02207	Physical and environmental protection	Preventive
Establish, implement, and maintain storage media access control procedures. CC ID 00959	Physical and environmental protection	Preventive
Establish, implement, and maintain electronic media storage container repair guidelines. CC ID 02200	Physical and environmental protection	Preventive
Establish, implement, and maintain asset removal procedures or asset decommissioning procedures. CC ID 04540 [{does not contain} Prevent the removal of system maintenance equipment containing CUI by verifying that there is no CUI on the equipment, sanitizing or destroying the equipment, or retaining the equipment within the facility. 03.07.04 c.]	Physical and environmental protection	Preventive
Establish, implement, and maintain end user computing device security guidelines. CC ID 00719	Physical and environmental protection	Preventive
Establish, implement, and maintain a locking screen saver policy. CC ID 06717 [Prevent access to the system by [Selection (one or more): initiating a device lock after [Assignment: organization-defined time period] of inactivity; requiring the user to initiate a device lock before leaving the system unattended]. 03.01.10 a.]	Physical and environmental protection	Preventive
Establish, implement, and maintain mobile device security guidelines. CC ID 04723 [Establish usage restrictions, configuration requirements, and connection requirements for mobile devices. 03.01.18 a.]	Physical and environmental protection	Preventive
Include usage restrictions for untrusted networks in the mobile device security guidelines. CC ID 17076	Physical and environmental protection	Preventive
Include the expectation of data loss in the event of sanitizing the mobile device in the mobile device security guidelines. CC ID 12292	Physical and environmental protection	Preventive
Include legal requirements in the mobile device security guidelines. CC ID 12291	Physical and environmental protection	Preventive
Include prohibiting the usage of unapproved application stores in the mobile device security guidelines. CC ID 12290	Physical and environmental protection	Preventive
Include requiring users to create data backups in the mobile device security guidelines. CC ID 12289	Physical and environmental protection	Preventive
Include the definition of mobile devices in the mobile device security guidelines. CC ID 12288	Physical and environmental protection	Preventive
Establish, implement, and maintain asset return procedures. CC ID 04537	Physical and environmental protection	Preventive
Establish, implement, and maintain a business continuity program. CC ID 13210	Operational and Systems Continuity	Preventive
Establish, implement, and maintain system continuity plan strategies. CC ID 00735	Operational and Systems Continuity	Preventive
Include technical preparation considerations for backup operations in the continuity plan. CC ID 01250	Operational and Systems Continuity	Preventive
Establish, implement, and maintain a pandemic plan. CC ID 13214	Operational and Systems Continuity	Preventive
Include alternate work locations in the pandemic plan. CC ID 14376 [Determine alternate work sites allowed for use by employees. 03.10.06 a.]	Operational and Systems Continuity	Preventive
Assign the roles and responsibilities for the asset management system. CC ID 14368	Human Resources management	Preventive
Establish, implement, and maintain a personnel management program. CC ID 14018	Human Resources management	Preventive
Establish, implement, and maintain a personnel security program. CC ID 10628	Human Resources management	Preventive
Establish, implement, and maintain personnel status change and termination procedures. CC ID 06549	Human Resources management	Preventive
Include evidence of experience in applications for professional certification. CC ID 16193	Human Resources management	Preventive
Include supporting documentation in applications for professional certification. CC ID 16195	Human Resources management	Preventive
Document all training in a training record. CC ID 01423	Human Resources management	Detective
Review the current published guidance and awareness and training programs. CC ID 01245 [Review and update incident response training content [Assignment: organization-defined frequency] and following [Assignment: organization-defined events]. 03.06.04 b.]	Human Resources management	Preventive
Establish, implement, and maintain training plans. CC ID 00828	Human Resources management	Preventive
Include portions of the visitor control program in the training plan. CC ID 13287	Human Resources management	Preventive
Establish, implement, and maintain a security awareness program. CC ID 11746	Human Resources management	Preventive
Establish, implement, and maintain a security awareness and training policy. CC ID 14022	Human Resources management	Preventive
Include compliance requirements in the security awareness and training policy. CC ID 14092	Human Resources management	Preventive
Include coordination amongst entities in the security awareness and training policy. CC ID 14091	Human Resources management	Preventive
Establish, implement, and maintain security awareness and training procedures. CC ID 14054	Human Resources management	Preventive
Include management commitment in the security awareness and training policy. CC ID 14049	Human Resources management	Preventive
Include roles and responsibilities in the security awareness and training policy. CC ID 14048	Human Resources management	Preventive
Include the scope in the security awareness and training policy. CC ID 14047	Human Resources management	Preventive
Include the purpose in the security awareness and training policy. CC ID 14045	Human Resources management	Preventive
Include configuration management procedures in the security awareness program. CC ID 13967	Human Resources management	Preventive
Document security awareness requirements. CC ID 12146	Human Resources management	Preventive
Include safeguards for information systems in the security awareness program. CC ID 13046	Human Resources management	Preventive
Include security policies and security standards in the security awareness program. CC ID 13045	Human Resources management	Preventive
Include mobile device security guidelines in the security awareness program. CC ID 11803	Human Resources management	Preventive
Include training based on the participants' level of responsibility and access level in the security awareness program. CC ID 11802	Human Resources management	Preventive
Include a requirement to train all new hires and interested personnel in the security awareness program. CC ID 11800 [{security training} Provide security literacy training to system users: As part of initial training for new users and [Assignment: organization-defined frequency] thereafter, 03.02.01 a.1.]	Human Resources management	Preventive
Include remote access in the security awareness program. CC ID 13892	Human Resources management	Preventive
Document the goals of the security awareness program. CC ID 12145	Human Resources management	Preventive
Compare current security awareness assessment reports to the security awareness baseline. CC ID 12150	Human Resources management	Preventive
Document the scope of the security awareness program. CC ID 12148	Human Resources management	Preventive
Establish, implement, and maintain a security awareness baseline. CC ID 12147	Human Resources management	Preventive
Require personnel to acknowledge, through writing their signature, that they have read and understand the organization's security policies. CC ID 01363	Human Resources management	Preventive
Establish, implement, and maintain an environmental management system awareness program. CC ID 15200	Human Resources management	Preventive
Establish, implement, and maintain an occupational health and safety policy. CC ID 00716	Human Resources management	Preventive
Establish, implement, and maintain a Governance, Risk, and Compliance framework. CC ID 01406	Operational management	Preventive
Establish, implement, and maintain an information security program. CC ID 00812	Operational management	Preventive
Establish, implement, and maintain the Acceptable Use Policy. CC ID 01350 [Establish rules that describe the responsibilities and expected behavior for system usage and protecting CUI. 03.15.03 a. Review and update the rules of behavior [Assignment: organization-defined frequency]. 03.15.03 d.]	Operational management	Preventive
Include that explicit management authorization must be given for the use of all technologies and their documentation in the Acceptable Use Policy. CC ID 01351 [Authorize, monitor, and control the use of mobile code. 03.13.13 b.]	Operational management	Preventive
Include requiring users to protect restricted data in accordance with the Governance, Risk, and Compliance framework in the Acceptable Use Policy. CC ID 11894	Operational management	Preventive
Include Bring Your Own Device agreements in the Acceptable Use Policy. CC ID 15703	Operational management	Preventive
Include the obligations of users in the Bring Your Own Device agreement. CC ID 15708	Operational management	Preventive
Include the rights of the organization in the Bring Your Own Device agreement. CC ID 15707	Operational management	Preventive
Include the circumstances in which the organization may confiscate, audit, or inspect assets in the Bring Your Own Device agreement. CC ID 15706	Operational management	Preventive
Include the circumstances in which the organization may manage assets in the Bring Your Own Device agreement. CC ID 15705	Operational management	Preventive
Include Bring Your Own Device usage in the Acceptable Use Policy. CC ID 12293	Operational management	Preventive
Include a web usage policy in the Acceptable Use Policy. CC ID 16496	Operational management	Preventive
Include Bring Your Own Device security guidelines in the Acceptable Use Policy. CC ID 01352	Operational management	Preventive
Include asset tags in the Acceptable Use Policy. CC ID 01354	Operational management	Preventive
Specify the owner of applicable assets in the Acceptable Use Policy. CC ID 15699	Operational management	Preventive
Include asset use policies in the Acceptable Use Policy. CC ID 01355 [Establish usage restrictions, configuration requirements, and connection requirements for mobile devices. 03.01.18 a. Define acceptable mobile code and mobile code technologies. 03.13.13 a.]	Operational management	Preventive
Include authority for access authorization lists for assets in all relevant Acceptable Use Policies. CC ID 11872	Operational management	Preventive
Include access control mechanisms in the Acceptable Use Policy. CC ID 01353	Operational management	Preventive
Include prohibiting the copying or moving of restricted data from its original source onto local hard drives or removable storage media in the Acceptable Use Policy. CC ID 11893	Operational management	Preventive
Correlate the Acceptable Use Policy with the network security policy. CC ID 01356	Operational management	Preventive
Include appropriate network locations for each technology in the Acceptable Use Policy. CC ID 11881	Operational management	Preventive
Correlate the Acceptable Use Policy with the approved product list. CC ID 01357	Operational management	Preventive
Include facility access and facility use in the Acceptable Use Policy. CC ID 06441	Operational management	Preventive
Include disciplinary actions in the Acceptable Use Policy. CC ID 00296	Operational management	Corrective
Include usage restrictions in the Acceptable Use Policy. CC ID 15311	Operational management	Preventive
Include a software installation policy in the Acceptable Use Policy. CC ID 06749	Operational management	Preventive
Document idle session termination and logout for remote access technologies in the Acceptable Use Policy. CC ID 12472	Operational management	Preventive
Require interested personnel and affected parties to sign Acceptable Use Policies. CC ID 06661 [Receive a documented acknowledgement from individuals indicating that they have read, understand, and agree to abide by the rules of behavior before authorizing access to CUI and the system. 03.15.03 c.]	Operational management	Preventive
Require interested personnel and affected parties to re-sign Acceptable Use Policies, as necessary. CC ID 06663	Operational management	Preventive
Protect policies, standards, and procedures from unauthorized modification or disclosure. CC ID 10603 [Protect the incident response plan from unauthorized disclosure. 03.06.05 d. Protect the system security plan from unauthorized disclosure. 03.15.02 c. Protect the supply chain risk management plan from unauthorized disclosure. 03.17.01 c.]	Operational management	Preventive
Establish, implement, and maintain nondisclosure agreements. CC ID 04536 [Approve and manage the exchange of CUI between the system and other systems using [Selection (one or more): interconnection security agreements; information exchange security agreements; memoranda of understanding or agreement; service-level agreements; user agreements; non-disclosure agreements; other types of agreements]. 03.12.05 a.]	Operational management	Preventive
Require interested personnel and affected parties to sign nondisclosure agreements. CC ID 06667	Operational management	Preventive
Require interested personnel and affected parties to re-sign nondisclosure agreements, as necessary. CC ID 06669	Operational management	Preventive
Establish, implement, and maintain an Information Technology inventory with asset discovery audit trails. CC ID 00689	Operational management	Preventive
Include all account types in the Information Technology inventory. CC ID 13311	Operational management	Preventive
Include each Information System's major applications in the Information Technology inventory. CC ID 01407	Operational management	Preventive
Categorize all major applications according to the business information they process. CC ID 07182	Operational management	Preventive
Document the resources, hazards, and Evaluation Assurance Levels for each major application. CC ID 01164	Operational management	Preventive
Include the General Support Systems and security support structure in the Information Technology inventory. CC ID 01408	Operational management	Preventive
Include each Information System's minor applications in the Information Technology inventory. CC ID 01409	Operational management	Preventive
Categorize facilities in the Information Technology inventory according to their environmental risks. CC ID 06729	Operational management	Preventive
Establish, implement, and maintain a hardware asset inventory. CC ID 00691	Operational management	Preventive
Include network equipment in the Information Technology inventory. CC ID 00693	Operational management	Preventive
Include mobile devices that store restricted data or restricted information in the Information Technology inventory. CC ID 04719	Operational management	Preventive
Include software in the Information Technology inventory. CC ID 00692	Operational management	Preventive
Establish and maintain a list of authorized software and versions required for each system. CC ID 12093	Operational management	Preventive
Establish, implement, and maintain a storage media inventory. CC ID 00694	Operational management	Preventive
Include all electronic storage media containing restricted data or restricted information in the storage media inventory. CC ID 00962	Operational management	Detective
Establish, implement, and maintain a records inventory and database inventory. CC ID 01260	Operational management	Preventive
Add inventoried assets to the asset register database, as necessary. CC ID 07051	Operational management	Preventive
Organize the asset register database by grouping objects according to an organizational information classification standard. CC ID 07181	Operational management	Preventive
Record the decommission date for applicable assets in the asset inventory. CC ID 14920	Operational management	Preventive
Record the Uniform Resource Locator for applicable assets in the asset inventory. CC ID 14918	Operational management	Preventive
Record the review date for applicable assets in the asset inventory. CC ID 14919	Operational management	Preventive
Record services for applicable assets in the asset inventory. CC ID 13733	Operational management	Preventive
Record protocols for applicable assets in the asset inventory. CC ID 13734	Operational management	Preventive
Record the software version in the asset inventory. CC ID 12196	Operational management	Preventive
Record the publisher for applicable assets in the asset inventory. CC ID 13725	Operational management	Preventive
Record the authentication system in the asset inventory. CC ID 13724	Operational management	Preventive
Tag unsupported assets in the asset inventory. CC ID 13723	Operational management	Preventive
Record the install date for applicable assets in the asset inventory. CC ID 13720	Operational management	Preventive
Record the make, model of device for applicable assets in the asset inventory. CC ID 12465	Operational management	Preventive
Record the asset tag for physical assets in the asset inventory. CC ID 06632	Operational management	Preventive
Record the host name of applicable assets in the asset inventory. CC ID 13722	Operational management	Preventive
Record network ports for applicable assets in the asset inventory. CC ID 13730	Operational management	Preventive
Record the MAC address for applicable assets in the asset inventory. CC ID 13721	Operational management	Preventive
Record the operating system type for applicable assets in the asset inventory. CC ID 06633	Operational management	Preventive
Record the department associated with the asset in the asset inventory. CC ID 12084	Operational management	Preventive
Record the physical location for applicable assets in the asset inventory. CC ID 06634 [Identify and document the location of CUI and the system components on which the information is processed and stored. 03.04.11 a. Document changes to the system or system component location where CUI is processed and stored. 03.04.11 b.]	Operational management	Preventive
Record the manufacturer's serial number for applicable assets in the asset inventory. CC ID 06635	Operational management	Preventive
Record the firmware version for applicable assets in the asset inventory. CC ID 12195	Operational management	Preventive
Record the related business function for applicable assets in the asset inventory. CC ID 06636	Operational management	Preventive
Record the deployment environment for applicable assets in the asset inventory. CC ID 06637	Operational management	Preventive
Record the Internet Protocol address for applicable assets in the asset inventory. CC ID 06638	Operational management	Preventive
Link the software asset inventory to the hardware asset inventory. CC ID 12085	Operational management	Preventive
Record the owner for applicable assets in the asset inventory. CC ID 06640	Operational management	Preventive
Record all compliance requirements for applicable assets in the asset inventory. CC ID 15696	Operational management	Preventive
Record all changes to assets in the asset inventory. CC ID 12190	Operational management	Preventive
Record cloud service derived data in the asset inventory. CC ID 13007	Operational management	Preventive
Include cloud service customer data in the asset inventory. CC ID 13006	Operational management	Preventive
Establish, implement, and maintain a software accountability policy. CC ID 00868 [Implement a deny-all, allow-by-exception policy for the execution of authorized software programs on the system. 03.04.08 b.]	Operational management	Preventive
Establish, implement, and maintain software asset management procedures. CC ID 00895	Operational management	Preventive
Establish, implement, and maintain software archives procedures. CC ID 00866	Operational management	Preventive
Establish, implement, and maintain software distribution procedures. CC ID 00894	Operational management	Preventive
Establish, implement, and maintain software documentation management procedures. CC ID 06395	Operational management	Preventive
Establish, implement, and maintain software license management procedures. CC ID 06639	Operational management	Preventive
Establish, implement, and maintain a system preventive maintenance program. CC ID 00885	Operational management	Preventive
Establish, implement, and maintain a customer service program. CC ID 00846	Operational management	Preventive
Establish, implement, and maintain an incident management policy. CC ID 16414	Operational management	Preventive
Define the uses and capabilities of the Incident Management program. CC ID 00854	Operational management	Preventive
Include incident escalation procedures in the Incident Management program. CC ID 00856	Operational management	Preventive
Define the characteristics of the Incident Management program. CC ID 00855	Operational management	Preventive
Include the criteria for a data loss event in the Incident Management program. CC ID 12179	Operational management	Preventive
Include the criteria for an incident in the Incident Management program. CC ID 12173	Operational management	Preventive
Include a definition of affected transactions in the incident criteria. CC ID 17180	Operational management	Preventive
Include a definition of affected parties in the incident criteria. CC ID 17179	Operational management	Preventive
Include references to, or portions of, the Governance, Risk, and Compliance framework in the incident management program, as necessary. CC ID 13504	Operational management	Preventive
Include incident monitoring procedures in the Incident Management program. CC ID 01207 [Track and document system security incidents. 03.06.02 a. Implement an incident-handling capability that is consistent with the incident response plan and includes preparation, detection and analysis, containment, eradication, and recovery. 03.06.01 ¶ 1]	Operational management	Preventive
Define and document the criteria to be used in categorizing incidents. CC ID 10033	Operational management	Preventive
Document the incident and any relevant evidence in the incident report. CC ID 08659	Operational management	Detective
Record actions taken by investigators during a forensic investigation in the forensic investigation report. CC ID 07095	Operational management	Preventive
Include the investigation methodology in the forensic investigation report. CC ID 17071	Operational management	Preventive
Include corrective actions in the forensic investigation report. CC ID 17070	Operational management	Preventive
Include the investigation results in the forensic investigation report. CC ID 17069	Operational management	Preventive
Include where the digital forensic evidence was found in the forensic investigation report. CC ID 08674	Operational management	Detective
Include the condition of the digital forensic evidence in the forensic investigation report. CC ID 08678	Operational management	Detective
Share data loss event information with interconnected system owners. CC ID 01209	Operational management	Corrective
Document the justification for not reporting incidents to interested personnel and affected parties. CC ID 16547	Operational management	Preventive
Include data loss event notifications in the Incident Response program. CC ID 00364	Operational management	Preventive
Include legal requirements for data loss event notifications in the Incident Response program. CC ID 11954	Operational management	Preventive
Include required information in the written request to delay the notification to affected parties. CC ID 16785	Operational management	Preventive
Design the text of the notice for all incident response notifications to be no smaller than 10-point type. CC ID 12985	Operational management	Preventive
Establish, implement, and maintain incident response notifications. CC ID 12975	Operational management	Corrective
Include information required by law in incident response notifications. CC ID 00802	Operational management	Detective
Title breach notifications "Notice of Data Breach". CC ID 12977	Operational management	Preventive
Display titles of incident response notifications clearly and conspicuously. CC ID 12986	Operational management	Preventive
Display headings in incident response notifications clearly and conspicuously. CC ID 12987	Operational management	Preventive
Design the incident response notification to call attention to its nature and significance. CC ID 12984	Operational management	Preventive
Use plain language to write incident response notifications. CC ID 12976	Operational management	Preventive
Include directions for changing the user's authenticator or security questions and answers in the breach notification. CC ID 12983	Operational management	Preventive
Include the affected parties rights in the incident response notification. CC ID 16811	Operational management	Preventive
Include details of the investigation in incident response notifications. CC ID 12296	Operational management	Preventive
Include the issuer's name in incident response notifications. CC ID 12062	Operational management	Preventive
Include a "What Happened" heading in breach notifications. CC ID 12978	Operational management	Preventive
Include a general description of the data loss event in incident response notifications. CC ID 04734	Operational management	Preventive
Include time information in incident response notifications. CC ID 04745	Operational management	Preventive
Include the identification of the data source in incident response notifications. CC ID 12305	Operational management	Preventive
Include a "What Information Was Involved" heading in the breach notification. CC ID 12979	Operational management	Preventive
Include the type of information that was lost in incident response notifications. CC ID 04735	Operational management	Preventive
Include the type of information the organization maintains about the affected parties in incident response notifications. CC ID 04776	Operational management	Preventive
Include a "What We Are Doing" heading in the breach notification. CC ID 12982	Operational management	Preventive
Include what the organization has done to enhance data protection controls in incident response notifications. CC ID 04736	Operational management	Preventive
Include what the organization is offering or has already done to assist affected parties in incident response notifications. CC ID 04737	Operational management	Preventive
Include a "For More Information" heading in breach notifications. CC ID 12981	Operational management	Preventive
Include details of the companies and persons involved in incident response notifications. CC ID 12295	Operational management	Preventive
Include the credit reporting agencies' contact information in incident response notifications. CC ID 04744	Operational management	Preventive
Include the reporting individual's contact information in incident response notifications. CC ID 12297	Operational management	Preventive
Include any consequences in the incident response notifications. CC ID 12604	Operational management	Preventive
Include whether the notification was delayed due to a law enforcement investigation in incident response notifications. CC ID 04746	Operational management	Preventive
Include a "What You Can Do" heading in the breach notification. CC ID 12980	Operational management	Preventive
Include how the affected parties can protect themselves from identity theft in incident response notifications. CC ID 04738	Operational management	Detective
Include contact information in incident response notifications. CC ID 04739	Operational management	Preventive
Include contact information in the substitute incident response notification. CC ID 16776	Operational management	Preventive
Post substitute incident response notifications to the organization's website, as necessary. CC ID 04748	Operational management	Preventive
Establish, implement, and maintain a containment strategy. CC ID 13480	Operational management	Preventive
Include the containment approach in the containment strategy. CC ID 13486	Operational management	Preventive
Include response times in the containment strategy. CC ID 13485	Operational management	Preventive
Include incident recovery procedures in the Incident Management program. CC ID 01758 [Implement an incident-handling capability that is consistent with the incident response plan and includes preparation, detection and analysis, containment, eradication, and recovery. 03.06.01 ¶ 1]	Operational management	Corrective
Establish, implement, and maintain a restoration log. CC ID 12745	Operational management	Preventive
Establish, implement, and maintain compromised system reaccreditation procedures. CC ID 00592	Operational management	Preventive
Analyze security violations in Suspicious Activity Reports. CC ID 00591	Operational management	Preventive
Update the incident response procedures using the lessons learned. CC ID 01233	Operational management	Preventive
Include incident response procedures in the Incident Management program. CC ID 01218	Operational management	Preventive
Include incident management procedures in the Incident Management program. CC ID 12689 [Implement an incident-handling capability that is consistent with the incident response plan and includes preparation, detection and analysis, containment, eradication, and recovery. 03.06.01 ¶ 1]	Operational management	Preventive
Establish, implement, and maintain temporary and emergency access authorization procedures. CC ID 00858	Operational management	Corrective
Establish, implement, and maintain temporary and emergency access revocation procedures. CC ID 15334	Operational management	Preventive
Include after-action analysis procedures in the Incident Management program. CC ID 01219	Operational management	Preventive
Establish, implement, and maintain security and breach investigation procedures. CC ID 16844	Operational management	Preventive
Document any potential harm in the incident finding when concluding the incident investigation. CC ID 13830	Operational management	Preventive
Log incidents in the Incident Management audit log. CC ID 00857	Operational management	Preventive
Include corrective actions in the incident management audit log. CC ID 16466	Operational management	Preventive
Include emergency processing priorities in the Incident Management program. CC ID 00859	Operational management	Preventive
Include user's responsibilities for when a theft has occurred in the Incident Management program. CC ID 06387	Operational management	Preventive
Include incident record closure procedures in the Incident Management program. CC ID 01620	Operational management	Preventive
Include incident reporting procedures in the Incident Management program. CC ID 11772 [Report suspected incidents to the organizational incident response capability within [Assignment: organization-defined time period]. 03.06.02 b.]	Operational management	Preventive
Display customer security advice prominently. CC ID 13667	Operational management	Preventive
Establish, implement, and maintain an Incident Response program. CC ID 00579	Operational management	Preventive
Establish, implement, and maintain an incident response plan. CC ID 12056 [Develop an incident response plan that: 03.06.05 a. Develop an incident response plan that: Describes the structure and organization of the incident response capability, 03.06.05 a.2. {system changes} Update the incident response plan to address system and organizational changes or problems encountered during plan implementation, execution, or testing. 03.06.05 c.]	Operational management	Preventive
Include addressing external communications in the incident response plan. CC ID 13351	Operational management	Preventive
Include addressing internal communications in the incident response plan. CC ID 13350	Operational management	Preventive
Include change control procedures in the incident response plan. CC ID 15479	Operational management	Preventive
Include addressing information sharing in the incident response plan. CC ID 13349	Operational management	Preventive
Include dynamic reconfiguration in the incident response plan. CC ID 14306	Operational management	Preventive
Include a definition of reportable incidents in the incident response plan. CC ID 14303 [Develop an incident response plan that: Defines reportable incidents, 03.06.05 a.4.]	Operational management	Preventive
Include the management support needed for incident response in the incident response plan. CC ID 14300	Operational management	Preventive
Include root cause analysis in the incident response plan. CC ID 16423	Operational management	Preventive
Include how incident response fits into the organization in the incident response plan. CC ID 14294 [Develop an incident response plan that: Provides a high-level approach for how the incident response capability fits into the overall organization, 03.06.05 a.3.]	Operational management	Preventive
Include the resources needed for incident response in the incident response plan. CC ID 14292	Operational management	Preventive
Include incident response team structures in the Incident Response program. CC ID 01237 [Develop an incident response plan that: Designates responsibilities to organizational entities, personnel, or roles. 03.06.05 a.6.]	Operational management	Preventive
Assign establishing, implementing, and maintaining incident response procedures to the appropriate role in the incident response program. CC ID 12473	Operational management	Preventive
Include personnel contact information in the event of an incident in the Incident Response program. CC ID 06385	Operational management	Preventive
Include what information interested personnel and affected parties need in the event of an incident in the Incident Response program. CC ID 11789	Operational management	Preventive
Include identifying remediation actions in the incident response plan. CC ID 13354	Operational management	Preventive
Include procedures for providing updated status information to the crisis management team in the incident response plan. CC ID 12776	Operational management	Preventive
Include incident response team services in the Incident Response program. CC ID 11766	Operational management	Preventive
Include the incident response training program in the Incident Response program. CC ID 06750	Operational management	Preventive
Establish, implement, and maintain incident response procedures. CC ID 01206 [Develop an incident response plan that: Provides the organization with a roadmap for implementing its incident response capability, 03.06.05 a.1.]	Operational management	Detective
Include references to industry best practices in the incident response procedures. CC ID 11956	Operational management	Preventive
Include responding to alerts from security monitoring systems in the incident response procedures. CC ID 11949	Operational management	Preventive
Disseminate and communicate the incident response procedures to all interested personnel and affected parties. CC ID 01215 [Distribute copies of the incident response plan to designated incident response personnel (identified by name and/or by role) and organizational elements. 03.06.05 b.]	Operational management	Preventive
Establish, implement, and maintain a change control program. CC ID 00886 [{configuration-controlled changes} Define the types of changes to the system that are configuration-controlled. 03.04.03 a.]	Operational management	Preventive
Include potential consequences of unintended changes in the change control program. CC ID 12243	Operational management	Preventive
Include version control in the change control program. CC ID 13119	Operational management	Preventive
Include service design and transition in the change control program. CC ID 13920	Operational management	Preventive
Establish, implement, and maintain a back-out plan. CC ID 13623	Operational management	Preventive
Establish, implement, and maintain back-out procedures for each proposed change in a change request. CC ID 00373	Operational management	Preventive
Approve back-out plans, as necessary. CC ID 13627	Operational management	Corrective
Include documentation of the impact level of proposed changes in the change request. CC ID 11942	Operational management	Preventive
Establish and maintain a change request approver list. CC ID 06795	Operational management	Preventive
Document all change requests in change request forms. CC ID 06794 [Review proposed configuration-controlled changes to the system, and approve or disapprove such changes with explicit consideration for security impacts. 03.04.03 b.]	Operational management	Preventive
Establish, implement, and maintain emergency change procedures. CC ID 00890	Operational management	Preventive
Log emergency changes after they have been performed. CC ID 12733	Operational management	Preventive
Provide audit trails for all approved changes. CC ID 13120	Operational management	Preventive
Establish, implement, and maintain a transition strategy. CC ID 17049	Operational management	Preventive
Document the sources of all software updates. CC ID 13316	Operational management	Preventive
Establish, implement, and maintain a patch management policy. CC ID 16432	Operational management	Preventive
Establish, implement, and maintain patch management procedures. CC ID 15224	Operational management	Preventive
Establish, implement, and maintain a patch log. CC ID 01642	Operational management	Preventive
Establish, implement, and maintain a software release policy. CC ID 00893	Operational management	Preventive
Establish, implement, and maintain approved change acceptance testing procedures. CC ID 06391	Operational management	Detective
Establish, implement, and maintain a change acceptance testing log. CC ID 06392	Operational management	Corrective
Update associated documentation after the system configuration has been changed. CC ID 00891	Operational management	Preventive
Document approved configuration deviations. CC ID 08711	Operational management	Corrective
Establish, implement, and maintain a Configuration Management program. CC ID 00867	System hardening through configuration management	Preventive
Establish, implement, and maintain appropriate system labeling. CC ID 01900	System hardening through configuration management	Preventive
Include the identification number of the third party who performed the conformity assessment procedures on all promotional materials. CC ID 15041	System hardening through configuration management	Preventive
Include the identification number of the third party who conducted the conformity assessment procedures after the CE marking of conformity. CC ID 15040	System hardening through configuration management	Preventive
Establish, implement, and maintain a configuration baseline based on the least functionality principle. CC ID 00862 [Develop and maintain under configuration control, a current baseline configuration of the system. 03.04.01 a.]	System hardening through configuration management	Preventive
Include the measures used to account for any differences in operation between the test environments and production environments in the baseline configuration. CC ID 13285	System hardening through configuration management	Preventive
Include the differences between test environments and production environments in the baseline configuration. CC ID 13284	System hardening through configuration management	Preventive
Include the applied security patches in the baseline configuration. CC ID 13271	System hardening through configuration management	Preventive
Include the installed application software and version numbers in the baseline configuration. CC ID 13270	System hardening through configuration management	Preventive
Include installed custom software in the baseline configuration. CC ID 13274	System hardening through configuration management	Preventive
Include network ports in the baseline configuration. CC ID 13273	System hardening through configuration management	Preventive
Include the operating systems and version numbers in the baseline configuration. CC ID 13269	System hardening through configuration management	Preventive
Establish, implement, and maintain a system hardening standard. CC ID 00876	System hardening through configuration management	Preventive
Include common security parameter settings in the configuration standards for all systems. CC ID 12544	System hardening through configuration management	Preventive
Provide documentation verifying devices are not susceptible to known exploits. CC ID 11987	System hardening through configuration management	Preventive
Establish, implement, and maintain system hardening procedures. CC ID 12001	System hardening through configuration management	Preventive
Document that all enabled functions support secure configurations. CC ID 11985	System hardening through configuration management	Preventive
Validate, approve, and document all UNIX shells prior to use. CC ID 02161	System hardening through configuration management	Preventive
Configure the "global Package signature checking" setting to organizational standards. CC ID 08735	System hardening through configuration management	Preventive
Configure the "Package signature checking" setting for "all configured repositories" to organizational standards. CC ID 08736	System hardening through configuration management	Preventive
Configure the "verify against the package database" setting for "all installed software packages" to organizational standards. CC ID 08737	System hardening through configuration management	Preventive
Configure the "isdn4k-utils" package to organizational standards. CC ID 08738	System hardening through configuration management	Preventive
Configure the "postfix" package to organizational standards. CC ID 08739	System hardening through configuration management	Preventive
Configure the "vsftpd" package to organizational standards. CC ID 08740	System hardening through configuration management	Preventive
Configure the "net-snmpd" package to organizational standards. CC ID 08741	System hardening through configuration management	Preventive
Configure the "rsyslog" package to organizational standards. CC ID 08742	System hardening through configuration management	Preventive
Configure the "ipsec-tools" package to organizational standards. CC ID 08743	System hardening through configuration management	Preventive
Configure the "pam_ccreds" package to organizational standards. CC ID 08744	System hardening through configuration management	Preventive
Configure the "talk-server" package to organizational standards. CC ID 08745	System hardening through configuration management	Preventive
Configure the "talk" package to organizational standards. CC ID 08746	System hardening through configuration management	Preventive
Configure the "irda-utils" package to organizational standards. CC ID 08747	System hardening through configuration management	Preventive
Establish, implement, and maintain an authenticator standard. CC ID 01702	System hardening through configuration management	Preventive
Establish, implement, and maintain an authenticator management system. CC ID 12031	System hardening through configuration management	Preventive
Establish, implement, and maintain authenticator procedures. CC ID 12002 [{lost authenticators} {compromised authenticators} Establish and implement administrative procedures for initial authenticator distribution; for lost, compromised, or damaged authenticators; and for revoking authenticators. 03.05.12 c. {lost authenticators} {compromised authenticators} Establish and implement administrative procedures for initial authenticator distribution; for lost, compromised, or damaged authenticators; and for revoking authenticators. 03.05.12 c.]	System hardening through configuration management	Preventive
Configure the "minimum number of digits required for new passwords" setting to organizational standards. CC ID 08717	System hardening through configuration management	Preventive
Configure the "minimum number of upper case characters required for new passwords" setting to organizational standards. CC ID 08718	System hardening through configuration management	Preventive
Configure the "minimum number of lower case characters required for new passwords" setting to organizational standards. CC ID 08719	System hardening through configuration management	Preventive
Configure the "minimum number of special characters required for new passwords" setting to organizational standards. CC ID 08720	System hardening through configuration management	Preventive
Configure the "require new passwords to differ from old ones by the appropriate minimum number of characters" setting to organizational standards. CC ID 08722	System hardening through configuration management	Preventive
Configure the "password reuse" setting to organizational standards. CC ID 08724	System hardening through configuration management	Preventive
Configure the "shadow password for all accounts in /etc/passwd" setting to organizational standards. CC ID 08721	System hardening through configuration management	Preventive
Configure the "password hashing algorithm" setting to organizational standards. CC ID 08723	System hardening through configuration management	Preventive
Establish, implement, and maintain network parameter modification procedures. CC ID 01517	System hardening through configuration management	Preventive
Configure Apple iOS to Organizational Standards. CC ID 09986	System hardening through configuration management	Preventive
Establish, implement, and maintain a Configuration Baseline Documentation Record. CC ID 02130 [Review and update the baseline configuration of the system [Assignment: organization-defined frequency] and when system components are installed or modified. 03.04.01 b.]	System hardening through configuration management	Preventive
Document and approve any changes to the Configuration Baseline Documentation Record. CC ID 12104	System hardening through configuration management	Preventive
Establish, implement, and maintain records management policies. CC ID 00903	Records management	Preventive
Define each system's preservation requirements for records and logs. CC ID 00904	Records management	Detective
Establish, implement, and maintain storage media disposition and destruction procedures. CC ID 11657	Records management	Preventive
Establish, implement, and maintain records management procedures. CC ID 11619	Records management	Preventive
Establish, implement, and maintain electronic storage media management procedures. CC ID 00931	Records management	Preventive
Establish, implement, and maintain security label procedures. CC ID 06747 [Mark system media that contain CUI to indicate distribution limitations, handling caveats, and applicable CUI markings. 03.08.04 ¶ 1]	Records management	Preventive
Establish, implement, and maintain restricted material identification procedures. CC ID 01889	Records management	Preventive
Conspicuously locate the restricted record's overall classification. CC ID 01890	Records management	Preventive
Mark a restricted record's displayed pages or printed pages with the appropriate classification. CC ID 01891	Records management	Preventive
Mark a restricted record's components (appendices, annexes) with the appropriate classification. CC ID 01892	Records management	Preventive
Mark a restricted record's portions (paragraphs, sections) with the appropriate classification. CC ID 01893	Records management	Preventive
Mark a restricted record's subject line or title with the appropriate classification. CC ID 01894	Records management	Preventive
Establish, implement, and maintain system design principles and system design guidelines. CC ID 01057	Systems design, build, and implementation	Preventive
Include continuous protection of systems or system components in the security design principles. CC ID 14748	Systems design, build, and implementation	Preventive
Establish, implement, and maintain a product and services acquisition strategy. CC ID 01133 [Develop and implement acquisition strategies, contract tools, and procurement methods to identify, protect against, and mitigate supply chain risks. 03.17.02 ¶ 1]	Acquisition or sale of facilities, technology, and services	Preventive
Establish, implement, and maintain a supply chain management program. CC ID 11742	Third Party and supply chain oversight	Preventive
Establish, implement, and maintain information flow agreements with all third parties. CC ID 04543 [Permit authorized individuals to use external systems to access the organizational system or to process, store, or transmit CUI only after: Retaining approved system connection or processing agreements with the organizational entities hosting the external systems. 03.01.20 c.2. Approve and manage the exchange of CUI between the system and other systems using [Selection (one or more): interconnection security agreements; information exchange security agreements; memoranda of understanding or agreement; service-level agreements; user agreements; non-disclosure agreements; other types of agreements]. 03.12.05 a. Approve and manage the exchange of CUI between the system and other systems using [Selection (one or more): interconnection security agreements; information exchange security agreements; memoranda of understanding or agreement; service-level agreements; user agreements; non-disclosure agreements; other types of agreements]. 03.12.05 a.]	Third Party and supply chain oversight	Preventive
Include the purpose in the information flow agreement. CC ID 17016	Third Party and supply chain oversight	Preventive
Include the type of information being transmitted in the information flow agreement. CC ID 14245 [Document interface characteristics, security requirements, and responsibilities for each system as part of the exchange agreements. 03.12.05 b.]	Third Party and supply chain oversight	Preventive
Include the costs in the information flow agreement. CC ID 17018	Third Party and supply chain oversight	Preventive
Include the security requirements in the information flow agreement. CC ID 14244 [Document interface characteristics, security requirements, and responsibilities for each system as part of the exchange agreements. 03.12.05 b.]	Third Party and supply chain oversight	Preventive
Include the interface characteristics in the information flow agreement. CC ID 14240 [Document interface characteristics, security requirements, and responsibilities for each system as part of the exchange agreements. 03.12.05 b.]	Third Party and supply chain oversight	Preventive
Include a description of the data or information to be covered in third party contracts. CC ID 06510 [Approve and manage the exchange of CUI between the system and other systems using [Selection (one or more): interconnection security agreements; information exchange security agreements; memoranda of understanding or agreement; service-level agreements; user agreements; non-disclosure agreements; other types of agreements]. 03.12.05 a.]	Third Party and supply chain oversight	Preventive
Include text about data ownership in third party contracts. CC ID 06502	Third Party and supply chain oversight	Preventive
Monitor and report on the efficacy of all Service Level Agreements using a Service Level Agreement Monitoring Chart or equivalent. CC ID 00842	Third Party and supply chain oversight	Detective
Approve all Service Level Agreements. CC ID 00843 [Review and update the exchange agreements [Assignment: organization-defined frequency]. 03.12.05 c.]	Third Party and supply chain oversight	Detective
Document all chargeable items in Service Level Agreements. CC ID 00844	Third Party and supply chain oversight	Detective
Include risk management procedures in the supply chain management policy. CC ID 08811 [Enforce the following security requirements to protect against supply chain risks to the system, system components, or system services and to limit the harm or consequences from supply chain-related events: [Assignment: organization-defined security requirements]. 03.17.03 b.]	Third Party and supply chain oversight	Preventive
Include a determination on the impact of services provided by third-party service providers in the supply chain risk assessment report. CC ID 17187	Third Party and supply chain oversight	Preventive
Include a determination of financial benefits over actual costs of third party relationships in the supply chain risk assessment report. CC ID 10025	Third Party and supply chain oversight	Preventive
Include a determination of how third party relationships affect strategic initiatives in the supply chain risk assessment report. CC ID 10026	Third Party and supply chain oversight	Preventive
Include a determination of customer interactions with third parties in the supply chain risk assessment report. CC ID 10028	Third Party and supply chain oversight	Preventive
Include a determination on the risks third parties pose to Information Security in the supply chain risk assessment report. CC ID 10029	Third Party and supply chain oversight	Preventive
Include a requirement in outsourcing contracts that supply chain members must implement security controls to protect information. CC ID 13353	Third Party and supply chain oversight	Preventive
Request attestation of compliance from third parties. CC ID 12067	Third Party and supply chain oversight	Detective

Human Resources Management

Mandated - bold Implied - italic Implementation - regular	IMPACT ZONE	CLASS
KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term
Assign roles and responsibilities for overseeing access to restricted data or restricted information. CC ID 11950	Monitoring and measurement	Detective
Assign senior management to approve test plans. CC ID 13071	Monitoring and measurement	Preventive
Employ third parties to carry out testing programs, as necessary. CC ID 13178	Monitoring and measurement	Preventive
Assign key stakeholders to review and approve supply chain risk management procedures. CC ID 13199	Audits and risk management	Preventive
Define roles for information systems. CC ID 12454 [Specify: Group and role membership, and 03.01.01 c.2.]	Technical security	Preventive
Define access needs for each role assigned to an information system. CC ID 12455	Technical security	Preventive
Change authenticators after personnel status changes. CC ID 12284	Technical security	Preventive
Assign roles and responsibilities for administering user account management. CC ID 11900	Technical security	Preventive
Require key custodians to sign the key custodian's roles and responsibilities. CC ID 11820	Technical security	Preventive
Disallow opting out of wearing or displaying identification cards or badges. CC ID 13030	Physical and environmental protection	Preventive
Direct each employee to be responsible for their identification card or badge. CC ID 12332	Physical and environmental protection	Preventive
Assign employees the responsibility for controlling their identification badges. CC ID 12333	Physical and environmental protection	Preventive
Define and assign workforce roles and responsibilities. CC ID 13267 [Define and document user roles and responsibilities with regard to external system services, including shared responsibilities with external service providers. 03.16.03 b.]	Human Resources management	Preventive
Establish, implement, and maintain cybersecurity roles and responsibilities. CC ID 13201	Human Resources management	Preventive
Document the use of external experts. CC ID 16263	Human Resources management	Preventive
Define and assign roles and responsibilities for the biometric system. CC ID 17004	Human Resources management	Preventive
Define and assign roles and responsibilities for those involved in risk management. CC ID 13660	Human Resources management	Preventive
Include the management structure in the duties and responsibilities for risk management. CC ID 13665	Human Resources management	Preventive
Assign the roles and responsibilities for the change control program. CC ID 13118	Human Resources management	Preventive
Assign responsibility for cyber threat intelligence. CC ID 12746	Human Resources management	Preventive
Assign the role of security leader to keep up to date on the latest threats. CC ID 12112	Human Resources management	Preventive
Define and assign the data processor's roles and responsibilities. CC ID 12607	Human Resources management	Preventive
Assign the data processor to assist the data controller in implementing security controls. CC ID 12677	Human Resources management	Preventive
Assign the role of data controller to be the Point of Contact for the supervisory authority. CC ID 12616	Human Resources management	Preventive
Assign the role of the Data Controller to cooperate with the supervisory authority. CC ID 12615	Human Resources management	Preventive
Assign the data controller to facilitate the exercise of the data subject's rights. CC ID 12666	Human Resources management	Preventive
Assign the role of data controller to provide advice, when requested. CC ID 12611	Human Resources management	Preventive
Define and assign the roles and responsibilities of security guards. CC ID 12543	Human Resources management	Preventive
Define and assign roles and responsibilities for dispute resolution. CC ID 13626	Human Resources management	Preventive
Define and assign the roles for Legal Support Workers. CC ID 13711	Human Resources management	Preventive
Perform personnel screening procedures, as necessary. CC ID 11763 [Screen individuals prior to authorizing access to the system. 03.09.01 a. Rescreen individuals in accordance with [Assignment: organization-defined conditions requiring rescreening]. 03.09.01 b.]	Human Resources management	Preventive
Support certification programs as viable training programs. CC ID 13268	Human Resources management	Preventive
Hire third parties to conduct training, as necessary. CC ID 13167	Human Resources management	Preventive
Include ethical culture in the security awareness program. CC ID 12801	Human Resources management	Preventive
Include duties and responsibilities in the training plan, as necessary. CC ID 12800	Human Resources management	Preventive
Establish and maintain management's commitment to supporting the security awareness program. CC ID 12151	Human Resources management	Preventive
Establish and maintain a steering committee to guide the security awareness program. CC ID 12149	Human Resources management	Preventive
Encourage interested personnel to obtain security certification. CC ID 11804	Human Resources management	Preventive
Establish, implement, and maintain a travel program for all personnel. CC ID 10597	Human Resources management	Preventive
Assign ownership of maintaining the asset inventory, as necessary. CC ID 12344	Operational management	Preventive
Define and assign the roles and responsibilities for Incident Management program. CC ID 13055	Operational management	Preventive
Implement security controls for personnel that have accessed information absent authorization. CC ID 10611	Operational management	Corrective
Assign the distribution of security alerts to the appropriate role in the incident response program. CC ID 11887	Operational management	Preventive

IT Impact Zone

Mandated - bold Implied - italic Implementation - regular	IMPACT ZONE	CLASS
KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term
Leadership and high level objectives CC ID 00597	Leadership and high level objectives	IT Impact Zone
Monitoring and measurement CC ID 00636	Monitoring and measurement	IT Impact Zone
Audits and risk management CC ID 00677	Audits and risk management	IT Impact Zone
Technical security CC ID 00508	Technical security	IT Impact Zone
Physical and environmental protection CC ID 00709	Physical and environmental protection	IT Impact Zone
Operational and Systems Continuity CC ID 00731	Operational and Systems Continuity	IT Impact Zone
Human Resources management CC ID 00763	Human Resources management	IT Impact Zone
Operational management CC ID 00805	Operational management	IT Impact Zone
System hardening through configuration management CC ID 00860	System hardening through configuration management	IT Impact Zone
Records management CC ID 00902	Records management	IT Impact Zone
Systems design, build, and implementation CC ID 00989	Systems design, build, and implementation	IT Impact Zone
Acquisition or sale of facilities, technology, and services CC ID 01123	Acquisition or sale of facilities, technology, and services	IT Impact Zone
Third Party and supply chain oversight CC ID 08807	Third Party and supply chain oversight	IT Impact Zone

Investigate

Mandated - bold Implied - italic Implementation - regular	IMPACT ZONE	CLASS
KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term
Follow up exceptions and anomalies identified when reviewing logs. CC ID 11925 [Review and analyze system audit records [Assignment: organization-defined frequency] for indications and the potential impact of inappropriate or unusual activity. 03.03.05 a.]	Monitoring and measurement	Corrective
Rank discovered vulnerabilities. CC ID 11940	Monitoring and measurement	Detective
Scan for malicious code, as necessary. CC ID 11941 [Configure malicious code protection mechanisms to: Perform scans of the system [Assignment: organization-defined frequency] and real-time scans of files from external sources at endpoints or system entry and exit points as the files are downloaded, opened, or executed; and 03.14.02 c.1.]	Technical security	Detective
Report anomalies in the visitor log to appropriate personnel. CC ID 14755	Physical and environmental protection	Detective
Identify root causes of incidents that force system changes. CC ID 13482	Operational management	Detective
Refrain from turning on any in scope devices that are turned off when a security incident is detected. CC ID 08677	Operational management	Detective
Analyze the incident response process following an incident response. CC ID 13179	Operational management	Detective
Provide progress reports of the incident investigation to the appropriate roles, as necessary. CC ID 12298	Operational management	Preventive
Analyze the behaviors of individuals involved in the incident during incident investigations. CC ID 14042	Operational management	Detective
Identify the affected parties during incident investigations. CC ID 16781	Operational management	Detective
Interview suspects during incident investigations, as necessary. CC ID 14041	Operational management	Detective
Interview victims and witnesses during incident investigations, as necessary. CC ID 14038	Operational management	Detective
Assign monitoring and analyzing the security alert when a security alert is received to the appropriate role in the incident response program. CC ID 11886	Operational management	Detective
Analyze mitigating controls for vulnerabilities in the network when certifying the network. CC ID 13126	Operational management	Detective
Collect data about the network environment when certifying the network. CC ID 13125	Operational management	Detective

Log Management

Mandated - bold Implied - italic Implementation - regular	IMPACT ZONE	CLASS
KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term
Establish, implement, and maintain logging and monitoring operations. CC ID 00637	Monitoring and measurement	Detective
Operationalize key monitoring and logging concepts to ensure the audit trails capture sufficient information. CC ID 00638	Monitoring and measurement	Detective
Establish, implement, and maintain event logging procedures. CC ID 01335 [Generate audit records for the selected event types and audit record content specified in 03.03.01 and 03.03.02. 03.03.03 a.]	Monitoring and measurement	Detective
Include a standard to collect and interpret event logs in the event logging procedures. CC ID 00643	Monitoring and measurement	Preventive
Protect the event logs from failure. CC ID 06290 [Take the following additional actions: [Assignment: organization-defined additional actions]. 03.03.04 b.]	Monitoring and measurement	Preventive
Review and update event logs and audit logs, as necessary. CC ID 00596 [Review and analyze system audit records [Assignment: organization-defined frequency] for indications and the potential impact of inappropriate or unusual activity. 03.03.05 a.]	Monitoring and measurement	Detective
Eliminate false positives in event logs and audit logs. CC ID 07047	Monitoring and measurement	Corrective
Correlate log entries to security controls to verify the security control's effectiveness. CC ID 13207	Monitoring and measurement	Detective
Reproduce the event log if a log failure is captured. CC ID 01426	Monitoring and measurement	Preventive
Enable logging for all systems that meet a traceability criteria. CC ID 00640	Monitoring and measurement	Detective
Restrict access to logs to authorized individuals. CC ID 01342 [Authorize access to management of audit logging functionality to only a subset of privileged users or roles. 03.03.08 b.]	Monitoring and measurement	Preventive
Protect logs from unauthorized activity. CC ID 01345 [Protect audit information and audit logging tools from unauthorized access, modification, and deletion. 03.03.08 a.]	Monitoring and measurement	Preventive
Disseminate and communicate the reviews of audit reports to organizational management. CC ID 00653 [Report findings to organizational personnel or roles. 03.03.05 b.]	Audits and risk management	Detective
Include the user's location in the system record. CC ID 16996	Technical security	Preventive
Log issuers who send personal data in cleartext in the transfer audit log. CC ID 12312	Technical security	Preventive
Log the individual's address in the facility access list. CC ID 16921	Physical and environmental protection	Preventive
Log the contact information for the person authorizing access in the facility access list. CC ID 16920	Physical and environmental protection	Preventive
Log the organization's name in the facility access list. CC ID 16919	Physical and environmental protection	Preventive
Log the individual's name in the facility access list. CC ID 16918	Physical and environmental protection	Preventive
Log the purpose in the facility access list. CC ID 16982	Physical and environmental protection	Preventive
Log the level of access in the facility access list. CC ID 16975	Physical and environmental protection	Preventive
Establish and maintain a visitor log. CC ID 00715 [Escort visitors, and control visitor activity. 03.10.07 c.]	Physical and environmental protection	Preventive
Record the purpose of the visit in the visitor log. CC ID 16917	Physical and environmental protection	Preventive
Record the visitor's name in the visitor log. CC ID 00557	Physical and environmental protection	Preventive
Record the visitor's organization in the visitor log. CC ID 12121	Physical and environmental protection	Preventive
Record the visitor's acceptable access areas in the visitor log. CC ID 12237	Physical and environmental protection	Preventive
Record the date and time of departure in the visitor log. CC ID 16897	Physical and environmental protection	Preventive
Record the type of identification used in the visitor log. CC ID 16916	Physical and environmental protection	Preventive
Retain all records in the visitor log as prescribed by law. CC ID 00572	Physical and environmental protection	Preventive
Log the entrance of a staff member to a facility or designated rooms within the facility. CC ID 01641	Physical and environmental protection	Preventive
Log when the vault is accessed. CC ID 06725	Physical and environmental protection	Detective
Log when the cabinet is accessed. CC ID 11674	Physical and environmental protection	Detective
Store facility access logs in off-site storage. CC ID 06958	Physical and environmental protection	Preventive
Include the requestor's name in the physical access log. CC ID 16922	Physical and environmental protection	Preventive
Log the transiting, internal distribution, and external distribution of restricted storage media. CC ID 12321 [Document activities associated with the transport of system media that contain CUI. 03.08.05 c.]	Physical and environmental protection	Preventive
Log the transfer of removable storage media. CC ID 12322	Physical and environmental protection	Preventive
Log the performance of all remote maintenance. CC ID 13202	Operational management	Preventive
Store system logs for in scope systems as digital forensic evidence after a security incident has been detected. CC ID 01754	Operational management	Corrective
Submit an incident management audit log to the proper authorities for each security breach that affects a predefined number of individuals, as necessary. CC ID 06326	Operational management	Detective
Include who the incident was reported to in the incident management audit log. CC ID 16487	Operational management	Preventive
Include the information that was exchanged in the incident management audit log. CC ID 16995	Operational management	Preventive
Include the organizational functions affected by disruption in the Incident Management audit log. CC ID 12238	Operational management	Corrective
Include the organization's business products and services affected by disruptions in the Incident Management audit log. CC ID 12234	Operational management	Preventive
Configure the log to capture creates, reads, updates, or deletes of records containing personal data. CC ID 11890	System hardening through configuration management	Detective
Configure the log to capture the information referent when personal data is being accessed. CC ID 11968	System hardening through configuration management	Detective
Configure the log to capture each auditable event's origination. CC ID 01338 [Include the following content in audit records: Source of the event 03.03.02 a.4.]	System hardening through configuration management	Detective
Configure the log to capture the details of electronic signature transactions. CC ID 16910	System hardening through configuration management	Preventive
Configure the log to uniquely identify each accessed record. CC ID 16909	System hardening through configuration management	Preventive
Configure the log to capture actions taken by individuals with root privileges or administrative privileges and add logging option to the root file system. CC ID 00645 [Log the execution of privileged functions. 03.01.07 b.]	System hardening through configuration management	Detective

Maintenance

Mandated - bold Implied - italic Implementation - regular	IMPACT ZONE	CLASS
KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term
Use system components only when third party support is available. CC ID 10644 [Replace system components when support for the components is no longer available from the developer, vendor, or manufacturer. 03.16.02 a.]	Operational management	Preventive
Obtain justification for the continued use of system components when third party support is no longer available. CC ID 10645 [Provide options for risk mitigation or alternative sources for continued support for unsupported components that cannot be replaced. 03.16.02 b.]	Operational management	Preventive
Disconnect non-volatile media from information systems prior to performing maintenance with uncleared personnel. CC ID 14295	Operational management	Preventive
Sanitize volatile media in information systems prior to performing maintenance with uncleared personnel. CC ID 14291	Operational management	Preventive
Separate the production environment from development environment or test environment for the change control process. CC ID 11864	Operational management	Preventive

Monitor and Evaluate Occurrences

Mandated - bold Implied - italic Implementation - regular	IMPACT ZONE	CLASS
KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term
Include the capturing and alerting of compliance violations in the notification system. CC ID 12962	Leadership and high level objectives	Preventive
Include the capturing and alerting of unethical conduct in the notification system. CC ID 12932	Leadership and high level objectives	Preventive
Include the capturing and alerting of performance variances in the notification system. CC ID 12929	Leadership and high level objectives	Preventive
Include the capturing and alerting of weaknesses in the notification system. CC ID 12928	Leadership and high level objectives	Preventive
Include the capturing and alerting of account activity in the notification system. CC ID 15314	Leadership and high level objectives	Preventive
Analyze organizational objectives, functions, and activities. CC ID 00598	Leadership and high level objectives	Preventive
Monitor regulatory trends to maintain compliance. CC ID 00604	Leadership and high level objectives	Detective
Monitor the usage and capacity of critical assets. CC ID 14825	Monitoring and measurement	Detective
Monitor the usage and capacity of Information Technology assets. CC ID 00668	Monitoring and measurement	Detective
Monitor systems for errors and faults. CC ID 04544 [Identify, report, and correct system flaws. 03.14.01 a.]	Monitoring and measurement	Detective
Establish, implement, and maintain intrusion management operations. CC ID 00580	Monitoring and measurement	Preventive
Monitor systems for inappropriate usage and other security violations. CC ID 00585 [Monitor the system to detect: 03.14.06 a. {inbound communications traffic} Monitor inbound and outbound communications traffic to detect unusual or unauthorized activities or conditions. 03.14.06 c.]	Monitoring and measurement	Detective
Monitor systems for blended attacks and multiple component incidents. CC ID 01225 [Monitor the system to detect: Attacks and indicators of potential attacks and 03.14.06 a.1.]	Monitoring and measurement	Detective
Monitor systems for Denial of Service attacks. CC ID 01222	Monitoring and measurement	Detective
Monitor systems for unauthorized data transfers. CC ID 12971	Monitoring and measurement	Preventive
Monitor systems for access to restricted data or restricted information. CC ID 04721	Monitoring and measurement	Detective
Detect unauthorized access to systems. CC ID 06798 [Monitor the system to detect: Unauthorized connections. 03.14.06 a.2. Identify unauthorized use of the system. 03.14.06 b. Monitor the system to detect: Attacks and indicators of potential attacks and 03.14.06 a.1.]	Monitoring and measurement	Detective
Incorporate potential red flags into the organization's incident management system. CC ID 04652	Monitoring and measurement	Detective
Alert interested personnel when suspicious activity is detected by an Intrusion Detection System or Intrusion Prevention System. CC ID 06430	Monitoring and measurement	Detective
Alert interested personnel and affected parties when an incident causes an outage. CC ID 06808	Monitoring and measurement	Detective
Monitor systems for unauthorized mobile code. CC ID 10034 [Authorize, monitor, and control the use of mobile code. 03.13.13 b.]	Monitoring and measurement	Preventive
Monitor the organization's exposure to threats, as necessary. CC ID 06494	Monitoring and measurement	Preventive
Monitor and evaluate environmental threats. CC ID 13481	Monitoring and measurement	Detective
Monitor for new vulnerabilities. CC ID 06843 [Monitor and scan the system for vulnerabilities [Assignment: organization-defined frequency] and when new vulnerabilities affecting the system are identified. 03.11.02 a.]	Monitoring and measurement	Preventive
Monitor devices continuously for conformance with production specifications. CC ID 06201	Monitoring and measurement	Detective
Alert appropriate personnel when rogue devices are discovered on the network. CC ID 06428	Monitoring and measurement	Corrective
Establish, implement, and maintain a corrective action plan. CC ID 00675	Monitoring and measurement	Detective
Include monitoring in the corrective action plan. CC ID 11645 [Update the existing plan of action and milestones based on the findings from: 03.12.02 b.]	Monitoring and measurement	Detective
Enforce information flow control. CC ID 11781	Technical security	Preventive
Create a full text analysis on executed privileged functions. CC ID 06778	Technical security	Detective
Monitor and evaluate all remote access usage. CC ID 00563	Technical security	Detective
Log and react to all malicious code activity. CC ID 07072	Technical security	Detective
Escort uncleared personnel who need to work in or access controlled access areas. CC ID 00747 [{maintenance personnel} Designate organizational personnel with required access authorizations and technical competence to supervise the maintenance activities of personnel who an style="background-color:#B7D8ED;" class="term_primary-verb">do not possess the required access authorizations. 03.07.06 d.]	Physical and environmental protection	Preventive
Monitor for unauthorized physical access at physical entry points and physical exit points. CC ID 01638 [Monitor physical access to the facility where the system resides to detect and respond to physical security incidents. 03.10.02 a.]	Physical and environmental protection	Detective
Log the exit of a staff member to a facility or designated rooms within the facility. CC ID 11675	Physical and environmental protection	Preventive
Observe restricted areas with motion detectors or closed-circuit television systems. CC ID 01328	Physical and environmental protection	Detective
Review and correlate all data collected from video cameras and/or access control mechanisms with other entries. CC ID 11609	Physical and environmental protection	Detective
Evaluate and react to when unauthorized access is detected by physical entry point alarms. CC ID 11677	Physical and environmental protection	Detective
Monitor for alarmed security doors being propped open. CC ID 06684	Physical and environmental protection	Detective
Monitor and measure the effectiveness of security awareness. CC ID 06262	Human Resources management	Detective
Analyze and evaluate training records to improve the training program. CC ID 06380	Human Resources management	Detective
Identify discrepancies between the asset register database and the Information Technology inventory, as necessary. CC ID 07052	Operational management	Corrective
Investigate and resolve discrepancies between the asset register database and the Information Technology inventory. CC ID 07053	Operational management	Corrective
Automate software license monitoring, as necessary. CC ID 07057	Operational management	Preventive
Determine the incident severity level when assessing the security incidents. CC ID 01650	Operational management	Corrective
Require personnel to monitor for and report known or suspected compromise of assets. CC ID 16453	Operational management	Detective
Require personnel to monitor for and report suspicious account activity. CC ID 16462	Operational management	Detective
Respond to and triage when an incident is detected. CC ID 06942	Operational management	Detective
Escalate incidents, as necessary. CC ID 14861	Operational management	Corrective
Check the precursors and indicators when assessing the security incidents. CC ID 01761	Operational management	Corrective
Detect any potentially undiscovered security vulnerabilities on previously compromised systems. CC ID 06265	Operational management	Detective
Include lessons learned from analyzing security violations in the Incident Management program. CC ID 01234	Operational management	Preventive

Physical and Environmental Protection

Mandated - bold Implied - italic Implementation - regular	IMPACT ZONE	CLASS
KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term
Control physical access to (and within) the facility. CC ID 01329 [{entry points} Enforce physical access authorizations at entry and exit points to the facility where the system resides by: Controlling ingress and egress with physical access control systems, devices, or guards. 03.10.07 a.2.]	Physical and environmental protection	Preventive
Meet the physical access requirements of disabled individuals, if reasonably possible. CC ID 00419	Physical and environmental protection	Preventive
Secure physical entry points with physical access controls or security guards. CC ID 01640 [{entry points} Enforce physical access authorizations at entry and exit points to the facility where the system resides by: Controlling ingress and egress with physical access control systems, devices, or guards. 03.10.07 a.2.]	Physical and environmental protection	Detective
Configure the access control system to grant access only during authorized working hours. CC ID 12325	Physical and environmental protection	Preventive
Check the visitor's stated identity against a provided government issued identification. CC ID 06701	Physical and environmental protection	Preventive
Change access requirements to organizational assets for personnel and visitors, as necessary. CC ID 12463	Physical and environmental protection	Corrective
Issue photo identification badges to all employees. CC ID 12326	Physical and environmental protection	Preventive
Report lost badges, stolen badges, and broken badges to the Security Manager. CC ID 12334	Physical and environmental protection	Preventive
Manage visitor identification inside the facility. CC ID 11670	Physical and environmental protection	Preventive
Secure unissued visitor identification badges. CC ID 06712	Physical and environmental protection	Preventive
Include name, date of entry, and validity period on disposable identification cards or badges. CC ID 12331	Physical and environmental protection	Preventive
Restrict access to the badge system to authorized personnel. CC ID 12043	Physical and environmental protection	Preventive
Enforce dual control for badge assignments. CC ID 12328	Physical and environmental protection	Preventive
Enforce dual control for accessing unassigned identification cards or badges. CC ID 12327	Physical and environmental protection	Preventive
Refrain from imprinting the company name or company logo on identification cards or badges. CC ID 12282	Physical and environmental protection	Preventive
Prevent tailgating through physical entry points. CC ID 06685	Physical and environmental protection	Preventive
Use locks to protect against unauthorized physical access. CC ID 06342	Physical and environmental protection	Preventive
Monitor physical entry point alarms. CC ID 01639	Physical and environmental protection	Detective
Establish, implement, and maintain physical security controls for distributed assets. CC ID 00718	Physical and environmental protection	Preventive
Use locked containers to transport non-digital media outside of controlled areas. CC ID 14286	Physical and environmental protection	Preventive
Restrict physical access to distributed assets. CC ID 11865 [Control physical access to output devices to prevent unauthorized individuals from obtaining access to CUI. 03.10.07 e.]	Physical and environmental protection	Preventive
House network hardware in lockable rooms or lockable equipment cabinets. CC ID 01873	Physical and environmental protection	Preventive
Protect electronic storage media with physical access controls. CC ID 00720	Physical and environmental protection	Preventive
Physically secure all electronic storage media that store restricted data or restricted information. CC ID 11664 [Physically control and securely store system media that contain CUI. 03.08.01 ¶ 1]	Physical and environmental protection	Preventive
Store removable storage media containing restricted data or restricted information using electronic media storage cabinets or electronic media storage vaults. CC ID 00717	Physical and environmental protection	Preventive
Protect the combinations for all combination locks. CC ID 02199	Physical and environmental protection	Preventive
Establish and maintain eavesdropping protection for vaults. CC ID 02231	Physical and environmental protection	Preventive
Protect distributed assets against theft. CC ID 06799	Physical and environmental protection	Preventive
Include the use of privacy filters in the mobile device security guidelines. CC ID 16452	Physical and environmental protection	Preventive
Refrain from responding to unsolicited Personal Identification Number requests. CC ID 12430	Physical and environmental protection	Preventive
Refrain from pairing Bluetooth devices in unsecured areas. CC ID 12429	Physical and environmental protection	Preventive
Install and protect network cabling. CC ID 08624	Physical and environmental protection	Preventive
Conduct environmental surveys. CC ID 00690	Operational management	Preventive
Control and monitor all maintenance tools. CC ID 01432 [Approve, control, and monitor the use of system maintenance tools. 03.07.04 a. {does not contain} Prevent the removal of system maintenance equipment containing CUI by verifying that there is no CUI on the equipment, sanitizing or destroying the equipment, or retaining the equipment within the facility. 03.07.04 c.]	Operational management	Detective

Process or Activity

Mandated - bold Implied - italic Implementation - regular	IMPACT ZONE	CLASS
KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term
Update or adjust fraud detection systems, as necessary. CC ID 13684	Monitoring and measurement	Corrective
Align the enterprise architecture with the system security plan. CC ID 14255	Monitoring and measurement	Preventive
Identify risk management measures when testing in scope systems. CC ID 14960	Monitoring and measurement	Detective
Request an extension of the validity period of technical documentation assessment certificates, as necessary. CC ID 17228	Monitoring and measurement	Preventive
Define the validity period for technical documentation assessment certificates. CC ID 17227	Monitoring and measurement	Preventive
Ensure protocols are free from injection flaws. CC ID 16401	Monitoring and measurement	Preventive
Approve the vulnerability management program. CC ID 15722	Monitoring and measurement	Preventive
Review documentation to determine the effectiveness of in scope controls. CC ID 16522	Audits and risk management	Preventive
Analyze supply chain risk management procedures, as necessary. CC ID 13198	Audits and risk management	Detective
Set access control for objects and users to "deny all" unless explicitly authorized. CC ID 06301	Technical security	Preventive
Enforce the network segmentation requirements. CC ID 16381	Technical security	Preventive
Use a passive asset inventory discovery tool to identify assets when network mapping. CC ID 13735	Technical security	Detective
Use an active asset inventory discovery tool to identify sensitive information for data flow diagrams. CC ID 13737	Technical security	Detective
Include testing and approving all network connections through the firewall in the firewall and router configuration standard. CC ID 01270	Technical security	Detective
Update application layer firewalls to the most current version. CC ID 12037	Technical security	Preventive
Assign virtual escorting to authorized personnel. CC ID 16440	Technical security	Preventive
Remove malware when malicious code is discovered. CC ID 13691	Technical security	Corrective
Implement physical identification processes. CC ID 13715	Physical and environmental protection	Preventive
Refrain from using knowledge-based authentication for in-person identity verification. CC ID 13717	Physical and environmental protection	Preventive
Record the assigned identification card or badge serial number when issuing an identification card or badge. CC ID 06714	Physical and environmental protection	Preventive
Include identity proofing processes in the identification issuance procedures. CC ID 06597	Physical and environmental protection	Preventive
Prohibit assets from being taken off-site absent prior authorization. CC ID 12027	Physical and environmental protection	Preventive
Include a "Return to Sender" text file on mobile devices. CC ID 17075	Physical and environmental protection	Preventive
Control physical access to network cables. CC ID 00723 [Control physical access to system distribution and transmission lines within organizational facilities. 03.10.08 ¶ 1]	Physical and environmental protection	Preventive
Perform backup procedures for in scope systems. CC ID 11692	Operational and Systems Continuity	Preventive
Scan devices for malicious code when an individual returns from locations deemed to be of risk. CC ID 10599 [Apply the following security requirements to the systems or components when the individuals return from travel: [Assignment: organization-defined security requirements]. 03.04.12 b.]	Human Resources management	Detective
Include interconnected systems and Software as a Service in the Information Technology inventory. CC ID 04885	Operational management	Preventive
Determine the cost of the incident when assessing security incidents. CC ID 17188	Operational management	Detective
Determine the duration of unscheduled downtime when assessing security incidents CC ID 17182	Operational management	Detective
Determine the duration of the incident when assessing security incidents. CC ID 17181	Operational management	Detective
Include support from law enforcement authorities when conducting incident response activities, as necessary. CC ID 13197	Operational management	Corrective
Coordinate incident response activities with interested personnel and affected parties. CC ID 13196	Operational management	Corrective
Contain the incident to prevent further loss. CC ID 01751 [Implement an incident-handling capability that is consistent with the incident response plan and includes preparation, detection and analysis, containment, eradication, and recovery. 03.06.01 ¶ 1]	Operational management	Corrective
Revoke the written request to delay the notification. CC ID 16843	Operational management	Preventive
Post the incident response notification on the organization's website. CC ID 16809	Operational management	Preventive
Document the determination for providing a substitute incident response notification. CC ID 16841	Operational management	Preventive
Conduct incident investigations, as necessary. CC ID 13826	Operational management	Detective
Perform emergency changes, as necessary. CC ID 12707	Operational management	Preventive
Back up emergency changes after the change has been performed. CC ID 12734	Operational management	Preventive
Conduct network certifications prior to approving change requests for networks. CC ID 13121	Operational management	Detective
Establish, implement, and maintain a patch management program. CC ID 00896	Operational management	Preventive
Determine how long to keep records and logs before disposing them. CC ID 11661	Records management	Preventive
Review the information classification of the information that the organization collects, processes, and stores, as necessary. CC ID 13008 [Review the content on publicly accessible systems for CUI and remove such information, if discovered. 03.01.22 b.]	Records management	Detective
Formalize client and third party relationships with contracts or nondisclosure agreements. CC ID 00794	Third Party and supply chain oversight	Detective
Establish, implement, and maintain Service Level Agreements with the organization's supply chain. CC ID 00838 [Approve and manage the exchange of CUI between the system and other systems using [Selection (one or more): interconnection security agreements; information exchange security agreements; memoranda of understanding or agreement; service-level agreements; user agreements; non-disclosure agreements; other types of agreements]. 03.12.05 a.]	Third Party and supply chain oversight	Preventive
Assess third parties' compliance environment during due diligence. CC ID 13134	Third Party and supply chain oversight	Detective

Records Management

Mandated - bold Implied - italic Implementation - regular	IMPACT ZONE	CLASS
KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term
Retain penetration test results according to internal policy. CC ID 10049	Monitoring and measurement	Preventive
Retain penetration test remediation action records according to internal policy. CC ID 11629	Monitoring and measurement	Preventive
Maintain vulnerability scan reports as organizational records. CC ID 12092	Monitoring and measurement	Preventive
Archive Public Key certificate records according to organizational Records Management rules. CC ID 07090	Technical security	Preventive
Retain video events according to Records Management procedures. CC ID 06304	Physical and environmental protection	Preventive
Control the transiting and internal distribution or external distribution of assets. CC ID 00963 [Protect and control system media that contain CUI during transport outside of controlled areas. 03.08.05 a.]	Physical and environmental protection	Preventive
Obtain management authorization for restricted storage media transit or distribution from a controlled access area. CC ID 00964	Physical and environmental protection	Preventive
Separate duplicate originals and backup media from the original electronic storage media. CC ID 00961	Physical and environmental protection	Preventive
Treat archive media as evidence. CC ID 00960	Physical and environmental protection	Preventive
Control the storage of restricted storage media. CC ID 00965	Physical and environmental protection	Preventive
Include source code in the asset inventory. CC ID 14858	Operational management	Preventive
Establish, implement, and maintain incident management audit logs. CC ID 13514	Operational management	Preventive
Retain records in accordance with applicable requirements. CC ID 00968 [Retain audit records for a time period consistent with the records retention policy. 03.03.03 b. Manage and retain CUI within the system and CUI output from the system in accordance with applicable laws, Executive Orders, directives, regulations, policies, standards, guidelines, and operational requirements. 03.14.08 ¶ 1]	Records management	Preventive
Label printed output for specific record categories as directed by the organization's information classification standard. CC ID 01420	Records management	Detective
Establish, implement, and maintain security controls appropriate to the record types and electronic storage media. CC ID 00943	Records management	Preventive

Systems Continuity

Mandated - bold Implied - italic Implementation - regular	IMPACT ZONE	CLASS
KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term
Prepare the alternate facility for an emergency offsite relocation. CC ID 00744	Operational and Systems Continuity	Preventive

Systems Design, Build, and Implementation

Mandated - bold Implied - italic Implementation - regular	IMPACT ZONE	CLASS
KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term
Implement gateways between security domains. CC ID 16493	Technical security	Preventive
Include each Information System's system boundaries in the Information Technology inventory. CC ID 00695	Operational management	Preventive
Validate the system before implementing approved changes. CC ID 01510	Operational management	Preventive
Establish, implement, and maintain traceability documentation. CC ID 16388	Operational management	Preventive
Initiate the System Development Life Cycle planning phase. CC ID 06266	Systems design, build, and implementation	Preventive
Establish, implement, and maintain security design principles. CC ID 14718 [Apply the following systems security engineering principles to the development or modification of the system and system components: [Assignment: organization-defined systems security engineering principles]. 03.16.01 ¶ 1]	Systems design, build, and implementation	Preventive
Include reduced complexity of systems or system components in the security design principles. CC ID 14753	Systems design, build, and implementation	Preventive
Include self-reliant trustworthiness of systems or system components in the security design principles. CC ID 14752	Systems design, build, and implementation	Preventive
Include partially ordered dependencies of systems or system components in the security design principles. CC ID 14751	Systems design, build, and implementation	Preventive
Include modularity and layering of systems or system components in the security design principles. CC ID 14750	Systems design, build, and implementation	Preventive
Include secure evolvability of systems or system components in the security design principles. CC ID 14749	Systems design, build, and implementation	Preventive
Include least common mechanisms between systems or system components in the security design principles. CC ID 14747	Systems design, build, and implementation	Preventive
Include secure system modification of systems or system components in the security design principles. CC ID 14746	Systems design, build, and implementation	Preventive
Include clear abstractions of systems or system components in the security design principles. CC ID 14745	Systems design, build, and implementation	Preventive
Include secure failure and recovery of systems or system components in the security design principles. CC ID 14744	Systems design, build, and implementation	Preventive
Include repeatable and documented procedures for systems or system components in the security design principles. CC ID 14743	Systems design, build, and implementation	Preventive
Include least privilege of systems or system components in the security design principles. CC ID 14742	Systems design, build, and implementation	Preventive
Include minimized sharing of systems or system components in the security design principles. CC ID 14741	Systems design, build, and implementation	Preventive
Include acceptable security of systems or system components in the security design principles. CC ID 14740	Systems design, build, and implementation	Preventive
Include minimized security elements in systems or system components in the security design principles. CC ID 14739	Systems design, build, and implementation	Preventive
Include hierarchical protection in systems or system components in the security design principles. CC ID 14738	Systems design, build, and implementation	Preventive
Include self-analysis of systems or system components in the security design principles. CC ID 14737	Systems design, build, and implementation	Preventive
Include inverse modification thresholds in systems or system components in the security design principles. CC ID 14736	Systems design, build, and implementation	Preventive
Include efficiently mediated access to systems or system components in the security design principles. CC ID 14735	Systems design, build, and implementation	Preventive
Include secure distributed composition of systems or system components in the security design principles. CC ID 14734	Systems design, build, and implementation	Preventive
Include minimization of systems or system components in the security design principles. CC ID 14733	Systems design, build, and implementation	Preventive
Include secure defaults in systems or system components in the security design principles. CC ID 14732	Systems design, build, and implementation	Preventive
Include trusted communications channels for systems or system components in the security design principles. CC ID 14731	Systems design, build, and implementation	Preventive
Include economic security in systems or system components in the security design principles. CC ID 14730	Systems design, build, and implementation	Preventive
Include trusted components of systems or system components in the security design principles. CC ID 14729	Systems design, build, and implementation	Preventive
Include procedural rigor in systems or system components in the security design principles. CC ID 14728	Systems design, build, and implementation	Preventive
Include accountability and traceability of systems or system components in the security design principles. CC ID 14727	Systems design, build, and implementation	Preventive
Include hierarchical trust in systems or system components in the security design principles. CC ID 14726	Systems design, build, and implementation	Preventive
Include sufficient documentation for systems or system components in the security design principles. CC ID 14725	Systems design, build, and implementation	Preventive
Include performance security of systems or system components in the security design principles. CC ID 14724	Systems design, build, and implementation	Preventive
Include human factored security in systems or system components in the security design principles. CC ID 14723	Systems design, build, and implementation	Preventive
Include secure metadata management of systems or system components in the security design principles. CC ID 14722	Systems design, build, and implementation	Preventive
Include predicate permission of systems or system components in the security design principles. CC ID 14721	Systems design, build, and implementation	Preventive

Technical Security

189

Mandated - bold Implied - italic Implementation - regular	IMPACT ZONE	CLASS
KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term
Subscribe to a threat intelligence service to receive notification of emerging threats. CC ID 12135 [Receive system security alerts, advisories, and directives from external organizations on an ongoing basis. 03.14.03 a.]	Leadership and high level objectives	Detective
Establish, implement, and maintain log analysis tools. CC ID 17056	Monitoring and measurement	Preventive
Identify cybersecurity events in event logs and audit logs. CC ID 13206	Monitoring and measurement	Detective
Conduct Red Team exercises, as necessary. CC ID 12131	Monitoring and measurement	Detective
Test security systems and associated security procedures, as necessary. CC ID 11901	Monitoring and measurement	Detective
Scan wireless networks for rogue devices. CC ID 11623	Monitoring and measurement	Detective
Implement incident response procedures when rogue devices are discovered. CC ID 11880	Monitoring and measurement	Corrective
Establish, implement, and maintain a port scan baseline for all in scope systems. CC ID 12134	Monitoring and measurement	Detective
Perform internal penetration tests, as necessary. CC ID 12471	Monitoring and measurement	Detective
Perform external penetration tests, as necessary. CC ID 12470	Monitoring and measurement	Detective
Perform application-layer penetration testing on all systems, as necessary. CC ID 11630	Monitoring and measurement	Detective
Perform penetration testing on segmentation controls, as necessary. CC ID 12498	Monitoring and measurement	Detective
Prevent adversaries from disabling or compromising security controls. CC ID 17057	Monitoring and measurement	Preventive
Estimate the maximum bandwidth of any covert channels. CC ID 10653	Monitoring and measurement	Detective
Reduce the maximum bandwidth of covert channels. CC ID 10655	Monitoring and measurement	Corrective
Perform vulnerability scans, as necessary. CC ID 11637 [Monitor and scan the system for vulnerabilities [Assignment: organization-defined frequency] and when new vulnerabilities affecting the system are identified. 03.11.02 a.]	Monitoring and measurement	Detective
Identify and document security vulnerabilities. CC ID 11857	Monitoring and measurement	Detective
Use dedicated user accounts when conducting vulnerability scans. CC ID 12098	Monitoring and measurement	Preventive
Assign vulnerability scanning to qualified personnel or external third parties. CC ID 11638	Monitoring and measurement	Detective
Correlate vulnerability scan reports from the various systems. CC ID 10636	Monitoring and measurement	Detective
Perform vulnerability scans prior to installing payment applications. CC ID 12192	Monitoring and measurement	Detective
Implement scanning tools, as necessary. CC ID 14282	Monitoring and measurement	Detective
Repeat vulnerability scanning after an approved change occurs. CC ID 12468	Monitoring and measurement	Detective
Perform external vulnerability scans, as necessary. CC ID 11624	Monitoring and measurement	Detective
Use automated mechanisms to compare new vulnerability scan reports with past vulnerability scan reports. CC ID 10635	Monitoring and measurement	Detective
Perform vulnerability assessments, as necessary. CC ID 11828	Monitoring and measurement	Corrective
Review applications for security vulnerabilities after the application is updated. CC ID 11938	Monitoring and measurement	Detective
Perform penetration tests and vulnerability scans in concert, as necessary. CC ID 12111	Monitoring and measurement	Preventive
Test the system for insecure cryptographic storage. CC ID 11635	Monitoring and measurement	Detective
Recommend mitigation techniques based on vulnerability scan reports. CC ID 11639	Monitoring and measurement	Corrective
Correct or mitigate vulnerabilities. CC ID 12497 [Remediate system vulnerabilities within [Assignment: organization-defined response times]. 03.11.02 b.]	Monitoring and measurement	Corrective
Establish, implement, and maintain an exception management process for vulnerabilities that cannot be remediated. CC ID 13859	Monitoring and measurement	Corrective
Protect against misusing automated audit tools. CC ID 04547 [Protect audit information and audit logging tools from unauthorized access, modification, and deletion. 03.03.08 a.]	Monitoring and measurement	Preventive
Evaluate the information technology products used for metrics. CC ID 11644	Monitoring and measurement	Detective
Identify information system users. CC ID 12081 [Specify: Authorized users of the system, 03.01.01 c.1.]	Technical security	Detective
Review user accounts. CC ID 00525 [Monitor the use of system accounts. 03.01.01 e.]	Technical security	Detective
Identify and authenticate processes running on information systems that act on behalf of users. CC ID 12082 [Allow only authorized system access for users (or processes acting on behalf of users) that is necessary to accomplish assigned organizational tasks. 03.01.05 a. Uniquely identify and authenticate system users, and associate that unique identification with processes acting on behalf of those users. 03.05.01 a.]	Technical security	Detective
Review shared accounts. CC ID 11840	Technical security	Detective
Control access rights to organizational assets. CC ID 00004 [Restrict access to CUI on system media to authorized personnel or roles. 03.08.02 ¶ 1]	Technical security	Preventive
Generate but refrain from storing authenticators or Personal Identification Numbers for systems involved in high risk activities. CC ID 06835	Technical security	Preventive
Define access needs for each system component of an information system. CC ID 12456	Technical security	Preventive
Define the level of privilege required for each system component of an information system. CC ID 12457	Technical security	Preventive
Establish access rights based on least privilege. CC ID 01411 [Allow only authorized system access for users (or processes acting on behalf of users) that is necessary to accomplish assigned organizational tasks. 03.01.05 a.]	Technical security	Preventive
Assign user permissions based on job responsibilities. CC ID 00538 [Authorize access to the system based on: Intended system usage. 03.01.01 d.2.]	Technical security	Preventive
Assign user privileges after they have management sign off. CC ID 00542	Technical security	Preventive
Establish, implement, and maintain lockout procedures or lockout mechanisms to be triggered after a predetermined number of consecutive logon attempts. CC ID 01412 [Enforce a limit of [Assignment: organization-defined number] consecutive invalid logon attempts by a user during a [Assignment: organization-defined time period]. 03.01.08 a. Automatically [Selection (one or more): lock the account or node for an [Assignment: organization-defined time period]; lock the account or node until released by an administrator; delay next logon prompt; notify system administrator; take other action] when the maximum number of unsuccessful attempts is exceeded. 03.01.08 b. Automatically [Selection (one or more): lock the account or node for an [Assignment: organization-defined time period]; lock the account or node until released by an administrator; delay next logon prompt; notify system administrator; take other action] when the maximum number of unsuccessful attempts is exceeded. 03.01.08 b.]	Technical security	Preventive
Disallow unlocking user accounts absent system administrator approval. CC ID 01413 [Automatically [Selection (one or more): lock the account or node for an [Assignment: organization-defined time period]; lock the account or node until released by an administrator; delay next logon prompt; notify system administrator; take other action] when the maximum number of unsuccessful attempts is exceeded. 03.01.08 b.]	Technical security	Preventive
Establish session authenticity through Transport Layer Security. CC ID 01627 [Protect the authenticity of communications sessions. 03.13.15 ¶ 1]	Technical security	Preventive
Include all system components in the access control system. CC ID 11939	Technical security	Preventive
Enable access control for objects and users to match restrictions set by the system's security classification. CC ID 04850	Technical security	Preventive
Enable attribute-based access control for objects and users on information systems. CC ID 16351	Technical security	Preventive
Enable role-based access control for objects and users on information systems. CC ID 12458	Technical security	Preventive
Enforce access restrictions for change control. CC ID 01428 [{physical access restriction} Define, document, approve, and enforce physical and logical access restrictions associated with changes to the system. 03.04.05 ¶ 1 {physical access restriction} Define, document, approve, and enforce physical and logical access restrictions associated with changes to the system. 03.04.05 ¶ 1 {physical access restriction} Define, document, approve, and enforce physical and logical access restrictions associated with changes to the system. 03.04.05 ¶ 1]	Technical security	Preventive
Permit a limited set of user actions absent identification and authentication. CC ID 04849	Technical security	Preventive
Activate third party maintenance accounts and user identifiers, as necessary. CC ID 04262	Technical security	Preventive
Display a logon banner and appropriate logon message before granting access to the system. CC ID 06770 [{privacy notices} Display a system use notification message with privacy and security notices consistent with applicable CUI rules before granting access to the system. 03.01.09 ¶ 1]	Technical security	Preventive
Use automatic equipment identification as a method of connection authentication absent an individual's identification and authentication. CC ID 06964	Technical security	Preventive
Control user privileges. CC ID 11665 [{information system} Restrict s="term_primary-noun">privileged accounts on the system to [Assignment: organization-defined personnel or roles]. 03.01.06 a. Specify: Access authorizations (i.e., privileges) for each account. 03.01.01 c.3.]	Technical security	Preventive
Review all user privileges, as necessary. CC ID 06784 [Review the privileges assigned to roles or classes of users [Assignment: organization-defined frequency] to validate the need for such privileges. 03.01.05 c. Reassign or remove privileges, as necessary. 03.01.05 d.]	Technical security	Preventive
Review each user's access capabilities when their role changes. CC ID 00524	Technical security	Preventive
Enable products restricted by Digital Rights Management to be used while offline. CC ID 07094	Technical security	Preventive
Establish, implement, and maintain User Access Management procedures. CC ID 00514	Technical security	Preventive
Review and approve logical access to all assets based upon organizational policies. CC ID 06641 [Enforce approved authorizations for logical access to CUI and system resources in accordance with applicable access control policies. 03.01.02 ¶ 1 Receive authorization from organizational personnel or roles to assign an individual, group, role, service, or device identifier. 03.05.05 a.]	Technical security	Preventive
Control the addition and modification of user identifiers, user credentials, or other authenticators. CC ID 00515 [Select and assign an identifier that identifies an individual, group, role, service, or device. 03.05.05 b.]	Technical security	Preventive
Automate access control methods, as necessary. CC ID 11838	Technical security	Preventive
Automate Access Control Systems, as necessary. CC ID 06854	Technical security	Preventive
Refrain from storing logon credentials for third party applications. CC ID 13690	Technical security	Preventive
Refrain from allowing user access to identifiers and authenticators used by applications. CC ID 10048	Technical security	Preventive
Remove inactive user accounts, as necessary. CC ID 00517 [Disable system accounts when: The accounts have expired, 03.01.01 f.1. Disable system accounts when: The accounts have been inactive for [Assignment: organization-defined time period], 03.01.01 f.2. Disable system accounts when: The accounts are no longer associated with a user or individual, 03.01.01 f.3. Disable system accounts when: The accounts are in violation of organizational policy, or 03.01.01 f.4.]	Technical security	Corrective
Establish, implement, and maintain user accounts in accordance with the organizational Governance, Risk, and Compliance framework. CC ID 00526 [Define the types of system accounts allowed and prohibited. 03.01.01 a. Create, enable, modify, disable, and remove system accounts in accordance with policy, procedures, prerequisites, and criteria. 03.01.01 b. Create, enable, modify, disable, and remove system accounts in accordance with policy, procedures, prerequisites, and criteria. 03.01.01 b. Create, enable, modify, disable, and remove system accounts in accordance with policy, procedures, prerequisites, and criteria. 03.01.01 b. Create, enable, modify, disable, and remove system accounts in accordance with policy, procedures, prerequisites, and criteria. 03.01.01 b. Disable system accounts when: Significant risks associated with individuals are discovered. 03.01.01 f.5.]	Technical security	Preventive
Include digital identification procedures in the access control program. CC ID 11841	Technical security	Preventive
Require proper authentication for user identifiers. CC ID 11785	Technical security	Preventive
Identify and control all network access controls. CC ID 00529	Technical security	Preventive
Protect system or device management and control planes from unwanted user plane traffic. CC ID 17063	Technical security	Preventive
Ensure the data plane, control plane, and management plane have been segregated according to organizational standards. CC ID 16385	Technical security	Preventive
Manage all external network connections. CC ID 11842 [Authorize the connection of mobile devices to the system. 03.01.18 b. Terminate the network connection associated with a communications session at the end of the session or after [Assignment: organization-defined time period] of inactivity. 03.13.09 ¶ 1]	Technical security	Preventive
Route outbound Internet traffic through a proxy server that supports decrypting network traffic. CC ID 12116	Technical security	Preventive
Prevent the insertion of unauthorized network traffic into secure networks. CC ID 17050	Technical security	Preventive
Prohibit systems from connecting directly to internal networks outside the demilitarized zone (DMZ). CC ID 16360	Technical security	Preventive
Refrain from disclosing Internet Protocol addresses, routing information, and DNS names, unless necessary. CC ID 11891	Technical security	Preventive
Segregate systems in accordance with organizational standards. CC ID 12546	Technical security	Preventive
Implement resource-isolation mechanisms in organizational networks. CC ID 16438	Technical security	Preventive
Segregate servers that contain restricted data or restricted information from direct public access. CC ID 00533	Technical security	Preventive
Prevent logical access to dedicated networks from outside the secure areas. CC ID 12310	Technical security	Preventive
Design Demilitarized Zones with proper isolation rules. CC ID 00532	Technical security	Preventive
Restrict outbound network traffic out of the Demilitarized Zone. CC ID 16881	Technical security	Preventive
Restrict inbound network traffic into the Demilitarized Zone to destination addresses within the Demilitarized Zone. CC ID 11998	Technical security	Preventive
Restrict inbound Internet traffic within the Demilitarized Zone to system components that provide publicly accessible services, protocols, and ports. CC ID 11993	Technical security	Preventive
Employ firewalls to secure network connections between networks of different security categorizations. CC ID 16373	Technical security	Preventive
Employ firewalls to secure network connections between trusted networks and untrusted networks, as necessary. CC ID 11821	Technical security	Preventive
Separate the wireless access points and wireless bridges from the wired network via a firewall. CC ID 04588	Technical security	Preventive
Employ centralized management systems to configure and control networks, as necessary. CC ID 12540	Technical security	Preventive
Include reviewing the rulesets for firewalls and routers in the firewall and router configuration standard, as necessary. CC ID 11903	Technical security	Corrective
Lock personal firewall configurations to prevent them from being disabled or changed by end users. CC ID 06420	Technical security	Preventive
Protect the firewall's network connection interfaces. CC ID 01955	Technical security	Preventive
Establish, implement, and maintain packet filtering requirements. CC ID 16362	Technical security	Preventive
Filter packets based on IPv6 header fields. CC ID 17048	Technical security	Preventive
Configure firewall filtering to only permit established connections into the network. CC ID 12482	Technical security	Preventive
Filter traffic at firewalls based on application layer attributes. CC ID 17054	Technical security	Preventive
Review and approve information exchange system connections. CC ID 07143	Technical security	Preventive
Establish, implement, and maintain measures to detect and prevent the use of unsafe internet services. CC ID 13104	Technical security	Preventive
Refrain from storing restricted data at unsafe Internet services or virtual servers. CC ID 13107	Technical security	Preventive
Block uncategorized sites using URL filtering. CC ID 12140	Technical security	Preventive
Subscribe to a URL categorization service to maintain website category definitions in the URL filter list. CC ID 12139	Technical security	Detective
Enforce privileged accounts and non-privileged accounts for system access. CC ID 00558 [Require that users (or roles) with privileged accounts use non-privileged accounts when accessing non-security functions or non-security information. 03.01.06 b. Prevent non-privileged users from executing privileged functions. 03.01.07 a.]	Technical security	Preventive
Control all methods of remote access and teleworking. CC ID 00559 [Authorize each type of remote system access prior to establishing such connections. 03.01.12 b. Authorize the remote execution of privileged commands and remote access to security-relevant information. 03.01.12 d.]	Technical security	Preventive
Refrain from allowing remote users to copy files to remote devices. CC ID 06792	Technical security	Preventive
Control remote access through a network access control. CC ID 01421 [Route remote access to the system through authorized and managed access control points. 03.01.12 c.]	Technical security	Preventive
Prohibit remote access to systems processing cleartext restricted data or restricted information. CC ID 12324	Technical security	Preventive
Employ multifactor authentication for remote access to the organization's network. CC ID 12505 [Implement multi-factor authentication and replay resistance in the establishment of nonlocal maintenance and diagnostic sessions. 03.07.05 b.]	Technical security	Preventive
Refrain from allowing individuals to self-enroll into multifactor authentication from untrusted devices. CC ID 17173	Technical security	Preventive
Implement phishing-resistant multifactor authentication techniques. CC ID 16541	Technical security	Preventive
Limit the source addresses from which remote administration is performed. CC ID 16393	Technical security	Preventive
Manage the use of encryption controls and cryptographic controls. CC ID 00570	Technical security	Preventive
Employ cryptographic controls that comply with applicable requirements. CC ID 12491 [Implement the following types of cryptography to protect the confidentiality of CUI: [Assignment: organization-defined types of cryptography]. 03.13.11 ¶ 1]	Technical security	Preventive
Bind keys to each identity. CC ID 12337	Technical security	Preventive
Generate unique cryptographic keys for each user. CC ID 12169	Technical security	Preventive
Implement decryption keys so that they are not linked to user accounts. CC ID 06851	Technical security	Preventive
Store key-encrypting keys and data-encrypting keys in different locations. CC ID 06085	Technical security	Preventive
Manage outdated cryptographic keys, compromised cryptographic keys, or revoked cryptographic keys. CC ID 06852	Technical security	Preventive
Issue authentication mechanisms that support the Public Key Infrastructure. CC ID 07092	Technical security	Preventive
Establish a Root Certification Authority to support the Public Key Infrastructure. CC ID 07084	Technical security	Preventive
Connect the Public Key Infrastructure to the organization's identity and access management system. CC ID 07091	Technical security	Preventive
Use strong data encryption to transmit in scope data or in scope information, as necessary. CC ID 00564 [Transmit passwords only over cryptographically protected channels. 03.05.07 c.]	Technical security	Preventive
Configure the encryption strength to be appropriate for the encryption methodology of the cryptographic controls. CC ID 12492	Technical security	Preventive
Encrypt traffic over networks with trusted cryptographic keys. CC ID 12490	Technical security	Preventive
Treat data messages that do not receive an acknowledgment as never been sent. CC ID 14416	Technical security	Preventive
Establish trusted paths to transmit restricted data or restricted information over public networks or wireless networks. CC ID 00568	Technical security	Preventive
Protect application services information transmitted over a public network from unauthorized modification. CC ID 12021	Technical security	Preventive
Protect application services information transmitted over a public network from unauthorized disclosure. CC ID 12020	Technical security	Preventive
Protect application services information transmitted over a public network from contract disputes. CC ID 12019	Technical security	Preventive
Protect application services information transmitted over a public network from fraudulent activity. CC ID 12018	Technical security	Preventive
Install and maintain container security solutions. CC ID 16178	Technical security	Preventive
Protect systems and devices from fragmentation based attacks and anomalies. CC ID 17058	Technical security	Preventive
Protect the system against replay attacks. CC ID 04552 [{privileged accounts} Implement replay-resistant authentication mechanisms for access to privileged and non-privileged accounts. 03.05.04 ¶ 1 Implement multi-factor authentication and replay resistance in the establishment of nonlocal maintenance and diagnostic sessions. 03.07.05 b.]	Technical security	Preventive
Analyze the behavior and characteristics of the malicious code. CC ID 10672	Technical security	Detective
Incorporate the malicious code analysis into the patch management program. CC ID 10673	Technical security	Corrective
Secure unissued access mechanisms. CC ID 06713 [Secure keys, combinations, and other physical access devices. 03.10.07 d.]	Physical and environmental protection	Preventive
Encrypt digital media containing sensitive information during transport outside controlled areas. CC ID 14258	Physical and environmental protection	Preventive
Prohibit the unauthorized remote activation of collaborative computing devices. CC ID 06768 [Prohibit the remote activation of collaborative computing devices and applications with the following exceptions: [Assignment: organization-defined exceptions where remote activation is to be allowed]. 03.13.12 a.]	Physical and environmental protection	Preventive
Indicate the active use of collaborative computing devices to users physically present at the device. CC ID 10647 [Provide an explicit indication of use to users physically present at the devices. 03.13.12 b.]	Physical and environmental protection	Preventive
Terminate access rights when notified of a personnel status change or an individual is terminated. CC ID 11826 [When individual employment is terminated: Terminate or revoke authenticators and credentials associated with the individual, and 03.09.02 a.2.]	Human Resources management	Corrective
Establish, implement, and maintain segregation of duties compensating controls if segregation of duties is not practical. CC ID 06960	Human Resources management	Preventive
Include temporary activation of remote access technologies for third parties in the Acceptable Use Policy. CC ID 11892	Operational management	Preventive
Use automated tools to collect Information Technology inventory information, as necessary. CC ID 07054	Operational management	Preventive
Link the authentication system to the asset inventory. CC ID 13718	Operational management	Preventive
Employ Dynamic Host Configuration Protocol server logging to detect systems not in the asset inventory. CC ID 12110	Operational management	Detective
Prevent users from disabling required software. CC ID 16417	Operational management	Preventive
Control remote maintenance according to the system's asset classification. CC ID 01433 [Approve and monitor nonlocal maintenance and diagnostic activities. 03.07.05 a.]	Operational management	Preventive
Approve all remote maintenance sessions. CC ID 10615 [Approve and monitor nonlocal maintenance and diagnostic activities. 03.07.05 a.]	Operational management	Preventive
Terminate remote maintenance sessions when the remote maintenance is complete. CC ID 12083 [Terminate session and network connections when nonlocal maintenance is completed. 03.07.05 c.]	Operational management	Preventive
Categorize the incident following an incident response. CC ID 13208	Operational management	Preventive
Wipe data and memory after an incident has been detected. CC ID 16850	Operational management	Corrective
Refrain from accessing compromised systems. CC ID 01752	Operational management	Corrective
Isolate compromised systems from the network. CC ID 01753	Operational management	Corrective
Change authenticators after a security incident has been detected. CC ID 06789	Operational management	Corrective
Change wireless access variables after a data loss event has been detected. CC ID 01756	Operational management	Corrective
Re-image compromised systems with secure builds. CC ID 12086	Operational management	Corrective
Integrate configuration management procedures into the incident management program. CC ID 13647	Operational management	Preventive
Respond when an integrity violation is detected, as necessary. CC ID 10678	Operational management	Corrective
Shut down systems when an integrity violation is detected, as necessary. CC ID 10679	Operational management	Corrective
Restart systems when an integrity violation is detected, as necessary. CC ID 10680	Operational management	Corrective
Integrate configuration management procedures into the change control program. CC ID 13646	Operational management	Preventive
Implement patch management software, as necessary. CC ID 12094	Operational management	Preventive
Include updates and exceptions to hardened images as a part of the patch management program. CC ID 12087	Operational management	Preventive
Review the patch log for missing patches. CC ID 13186	Operational management	Detective
Patch software. CC ID 11825	Operational management	Corrective
Patch the operating system, as necessary. CC ID 11824	Operational management	Corrective
Implement cryptographic mechanisms to authenticate software and computer firmware before installation. CC ID 10682	Operational management	Detective
Configure security parameter settings on all system components appropriately. CC ID 12041	System hardening through configuration management	Preventive
Configure session timeout and reauthentication settings according to organizational standards. CC ID 12460	System hardening through configuration management	Preventive
Use the latest approved version of all assets. CC ID 00897	System hardening through configuration management	Preventive
Refrain from using assertion lifetimes to limit each session. CC ID 13871	System hardening through configuration management	Preventive
Restrict and control the use of privileged utility programs. CC ID 12030	System hardening through configuration management	Preventive
Establish, implement, and maintain service accounts. CC ID 13861	System hardening through configuration management	Preventive
Review the ownership of service accounts, as necessary. CC ID 13863	System hardening through configuration management	Detective
Manage access credentials for service accounts. CC ID 13862	System hardening through configuration management	Preventive
Establish, implement, and maintain authenticators. CC ID 15305	System hardening through configuration management	Preventive
Restrict access to authentication files to authorized personnel, as necessary. CC ID 12127	System hardening through configuration management	Preventive
Protect authenticators or authentication factors from unauthorized modification and disclosure. CC ID 15317 [{unauthorized modification} Protect authenticator content from unauthorized disclosure and modification. 03.05.12 f.]	System hardening through configuration management	Preventive
Employ multifactor authentication for accounts with administrative privilege. CC ID 12496 [{privileged accounts} Implement multi-factor authentication for access to privileged and non-privileged accounts. 03.05.03 ¶ 1]	System hardening through configuration management	Preventive
Verify only BlackBerry Enterprise Server e-mail software and e-mail hardware is being used. CC ID 04601	System hardening through configuration management	Preventive
Verify metamessage software is not installed on BlackBerry handheld devices. CC ID 04604	System hardening through configuration management	Preventive
Store master images on securely configured servers. CC ID 12089	System hardening through configuration management	Preventive
Update the security configuration of hardened images, as necessary. CC ID 12088	System hardening through configuration management	Corrective
Establish, implement, and maintain online storage controls. CC ID 00942	Records management	Preventive
Provide encryption for different types of electronic storage media. CC ID 00945 [Implement cryptographic mechanisms to prevent the unauthorized disclosure of CUI during transmission and while in storage. 03.13.08 ¶ 1]	Records management	Preventive
Establish, implement, and maintain electronic storage media security controls. CC ID 13204 [Protect the confidentiality of backup information. 03.08.09 a.]	Records management	Preventive
Document the third parties compliance with the organization's system hardening framework. CC ID 04263 [Permit authorized individuals to use external systems to access the organizational system or to process, store, or transmit CUI only after: Verifying that the security requirements on the external systems as specified in the organization’s system security plans have been satisfied and 03.01.20 c.1.]	Third Party and supply chain oversight	Detective

Testing

Mandated - bold Implied - italic Implementation - regular	IMPACT ZONE	CLASS
KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term
Supply each in scope asset with audit reduction tool and report generation capabilities to support after-the-fact investigations without altering the event logs. CC ID 01427 [Implement an audit record reduction and report generation capability that supports audit record review, analysis, reporting requirements, and after-the-fact investigations of incidents. 03.03.06 a. Preserve the original content and time ordering of audit records. 03.03.06 b.]	Monitoring and measurement	Preventive
Establish, implement, and maintain a self-assessment approach as part of the compliance testing strategy. CC ID 12833	Monitoring and measurement	Preventive
Test compliance controls for proper functionality. CC ID 00660	Monitoring and measurement	Detective
Establish, implement, and maintain a system security plan. CC ID 01922 [Develop a system security plan that: 03.15.02 a. Review and update the system security plan [Assignment: organization-defined frequency]. 03.15.02 b.]	Monitoring and measurement	Preventive
Adhere to the system security plan. CC ID 11640	Monitoring and measurement	Detective
Validate all testing assumptions in the test plans. CC ID 00663	Monitoring and measurement	Detective
Require testing procedures to be complete. CC ID 00664	Monitoring and measurement	Detective
Determine the appropriate assessment method for each testing process in the test plan. CC ID 00665	Monitoring and measurement	Preventive
Analyze system audit reports and determine the need to perform more tests. CC ID 00666	Monitoring and measurement	Detective
Enable security controls which were disabled to conduct testing. CC ID 17031	Monitoring and measurement	Preventive
Disable dedicated accounts after testing is complete. CC ID 17033	Monitoring and measurement	Preventive
Protect systems and data during testing in the production environment. CC ID 17198	Monitoring and measurement	Preventive
Define the criteria to conduct testing in the production environment. CC ID 17197	Monitoring and measurement	Preventive
Suspend testing in a production environment, as necessary. CC ID 17231	Monitoring and measurement	Preventive
Test in scope systems for segregation of duties, as necessary. CC ID 13906	Monitoring and measurement	Detective
Include test requirements for the use of production data in the testing program. CC ID 17201	Monitoring and measurement	Preventive
Include test requirements for the use of human subjects in the testing program. CC ID 16222	Monitoring and measurement	Preventive
Test the in scope system in accordance with its intended purpose. CC ID 14961	Monitoring and measurement	Preventive
Perform network testing in accordance with organizational standards. CC ID 16448	Monitoring and measurement	Preventive
Test user accounts in accordance with organizational standards. CC ID 16421	Monitoring and measurement	Preventive
Scan organizational networks for rogue devices. CC ID 00536	Monitoring and measurement	Detective
Scan the network for wireless access points. CC ID 00370	Monitoring and measurement	Detective
Test the wireless device scanner's ability to detect rogue devices. CC ID 06859	Monitoring and measurement	Detective
Opt out of third party conformity assessments when the system meets harmonized standards. CC ID 15096	Monitoring and measurement	Preventive
Perform conformity assessments, as necessary. CC ID 15095	Monitoring and measurement	Detective
Establish, implement, and maintain a penetration testing methodology that validates scope-reduction controls through network segmentation. CC ID 11958	Monitoring and measurement	Preventive
Use dedicated user accounts when conducting penetration testing. CC ID 13728	Monitoring and measurement	Detective
Remove dedicated user accounts after penetration testing is concluded. CC ID 13729	Monitoring and measurement	Corrective
Perform penetration tests, as necessary. CC ID 00655	Monitoring and measurement	Detective
Include coverage of all in scope systems during penetration testing. CC ID 11957	Monitoring and measurement	Detective
Test the system for broken access controls. CC ID 01319	Monitoring and measurement	Detective
Test the system for broken authentication and session management. CC ID 01320	Monitoring and measurement	Detective
Test the system for insecure communications. CC ID 00535	Monitoring and measurement	Detective
Test the system for cross-site scripting attacks. CC ID 01321	Monitoring and measurement	Detective
Test the system for buffer overflows. CC ID 01322	Monitoring and measurement	Detective
Test the system for injection flaws. CC ID 01323	Monitoring and measurement	Detective
Test the system for Denial of Service. CC ID 01326	Monitoring and measurement	Detective
Test the system for insecure configuration management. CC ID 01327	Monitoring and measurement	Detective
Perform network-layer penetration testing on all systems, as necessary. CC ID 01277	Monitoring and measurement	Detective
Test the system for cross-site request forgery. CC ID 06296	Monitoring and measurement	Detective
Repeat penetration testing, as necessary. CC ID 06860	Monitoring and measurement	Detective
Test the system for covert channels. CC ID 10652	Monitoring and measurement	Detective
Test systems to determine which covert channels might be exploited. CC ID 10654	Monitoring and measurement	Detective
Conduct scanning activities in a test environment. CC ID 17036	Monitoring and measurement	Preventive
Repeat vulnerability scanning, as necessary. CC ID 11646	Monitoring and measurement	Detective
Perform internal vulnerability scans, as necessary. CC ID 00656	Monitoring and measurement	Detective
Meet the requirements for a passing score during an external vulnerability scan or rescan. CC ID 12039	Monitoring and measurement	Preventive
Test the system for unvalidated input. CC ID 01318	Monitoring and measurement	Detective
Test the system for proper error handling. CC ID 01324	Monitoring and measurement	Detective
Test the system for insecure data storage. CC ID 01325	Monitoring and measurement	Detective
Test the system for access control enforcement in all Uniform Resource Locators. CC ID 06297	Monitoring and measurement	Detective
Perform self-tests on cryptographic modules within the system. CC ID 06537	Monitoring and measurement	Detective
Perform power-up tests on cryptographic modules within the system. CC ID 06538	Monitoring and measurement	Detective
Perform conditional tests on cryptographic modules within the system. CC ID 06539	Monitoring and measurement	Detective
Document and maintain test results. CC ID 17028	Monitoring and measurement	Preventive
Evaluate the measurement process used for metrics. CC ID 06920	Monitoring and measurement	Detective
Determine if the audit assertion's in scope controls are reasonable. CC ID 06980	Audits and risk management	Detective
Document test plans for auditing in scope controls. CC ID 06985	Audits and risk management	Detective
Determine the effectiveness of in scope controls. CC ID 06984 [Assess the security requirements for the system and its environment of operation [Assignment: organization-defined frequency] to determine if the requirements have been satisfied. 03.12.01 ¶ 1]	Audits and risk management	Detective
Perform risk assessments for all target environments, as necessary. CC ID 06452 [Assess the risk (including supply chain risk) of unauthorized disclosure resulting from the processing, storage, or transmission of CUI. 03.11.01 a.]	Audits and risk management	Preventive
Perform a risk assessment prior to activating third party access to the organization's critical systems. CC ID 06455	Technical security	Detective
Employ unique identifiers. CC ID 01273 [{be unique} Manage individual identifiers by uniquely identifying each individual as [Assignment: organization-defined characteristic identifying individual status]. 03.05.05 d. Select and assign an identifier that identifies an individual, group, role, service, or device. 03.05.05 b. Uniquely identify and authenticate system users, and associate that unique identification with processes acting on behalf of those users. 03.05.01 a.]	Technical security	Detective
Authenticate user identities before manually resetting an authenticator. CC ID 04567 [Verify the identity of the individual, group, role, service, or device receiving the authenticator as part of the initial authenticator distribution. 03.05.12 a.]	Technical security	Detective
Configure firewalls to perform dynamic packet filtering. CC ID 01288	Technical security	Detective
Require the system to identify and authenticate approved devices before establishing a connection. CC ID 01429 [Uniquely identify and authenticate [Assignment: organization-defined devices or types of devices] before establishing a system connection. 03.05.02 ¶ 1]	Technical security	Preventive
Test the information exchange procedures. CC ID 17115	Technical security	Preventive
Scan the system to verify modems are disabled or removed, except the modems that are explicitly approved. CC ID 00560	Technical security	Detective
Test cryptographic key management applications, as necessary. CC ID 04829	Technical security	Detective
Implement non-repudiation for transactions. CC ID 00567	Technical security	Detective
Test all removable storage media for viruses and malicious code. CC ID 11861 [{diagnostic programs} Check media with diagnostic and test programs for malicious code before it is used in the system. 03.07.04 b.]	Technical security	Detective
Test all untrusted files or unverified files for viruses and malicious code. CC ID 01311	Technical security	Detective
Authorize visitors before granting entry to physical areas containing restricted data or restricted information. CC ID 01330	Physical and environmental protection	Preventive
Implement operational requirements for card readers. CC ID 02225	Physical and environmental protection	Preventive
Employ individuals who have the appropriate staff qualifications, staff clearances, and staff competencies. CC ID 00782	Human Resources management	Detective
Implement segregation of duties in roles and responsibilities. CC ID 00774 [Identify the duties of individuals requiring separation. 03.01.04 a. Define system access authorizations to support separation of duties. 03.01.04 b.]	Human Resources management	Detective
Conduct tests and evaluate training. CC ID 06672	Human Resources management	Detective
Conduct maintenance with authorized personnel. CC ID 01434 [Establish a process for maintenance personnel authorization. 03.07.06 a.]	Operational management	Detective
Assess all incidents to determine what information was accessed. CC ID 01226 [Implement an incident-handling capability that is consistent with the incident response plan and includes preparation, detection and analysis, containment, eradication, and recovery. 03.06.01 ¶ 1]	Operational management	Corrective
Test incident monitoring procedures. CC ID 13194	Operational management	Detective
Open a priority incident request after a security breach is detected. CC ID 04838	Operational management	Corrective
Activate the incident response notification procedures after a security breach is detected. CC ID 04839	Operational management	Corrective
Test the incident response procedures. CC ID 01216 [Test the effectiveness of the incident response capability [Assignment: organization-defined frequency]. 03.06.03 ¶ 1]	Operational management	Detective
Test proposed changes prior to their approval. CC ID 00548	Operational management	Detective
Perform risk assessments prior to approving change requests. CC ID 00888 [Analyze changes to the system to determine potential security impacts prior to change implementation. 03.04.04 a.]	Operational management	Preventive
Perform a patch test prior to deploying a patch. CC ID 00898	Operational management	Detective
Test software patches for any potential compromise of the system's security. CC ID 13175	Operational management	Detective
Review changes to computer firmware. CC ID 12226	Operational management	Detective
Certify changes to computer firmware are free of malicious logic. CC ID 12227	Operational management	Detective
Test the system's operational functionality after implementing approved changes. CC ID 06294	Operational management	Detective
Perform and pass acceptance testing before moving a system back into operation after an approved change has occurred. CC ID 04541 [Verify that the security requirements for the system continue to be satisfied after the system changes have been implemented. 03.04.04 b.]	Operational management	Detective
Verify wireless peripherals meet organizational security requirements. CC ID 00657	System hardening through configuration management	Detective
Configure security and protection software to check for up-to-date signature files. CC ID 00576 [Update malicious code protection mechanisms as new releases are available in accordance with configuration management policies and procedures. 03.14.02 b.]	System hardening through configuration management	Detective
Test systems to ensure they conform to configuration baselines. CC ID 13062	System hardening through configuration management	Detective
Include third party acknowledgment of their data protection responsibilities in third party contracts. CC ID 01364	Third Party and supply chain oversight	Detective
Include auditing third party security controls and compliance controls in third party contracts. CC ID 01366 [Implement processes, methods, and techniques to monitor security requirement compliance by external service providers on an ongoing basis. 03.16.03 c.]	Third Party and supply chain oversight	Detective
Perform risk assessments of third parties, as necessary. CC ID 06454	Third Party and supply chain oversight	Detective
Include a provision in outsourcing contracts that requires supply chain members' security requirements comply with organizational security requirements. CC ID 00359 [Require the providers of external system services used for the processing, storage, or transmission of CUI to comply with the following security requirements: [Assignment: organization-defined security requirements]. 03.16.03 a.]	Third Party and supply chain oversight	Detective

Training

Mandated - bold Implied - italic Implementation - regular	IMPACT ZONE	CLASS
KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term
Provide new hires limited network access to complete computer-based training. CC ID 17008	Human Resources management	Preventive
Submit applications for professional certification. CC ID 16192	Human Resources management	Preventive
Approve training plans, as necessary. CC ID 17193	Human Resources management	Preventive
Train personnel to recognize conditions of diseases or sicknesses, as necessary. CC ID 14383	Human Resources management	Detective
Include prevention techniques in training regarding diseases or sicknesses. CC ID 14387	Human Resources management	Preventive
Include the concept of disease clusters when training to recognize conditions of diseases or sicknesses. CC ID 14386	Human Resources management	Preventive
Train personnel to identify and communicate symptoms of exposure to disease or sickness. CC ID 14385	Human Resources management	Detective
Develop or acquire content to update the training plans. CC ID 12867 [Update security literacy training content [Assignment: organization-defined frequency] and following [Assignment: organization-defined events]. 03.02.01 b. Update role-based training content [Assignment: organization-defined frequency] and following [Assignment: organization-defined events]. 03.02.02 b.]	Human Resources management	Preventive
Establish, implement, and maintain a list of tasks to include in the training plan. CC ID 17101	Human Resources management	Preventive
Designate training facilities in the training plan. CC ID 16200	Human Resources management	Preventive
Include insider threats in the security awareness program. CC ID 16963	Human Resources management	Preventive
Include in scope external requirements in the training plan, as necessary. CC ID 13041	Human Resources management	Preventive
Conduct bespoke roles and responsibilities training, as necessary. CC ID 13192	Human Resources management	Preventive
Include risk management in the security awareness program. CC ID 13040	Human Resources management	Preventive
Conduct personal data processing training. CC ID 13757	Human Resources management	Preventive
Include in personal data processing training how to provide the contact information for the categories of personal data the organization may disclose. CC ID 13758	Human Resources management	Preventive
Include cloud security in the security awareness program. CC ID 13039	Human Resources management	Preventive
Complete security awareness training prior to being granted access to information systems or data. CC ID 17009	Human Resources management	Preventive
Include media protection in the security awareness program. CC ID 16368	Human Resources management	Preventive
Include identity and access management in the security awareness program. CC ID 17013	Human Resources management	Preventive
Include the encryption process in the security awareness program. CC ID 17014	Human Resources management	Preventive
Include physical security in the security awareness program. CC ID 16369	Human Resources management	Preventive
Include data management in the security awareness program. CC ID 17010	Human Resources management	Preventive
Include e-mail and electronic messaging in the security awareness program. CC ID 17012	Human Resources management	Preventive
Include updates on emerging issues in the security awareness program. CC ID 13184	Human Resources management	Preventive
Include cybersecurity in the security awareness program. CC ID 13183	Human Resources management	Preventive
Include implications of non-compliance in the security awareness program. CC ID 16425	Human Resources management	Preventive
Include social networking in the security awareness program. CC ID 17011	Human Resources management	Preventive
Include the acceptable use policy in the security awareness program. CC ID 15487	Human Resources management	Preventive
Train all personnel and third parties on how to recognize and report system failures. CC ID 13475	Human Resources management	Preventive
Conduct tampering prevention training. CC ID 11875	Human Resources management	Preventive
Include the mandate to refrain from installing, refrain from replacing, and refrain from returning any asset absent verification in the tampering prevention training. CC ID 11877	Human Resources management	Preventive
Include how to identify and authenticate third parties claiming to be maintenance personnel in the tampering prevention training. CC ID 11876	Human Resources management	Preventive
Include how to report tampering and unauthorized substitution in the tampering prevention training. CC ID 11879	Human Resources management	Preventive
Include how to prevent physical tampering in the tampering prevention training. CC ID 11878	Human Resources management	Preventive
Include procedures on how to inspect devices in the tampering prevention training. CC ID 11990	Human Resources management	Preventive
Train interested personnel and affected parties to collect digital forensic evidence. CC ID 08658	Human Resources management	Preventive
Conduct incident response training. CC ID 11889 [Provide incident response training to system users consistent with assigned roles and responsibilities: 03.06.04 a. Provide incident response training to system users consistent with assigned roles and responsibilities: Within [Assignment: organization-defined time period] of assuming an incident response role or responsibility or acquiring system access, 03.06.04 a.1. Provide incident response training to system users consistent with assigned roles and responsibilities: When required by system changes, and 03.06.04 a.2. Provide incident response training to system users consistent with assigned roles and responsibilities: [Assignment: organization-defined frequency] thereafter. 03.06.04 a.3.]	Operational management	Preventive

Common Controls and
mandates by Classification 253 Mandated Controls - bold
149 Implied Controls - italic 1753 Implementation

Number of Controls

2155 Total

Corrective

101

Mandated - bold Implied - italic Implementation - regular	IMPACT ZONE	TYPE
KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term
Disseminate and communicate updated guidance documentation to interested personnel and affected parties upon discovery of a new threat. CC ID 12191	Leadership and high level objectives	Communicate
Correct errors and deficiencies in a timely manner. CC ID 13501 [Identify, report, and correct system flaws. 03.14.01 a.]	Leadership and high level objectives	Business Processes
Include management's assertions on the effectiveness of internal control in the Statement on Internal Control. CC ID 14771	Leadership and high level objectives	Establish/Maintain Documentation
Report errors and faults to the appropriate personnel, as necessary. CC ID 14296 [Identify, report, and correct system flaws. 03.14.01 a.]	Monitoring and measurement	Communicate
Provide predefined suspicious activity reports for suspicious activity discovered in the event log. CC ID 06774	Monitoring and measurement	Establish/Maintain Documentation
Eliminate false positives in event logs and audit logs. CC ID 07047	Monitoring and measurement	Log Management
Follow up exceptions and anomalies identified when reviewing logs. CC ID 11925 [Review and analyze system audit records [Assignment: organization-defined frequency] for indications and the potential impact of inappropriate or unusual activity. 03.03.05 a.]	Monitoring and measurement	Investigate
Update or adjust fraud detection systems, as necessary. CC ID 13684	Monitoring and measurement	Process or Activity
Implement incident response procedures when rogue devices are discovered. CC ID 11880	Monitoring and measurement	Technical Security
Alert appropriate personnel when rogue devices are discovered on the network. CC ID 06428	Monitoring and measurement	Monitor and Evaluate Occurrences
Isolate rogue devices after a rogue device has been detected. CC ID 07061	Monitoring and measurement	Configuration
Remove dedicated user accounts after penetration testing is concluded. CC ID 13729	Monitoring and measurement	Testing
Reduce the maximum bandwidth of covert channels. CC ID 10655	Monitoring and measurement	Technical Security
Update the vulnerability scanners' vulnerability list. CC ID 10634 [Update system vulnerabilities to be scanned [Assignment: organization-defined frequency] and when new vulnerabilities are identified and reported. 03.11.02 c.]	Monitoring and measurement	Configuration
Notify the interested personnel and affected parties after the failure of an automated security test. CC ID 06748	Monitoring and measurement	Behavior
Perform vulnerability assessments, as necessary. CC ID 11828	Monitoring and measurement	Technical Security
Recommend mitigation techniques based on vulnerability scan reports. CC ID 11639	Monitoring and measurement	Technical Security
Disallow the use of payment applications when a vulnerability scan report indicates vulnerabilities are present. CC ID 12188	Monitoring and measurement	Configuration
Recommend mitigation techniques based on penetration test results. CC ID 04881	Monitoring and measurement	Establish/Maintain Documentation
Correct or mitigate vulnerabilities. CC ID 12497 [Remediate system vulnerabilities within [Assignment: organization-defined response times]. 03.11.02 b.]	Monitoring and measurement	Technical Security
Establish, implement, and maintain an exception management process for vulnerabilities that cannot be remediated. CC ID 13859	Monitoring and measurement	Technical Security
Identify and communicate improvements in metrics reporting. CC ID 06921	Monitoring and measurement	Establish/Maintain Documentation
Document and communicate a corrective action plan based on the risk assessment findings. CC ID 00705 [Develop a plan of action and milestones for the system: 03.12.02 a.]	Audits and risk management	Establish/Maintain Documentation
Notify the user when an authentication is attempted using an expired authenticator. CC ID 13818	Technical security	Communicate
Revoke asset access when a personnel status change occurs or an individual is terminated. CC ID 00516	Technical security	Behavior
Review and update accounts and access rights when notified of personnel status changes. CC ID 00788 [When individuals are reassigned or transferred to other positions in the organization: Review and confirm the ongoing operational need for current logical and physical access authorizations to the system and facility, and 03.09.02 b.1. When individuals are reassigned or transferred to other positions in the organization: Modify access authorization to correspond with any changes in operational need. 03.09.02 b.2.]	Technical security	Behavior
Remove inactive user accounts, as necessary. CC ID 00517 [Disable system accounts when: The accounts have expired, 03.01.01 f.1. Disable system accounts when: The accounts have been inactive for [Assignment: organization-defined time period], 03.01.01 f.2. Disable system accounts when: The accounts are no longer associated with a user or individual, 03.01.01 f.3. Disable system accounts when: The accounts are in violation of organizational policy, or 03.01.01 f.4.]	Technical security	Technical Security
Include reviewing the rulesets for firewalls and routers in the firewall and router configuration standard, as necessary. CC ID 11903	Technical security	Technical Security
Revoke membership in the whitelist, as necessary. CC ID 13827	Technical security	Establish/Maintain Documentation
Revoke old cryptographic keys or invalid cryptographic keys immediately. CC ID 01307	Technical security	Data and Information Management
Replace known or suspected compromised cryptographic keys immediately. CC ID 01306	Technical security	Data and Information Management
Remove malware when malicious code is discovered. CC ID 13691	Technical security	Process or Activity
Notify interested personnel and affected parties when malware is detected. CC ID 13689	Technical security	Communicate
Establish, implement, and maintain a malicious code outbreak recovery plan. CC ID 01310	Technical security	Establish/Maintain Documentation
Incorporate the malicious code analysis into the patch management program. CC ID 10673	Technical security	Technical Security
Change access requirements to organizational assets for personnel and visitors, as necessary. CC ID 12463	Physical and environmental protection	Physical and Environmental Protection
Document all lost badges in a lost badge list. CC ID 12448	Physical and environmental protection	Establish/Maintain Documentation
Terminate access rights when notified of a personnel status change or an individual is terminated. CC ID 11826 [When individual employment is terminated: Terminate or revoke authenticators and credentials associated with the individual, and 03.09.02 a.2.]	Human Resources management	Technical Security
Deny access to restricted data or restricted information when a personnel status change occurs or an individual is terminated. CC ID 01309 [When individual employment is terminated: Disable system access within [Assignment: organization-defined time period], 03.09.02 a.1.]	Human Resources management	Data and Information Management
Conduct secure coding and development training for developers. CC ID 06822	Human Resources management	Behavior
Include disciplinary actions in the Acceptable Use Policy. CC ID 00296	Operational management	Establish/Maintain Documentation
Identify discrepancies between the asset register database and the Information Technology inventory, as necessary. CC ID 07052	Operational management	Monitor and Evaluate Occurrences
Investigate and resolve discrepancies between the asset register database and the Information Technology inventory. CC ID 07053	Operational management	Monitor and Evaluate Occurrences
Determine the incident severity level when assessing the security incidents. CC ID 01650	Operational management	Monitor and Evaluate Occurrences
Escalate incidents, as necessary. CC ID 14861	Operational management	Monitor and Evaluate Occurrences
Include support from law enforcement authorities when conducting incident response activities, as necessary. CC ID 13197	Operational management	Process or Activity
Respond to all alerts from security systems in a timely manner. CC ID 06434	Operational management	Behavior
Coordinate incident response activities with interested personnel and affected parties. CC ID 13196	Operational management	Process or Activity
Contain the incident to prevent further loss. CC ID 01751 [Implement an incident-handling capability that is consistent with the incident response plan and includes preparation, detection and analysis, containment, eradication, and recovery. 03.06.01 ¶ 1]	Operational management	Process or Activity
Wipe data and memory after an incident has been detected. CC ID 16850	Operational management	Technical Security
Refrain from accessing compromised systems. CC ID 01752	Operational management	Technical Security
Isolate compromised systems from the network. CC ID 01753	Operational management	Technical Security
Store system logs for in scope systems as digital forensic evidence after a security incident has been detected. CC ID 01754	Operational management	Log Management
Change authenticators after a security incident has been detected. CC ID 06789	Operational management	Technical Security
Assess all incidents to determine what information was accessed. CC ID 01226 [Implement an incident-handling capability that is consistent with the incident response plan and includes preparation, detection and analysis, containment, eradication, and recovery. 03.06.01 ¶ 1]	Operational management	Testing
Check the precursors and indicators when assessing the security incidents. CC ID 01761	Operational management	Monitor and Evaluate Occurrences
Share incident information with interested personnel and affected parties. CC ID 01212 [Develop an incident response plan that: Addresses the sharing of incident information, and 03.06.05 a.5.]	Operational management	Data and Information Management
Share data loss event information with the media. CC ID 01759	Operational management	Behavior
Share data loss event information with interconnected system owners. CC ID 01209	Operational management	Establish/Maintain Documentation
Report data loss event information to breach notification organizations. CC ID 01210 [Report incident information to [Assignment: organization-defined authorities]. 03.06.02 c.]	Operational management	Data and Information Management
Report to breach notification organizations the time frame in which the organization will send data loss event notifications to interested personnel and affected parties. CC ID 04731	Operational management	Behavior
Notify interested personnel and affected parties of the privacy breach that affects their personal data. CC ID 00365	Operational management	Behavior
Delay sending incident response notifications under predetermined conditions. CC ID 00804	Operational management	Behavior
Establish, implement, and maintain incident response notifications. CC ID 12975	Operational management	Establish/Maintain Documentation
Provide enrollment information for identity theft prevention services or identity theft mitigation services. CC ID 13767	Operational management	Communicate
Offer identity theft prevention services or identity theft mitigation services at no cost to the affected parties. CC ID 13766	Operational management	Business Processes
Send paper incident response notifications to affected parties, as necessary. CC ID 00366	Operational management	Behavior
Determine if a substitute incident response notification is permitted if notifying affected parties. CC ID 00803	Operational management	Behavior
Use a substitute incident response notification to notify interested personnel and affected parties of the privacy breach that affects their personal data. CC ID 00368	Operational management	Behavior
Telephone incident response notifications to affected parties, as necessary. CC ID 04650	Operational management	Behavior
Publish the incident response notification in a general circulation periodical. CC ID 04651	Operational management	Behavior
Send electronic incident response notifications to affected parties, as necessary. CC ID 00367	Operational management	Behavior
Notify interested personnel and affected parties of the privacy breach about any recovered restricted data. CC ID 13347	Operational management	Communicate
Include incident recovery procedures in the Incident Management program. CC ID 01758 [Implement an incident-handling capability that is consistent with the incident response plan and includes preparation, detection and analysis, containment, eradication, and recovery. 03.06.01 ¶ 1]	Operational management	Establish/Maintain Documentation
Change wireless access variables after a data loss event has been detected. CC ID 01756	Operational management	Technical Security
Eradicate the cause of the incident after the incident has been contained. CC ID 01757	Operational management	Business Processes
Implement security controls for personnel that have accessed information absent authorization. CC ID 10611	Operational management	Human Resources Management
Re-image compromised systems with secure builds. CC ID 12086	Operational management	Technical Security
Establish, implement, and maintain temporary and emergency access authorization procedures. CC ID 00858	Operational management	Establish/Maintain Documentation
Include the organizational functions affected by disruption in the Incident Management audit log. CC ID 12238	Operational management	Log Management
Open a priority incident request after a security breach is detected. CC ID 04838	Operational management	Testing
Activate the incident response notification procedures after a security breach is detected. CC ID 04839	Operational management	Testing
Notify interested personnel and affected parties that a security breach was detected. CC ID 11788	Operational management	Communicate
Respond when an integrity violation is detected, as necessary. CC ID 10678	Operational management	Technical Security
Shut down systems when an integrity violation is detected, as necessary. CC ID 10679	Operational management	Technical Security
Restart systems when an integrity violation is detected, as necessary. CC ID 10680	Operational management	Technical Security
Approve back-out plans, as necessary. CC ID 13627	Operational management	Establish/Maintain Documentation
Deploy software patches in accordance with organizational standards. CC ID 07032	Operational management	Configuration
Patch software. CC ID 11825	Operational management	Technical Security
Patch the operating system, as necessary. CC ID 11824	Operational management	Technical Security
Deploy software patches in the disaster recovery environment to mirror those in the production environment. CC ID 13174	Operational management	Configuration
Remove outdated software after software has been updated. CC ID 11792	Operational management	Configuration
Update computer firmware, as necessary. CC ID 11755 [Install security-relevant software and firmware updates within [Assignment: organization-defined time period] of the release of the updates. 03.14.01 b.]	Operational management	Configuration
Remove outdated computer firmware after the computer firmware has been updated. CC ID 10671	Operational management	Configuration
Mitigate the adverse effects of unauthorized changes. CC ID 12244	Operational management	Business Processes
Establish, implement, and maintain a change acceptance testing log. CC ID 06392	Operational management	Establish/Maintain Documentation
Document approved configuration deviations. CC ID 08711	Operational management	Establish/Maintain Documentation
Change the authenticator for shared accounts when the group membership changes. CC ID 14249	System hardening through configuration management	Business Processes
Update the security configuration of hardened images, as necessary. CC ID 12088	System hardening through configuration management	Technical Security
Remove non-public information from publicly accessible systems. CC ID 14246 [Review the content on publicly accessible systems for CUI and remove such information, if discovered. 03.01.22 b.]	Records management	Data and Information Management
Enforce third party Service Level Agreements, as necessary. CC ID 07098	Third Party and supply chain oversight	Business Processes

Detective

230

Mandated - bold Implied - italic Implementation - regular	IMPACT ZONE	TYPE
KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term
Monitor regulatory trends to maintain compliance. CC ID 00604	Leadership and high level objectives	Monitor and Evaluate Occurrences
Subscribe to a threat intelligence service to receive notification of emerging threats. CC ID 12135 [Receive system security alerts, advisories, and directives from external organizations on an ongoing basis. 03.14.03 a.]	Leadership and high level objectives	Technical Security
Analyze organizational policies, as necessary. CC ID 14037	Leadership and high level objectives	Establish/Maintain Documentation
Map in scope assets and in scope records to external requirements. CC ID 12189	Leadership and high level objectives	Establish/Maintain Documentation
Include the counterterror protective security plan test results in the Statement on Internal Control. CC ID 06867	Leadership and high level objectives	Establish/Maintain Documentation
Include all compliance exceptions in the compliance exception standard. CC ID 01630	Leadership and high level objectives	Establish/Maintain Documentation
Monitor the usage and capacity of critical assets. CC ID 14825	Monitoring and measurement	Monitor and Evaluate Occurrences
Monitor the usage and capacity of Information Technology assets. CC ID 00668	Monitoring and measurement	Monitor and Evaluate Occurrences
Monitor systems for errors and faults. CC ID 04544 [Identify, report, and correct system flaws. 03.14.01 a.]	Monitoring and measurement	Monitor and Evaluate Occurrences
Establish, implement, and maintain logging and monitoring operations. CC ID 00637	Monitoring and measurement	Log Management
Monitor systems for inappropriate usage and other security violations. CC ID 00585 [Monitor the system to detect: 03.14.06 a. {inbound communications traffic} Monitor inbound and outbound communications traffic to detect unusual or unauthorized activities or conditions. 03.14.06 c.]	Monitoring and measurement	Monitor and Evaluate Occurrences
Monitor systems for blended attacks and multiple component incidents. CC ID 01225 [Monitor the system to detect: Attacks and indicators of potential attacks and 03.14.06 a.1.]	Monitoring and measurement	Monitor and Evaluate Occurrences
Monitor systems for Denial of Service attacks. CC ID 01222	Monitoring and measurement	Monitor and Evaluate Occurrences
Monitor systems for access to restricted data or restricted information. CC ID 04721	Monitoring and measurement	Monitor and Evaluate Occurrences
Assign roles and responsibilities for overseeing access to restricted data or restricted information. CC ID 11950	Monitoring and measurement	Human Resources Management
Detect unauthorized access to systems. CC ID 06798 [Monitor the system to detect: Unauthorized connections. 03.14.06 a.2. Identify unauthorized use of the system. 03.14.06 b. Monitor the system to detect: Attacks and indicators of potential attacks and 03.14.06 a.1.]	Monitoring and measurement	Monitor and Evaluate Occurrences
Incorporate potential red flags into the organization's incident management system. CC ID 04652	Monitoring and measurement	Monitor and Evaluate Occurrences
Alert interested personnel when suspicious activity is detected by an Intrusion Detection System or Intrusion Prevention System. CC ID 06430	Monitoring and measurement	Monitor and Evaluate Occurrences
Alert interested personnel and affected parties when an incident causes an outage. CC ID 06808	Monitoring and measurement	Monitor and Evaluate Occurrences
Operationalize key monitoring and logging concepts to ensure the audit trails capture sufficient information. CC ID 00638	Monitoring and measurement	Log Management
Establish, implement, and maintain event logging procedures. CC ID 01335 [Generate audit records for the selected event types and audit record content specified in 03.03.01 and 03.03.02. 03.03.03 a.]	Monitoring and measurement	Log Management
Review and update event logs and audit logs, as necessary. CC ID 00596 [Review and analyze system audit records [Assignment: organization-defined frequency] for indications and the potential impact of inappropriate or unusual activity. 03.03.05 a.]	Monitoring and measurement	Log Management
Correlate log entries to security controls to verify the security control's effectiveness. CC ID 13207	Monitoring and measurement	Log Management
Identify cybersecurity events in event logs and audit logs. CC ID 13206	Monitoring and measurement	Technical Security
Enable logging for all systems that meet a traceability criteria. CC ID 00640	Monitoring and measurement	Log Management
Monitor and evaluate environmental threats. CC ID 13481	Monitoring and measurement	Monitor and Evaluate Occurrences
Test compliance controls for proper functionality. CC ID 00660	Monitoring and measurement	Testing
Adhere to the system security plan. CC ID 11640	Monitoring and measurement	Testing
Validate all testing assumptions in the test plans. CC ID 00663	Monitoring and measurement	Testing
Require testing procedures to be complete. CC ID 00664	Monitoring and measurement	Testing
Analyze system audit reports and determine the need to perform more tests. CC ID 00666	Monitoring and measurement	Testing
Monitor devices continuously for conformance with production specifications. CC ID 06201	Monitoring and measurement	Monitor and Evaluate Occurrences
Conduct Red Team exercises, as necessary. CC ID 12131	Monitoring and measurement	Technical Security
Test security systems and associated security procedures, as necessary. CC ID 11901	Monitoring and measurement	Technical Security
Test in scope systems for segregation of duties, as necessary. CC ID 13906	Monitoring and measurement	Testing
Identify risk management measures when testing in scope systems. CC ID 14960	Monitoring and measurement	Process or Activity
Scan organizational networks for rogue devices. CC ID 00536	Monitoring and measurement	Testing
Scan the network for wireless access points. CC ID 00370	Monitoring and measurement	Testing
Scan wireless networks for rogue devices. CC ID 11623	Monitoring and measurement	Technical Security
Test the wireless device scanner's ability to detect rogue devices. CC ID 06859	Monitoring and measurement	Testing
Perform conformity assessments, as necessary. CC ID 15095	Monitoring and measurement	Testing
Establish, implement, and maintain a port scan baseline for all in scope systems. CC ID 12134	Monitoring and measurement	Technical Security
Compare port scan reports for in scope systems against their port scan baseline. CC ID 12162	Monitoring and measurement	Establish/Maintain Documentation
Use dedicated user accounts when conducting penetration testing. CC ID 13728	Monitoring and measurement	Testing
Perform penetration tests, as necessary. CC ID 00655	Monitoring and measurement	Testing
Perform internal penetration tests, as necessary. CC ID 12471	Monitoring and measurement	Technical Security
Perform external penetration tests, as necessary. CC ID 12470	Monitoring and measurement	Technical Security
Include coverage of all in scope systems during penetration testing. CC ID 11957	Monitoring and measurement	Testing
Test the system for broken access controls. CC ID 01319	Monitoring and measurement	Testing
Test the system for broken authentication and session management. CC ID 01320	Monitoring and measurement	Testing
Test the system for insecure communications. CC ID 00535	Monitoring and measurement	Testing
Test the system for cross-site scripting attacks. CC ID 01321	Monitoring and measurement	Testing
Test the system for buffer overflows. CC ID 01322	Monitoring and measurement	Testing
Test the system for injection flaws. CC ID 01323	Monitoring and measurement	Testing
Test the system for Denial of Service. CC ID 01326	Monitoring and measurement	Testing
Test the system for insecure configuration management. CC ID 01327	Monitoring and measurement	Testing
Perform network-layer penetration testing on all systems, as necessary. CC ID 01277	Monitoring and measurement	Testing
Test the system for cross-site request forgery. CC ID 06296	Monitoring and measurement	Testing
Perform application-layer penetration testing on all systems, as necessary. CC ID 11630	Monitoring and measurement	Technical Security
Perform penetration testing on segmentation controls, as necessary. CC ID 12498	Monitoring and measurement	Technical Security
Verify segmentation controls are operational and effective. CC ID 12545	Monitoring and measurement	Audits and Risk Management
Repeat penetration testing, as necessary. CC ID 06860	Monitoring and measurement	Testing
Test the system for covert channels. CC ID 10652	Monitoring and measurement	Testing
Estimate the maximum bandwidth of any covert channels. CC ID 10653	Monitoring and measurement	Technical Security
Test systems to determine which covert channels might be exploited. CC ID 10654	Monitoring and measurement	Testing
Perform vulnerability scans, as necessary. CC ID 11637 [Monitor and scan the system for vulnerabilities [Assignment: organization-defined frequency] and when new vulnerabilities affecting the system are identified. 03.11.02 a.]	Monitoring and measurement	Technical Security
Repeat vulnerability scanning, as necessary. CC ID 11646	Monitoring and measurement	Testing
Identify and document security vulnerabilities. CC ID 11857	Monitoring and measurement	Technical Security
Rank discovered vulnerabilities. CC ID 11940	Monitoring and measurement	Investigate
Assign vulnerability scanning to qualified personnel or external third parties. CC ID 11638	Monitoring and measurement	Technical Security
Correlate vulnerability scan reports from the various systems. CC ID 10636	Monitoring and measurement	Technical Security
Perform internal vulnerability scans, as necessary. CC ID 00656	Monitoring and measurement	Testing
Perform vulnerability scans prior to installing payment applications. CC ID 12192	Monitoring and measurement	Technical Security
Implement scanning tools, as necessary. CC ID 14282	Monitoring and measurement	Technical Security
Repeat vulnerability scanning after an approved change occurs. CC ID 12468	Monitoring and measurement	Technical Security
Perform external vulnerability scans, as necessary. CC ID 11624	Monitoring and measurement	Technical Security
Use automated mechanisms to compare new vulnerability scan reports with past vulnerability scan reports. CC ID 10635	Monitoring and measurement	Technical Security
Review applications for security vulnerabilities after the application is updated. CC ID 11938	Monitoring and measurement	Technical Security
Test the system for unvalidated input. CC ID 01318	Monitoring and measurement	Testing
Test the system for proper error handling. CC ID 01324	Monitoring and measurement	Testing
Test the system for insecure data storage. CC ID 01325	Monitoring and measurement	Testing
Test the system for access control enforcement in all Uniform Resource Locators. CC ID 06297	Monitoring and measurement	Testing
Test the system for insecure cryptographic storage. CC ID 11635	Monitoring and measurement	Technical Security
Perform self-tests on cryptographic modules within the system. CC ID 06537	Monitoring and measurement	Testing
Perform power-up tests on cryptographic modules within the system. CC ID 06538	Monitoring and measurement	Testing
Perform conditional tests on cryptographic modules within the system. CC ID 06539	Monitoring and measurement	Testing
Test in scope systems for compliance with the Configuration Baseline Documentation Record. CC ID 12130	Monitoring and measurement	Configuration
Establish, implement, and maintain a corrective action plan. CC ID 00675	Monitoring and measurement	Monitor and Evaluate Occurrences
Include monitoring in the corrective action plan. CC ID 11645 [Update the existing plan of action and milestones based on the findings from: 03.12.02 b.]	Monitoring and measurement	Monitor and Evaluate Occurrences
Evaluate the measurement process used for metrics. CC ID 06920	Monitoring and measurement	Testing
Evaluate the information technology products used for metrics. CC ID 11644	Monitoring and measurement	Technical Security
Determine if the audit assertion's in scope controls are reasonable. CC ID 06980	Audits and risk management	Testing
Document test plans for auditing in scope controls. CC ID 06985	Audits and risk management	Testing
Determine the effectiveness of in scope controls. CC ID 06984 [Assess the security requirements for the system and its environment of operation [Assignment: organization-defined frequency] to determine if the requirements have been satisfied. 03.12.01 ¶ 1]	Audits and risk management	Testing
Review incident management audit logs to determine the effectiveness of in scope controls. CC ID 12157	Audits and risk management	Audits and Risk Management
Review audit reports to determine the effectiveness of in scope controls. CC ID 12156	Audits and risk management	Audits and Risk Management
Observe processes to determine the effectiveness of in scope controls. CC ID 12155	Audits and risk management	Audits and Risk Management
Interview stakeholders to determine the effectiveness of in scope controls. CC ID 12154	Audits and risk management	Audits and Risk Management
Review policies and procedures to determine the effectiveness of in scope controls. CC ID 12144	Audits and risk management	Audits and Risk Management
Evaluate personnel status changes to determine the effectiveness of in scope controls. CC ID 16556	Audits and risk management	Audits and Risk Management
Determine whether individuals performing a control have the appropriate staff qualifications, staff clearances, and staff competencies. CC ID 16555	Audits and risk management	Audits and Risk Management
Disseminate and communicate the reviews of audit reports to organizational management. CC ID 00653 [Report findings to organizational personnel or roles. 03.03.05 b.]	Audits and risk management	Log Management
Update the risk assessment upon discovery of a new threat. CC ID 00708	Audits and risk management	Establish/Maintain Documentation
Update the risk assessment upon changes to the risk profile. CC ID 11627 [Update risk assessments [Assignment: organization-defined frequency]. 03.11.01 b.]	Audits and risk management	Establish/Maintain Documentation
Conduct external audits of risk assessments, as necessary. CC ID 13308	Audits and risk management	Audits and Risk Management
Analyze supply chain risk management procedures, as necessary. CC ID 13198	Audits and risk management	Process or Activity
Identify information system users. CC ID 12081 [Specify: Authorized users of the system, 03.01.01 c.1.]	Technical security	Technical Security
Review user accounts. CC ID 00525 [Monitor the use of system accounts. 03.01.01 e.]	Technical security	Technical Security
Match user accounts to authorized parties. CC ID 12126	Technical security	Configuration
Identify and authenticate processes running on information systems that act on behalf of users. CC ID 12082 [Allow only authorized system access for users (or processes acting on behalf of users) that is necessary to accomplish assigned organizational tasks. 03.01.05 a. Uniquely identify and authenticate system users, and associate that unique identification with processes acting on behalf of those users. 03.05.01 a.]	Technical security	Technical Security
Review shared accounts. CC ID 11840	Technical security	Technical Security
Disallow application IDs from running as privileged users. CC ID 10050	Technical security	Configuration
Perform a risk assessment prior to activating third party access to the organization's critical systems. CC ID 06455	Technical security	Testing
Notify interested personnel when user accounts are added or deleted. CC ID 14327	Technical security	Communicate
Employ unique identifiers. CC ID 01273 [{be unique} Manage individual identifiers by uniquely identifying each individual as [Assignment: organization-defined characteristic identifying individual status]. 03.05.05 d. Select and assign an identifier that identifies an individual, group, role, service, or device. 03.05.05 b. Uniquely identify and authenticate system users, and associate that unique identification with processes acting on behalf of those users. 03.05.01 a.]	Technical security	Testing
Authenticate user identities before manually resetting an authenticator. CC ID 04567 [Verify the identity of the individual, group, role, service, or device receiving the authenticator as part of the initial authenticator distribution. 03.05.12 a.]	Technical security	Testing
Use a passive asset inventory discovery tool to identify assets when network mapping. CC ID 13735	Technical security	Process or Activity
Use an active asset inventory discovery tool to identify sensitive information for data flow diagrams. CC ID 13737	Technical security	Process or Activity
Establish, implement, and maintain a sensitive information inventory. CC ID 13736	Technical security	Establish/Maintain Documentation
Include testing and approving all network connections through the firewall in the firewall and router configuration standard. CC ID 01270	Technical security	Process or Activity
Configure security alerts in firewalls to include the source Internet protocol address and destination Internet protocol address associated with long sessions. CC ID 12174	Technical security	Configuration
Configure firewalls to perform dynamic packet filtering. CC ID 01288	Technical security	Testing
Configure network access and control points to organizational standards. CC ID 12442	Technical security	Configuration
Subscribe to a URL categorization service to maintain website category definitions in the URL filter list. CC ID 12139	Technical security	Technical Security
Create a full text analysis on executed privileged functions. CC ID 06778	Technical security	Monitor and Evaluate Occurrences
Scan the system to verify modems are disabled or removed, except the modems that are explicitly approved. CC ID 00560	Technical security	Testing
Monitor and evaluate all remote access usage. CC ID 00563	Technical security	Monitor and Evaluate Occurrences
Test cryptographic key management applications, as necessary. CC ID 04829	Technical security	Testing
Implement non-repudiation for transactions. CC ID 00567	Technical security	Testing
Scan for malicious code, as necessary. CC ID 11941 [Configure malicious code protection mechanisms to: Perform scans of the system [Assignment: organization-defined frequency] and real-time scans of files from external sources at endpoints or system entry and exit points as the files are downloaded, opened, or executed; and 03.14.02 c.1.]	Technical security	Investigate
Test all removable storage media for viruses and malicious code. CC ID 11861 [{diagnostic programs} Check media with diagnostic and test programs for malicious code before it is used in the system. 03.07.04 b.]	Technical security	Testing
Test all untrusted files or unverified files for viruses and malicious code. CC ID 01311	Technical security	Testing
Log and react to all malicious code activity. CC ID 07072	Technical security	Monitor and Evaluate Occurrences
Analyze the behavior and characteristics of the malicious code. CC ID 10672	Technical security	Technical Security
Secure physical entry points with physical access controls or security guards. CC ID 01640 [{entry points} Enforce physical access authorizations at entry and exit points to the facility where the system resides by: Controlling ingress and egress with physical access control systems, devices, or guards. 03.10.07 a.2.]	Physical and environmental protection	Physical and Environmental Protection
Monitor for unauthorized physical access at physical entry points and physical exit points. CC ID 01638 [Monitor physical access to the facility where the system resides to detect and respond to physical security incidents. 03.10.02 a.]	Physical and environmental protection	Monitor and Evaluate Occurrences
Report anomalies in the visitor log to appropriate personnel. CC ID 14755	Physical and environmental protection	Investigate
Log when the vault is accessed. CC ID 06725	Physical and environmental protection	Log Management
Log when the cabinet is accessed. CC ID 11674	Physical and environmental protection	Log Management
Observe restricted areas with motion detectors or closed-circuit television systems. CC ID 01328	Physical and environmental protection	Monitor and Evaluate Occurrences
Review and correlate all data collected from video cameras and/or access control mechanisms with other entries. CC ID 11609	Physical and environmental protection	Monitor and Evaluate Occurrences
Monitor physical entry point alarms. CC ID 01639	Physical and environmental protection	Physical and Environmental Protection
Evaluate and react to when unauthorized access is detected by physical entry point alarms. CC ID 11677	Physical and environmental protection	Monitor and Evaluate Occurrences
Monitor for alarmed security doors being propped open. CC ID 06684	Physical and environmental protection	Monitor and Evaluate Occurrences
Track restricted storage media while it is in transit. CC ID 00967 [Maintain accountability of system media that contain CUI during transport outside of controlled areas. 03.08.05 b.]	Physical and environmental protection	Data and Information Management
Employ individuals who have the appropriate staff qualifications, staff clearances, and staff competencies. CC ID 00782	Human Resources management	Testing
Implement segregation of duties in roles and responsibilities. CC ID 00774 [Identify the duties of individuals requiring separation. 03.01.04 a. Define system access authorizations to support separation of duties. 03.01.04 b.]	Human Resources management	Testing
Document all training in a training record. CC ID 01423	Human Resources management	Establish/Maintain Documentation
Conduct tests and evaluate training. CC ID 06672	Human Resources management	Testing
Train personnel to recognize conditions of diseases or sicknesses, as necessary. CC ID 14383	Human Resources management	Training
Train personnel to identify and communicate symptoms of exposure to disease or sickness. CC ID 14385	Human Resources management	Training
Monitor and measure the effectiveness of security awareness. CC ID 06262	Human Resources management	Monitor and Evaluate Occurrences
Analyze and evaluate training records to improve the training program. CC ID 06380	Human Resources management	Monitor and Evaluate Occurrences
Scan devices for malicious code when an individual returns from locations deemed to be of risk. CC ID 10599 [Apply the following security requirements to the systems or components when the individuals return from travel: [Assignment: organization-defined security requirements]. 03.04.12 b.]	Human Resources management	Process or Activity
Include all electronic storage media containing restricted data or restricted information in the storage media inventory. CC ID 00962	Operational management	Establish/Maintain Documentation
Employ Dynamic Host Configuration Protocol server logging to detect systems not in the asset inventory. CC ID 12110	Operational management	Technical Security
Control and monitor all maintenance tools. CC ID 01432 [Approve, control, and monitor the use of system maintenance tools. 03.07.04 a. {does not contain} Prevent the removal of system maintenance equipment containing CUI by verifying that there is no CUI on the equipment, sanitizing or destroying the equipment, or retaining the equipment within the facility. 03.07.04 c.]	Operational management	Physical and Environmental Protection
Conduct maintenance with authorized personnel. CC ID 01434 [Establish a process for maintenance personnel authorization. 03.07.06 a.]	Operational management	Testing
Establish, implement, and maintain an anti-money laundering program. CC ID 13675	Operational management	Business Processes
Determine the cost of the incident when assessing security incidents. CC ID 17188	Operational management	Process or Activity
Determine the duration of unscheduled downtime when assessing security incidents CC ID 17182	Operational management	Process or Activity
Determine the duration of the incident when assessing security incidents. CC ID 17181	Operational management	Process or Activity
Require personnel to monitor for and report known or suspected compromise of assets. CC ID 16453	Operational management	Monitor and Evaluate Occurrences
Require personnel to monitor for and report suspicious account activity. CC ID 16462	Operational management	Monitor and Evaluate Occurrences
Identify root causes of incidents that force system changes. CC ID 13482	Operational management	Investigate
Respond to and triage when an incident is detected. CC ID 06942	Operational management	Monitor and Evaluate Occurrences
Document the incident and any relevant evidence in the incident report. CC ID 08659	Operational management	Establish/Maintain Documentation
Refrain from turning on any in scope devices that are turned off when a security incident is detected. CC ID 08677	Operational management	Investigate
Include where the digital forensic evidence was found in the forensic investigation report. CC ID 08674	Operational management	Establish/Maintain Documentation
Include the condition of the digital forensic evidence in the forensic investigation report. CC ID 08678	Operational management	Establish/Maintain Documentation
Analyze the incident response process following an incident response. CC ID 13179	Operational management	Investigate
Submit an incident management audit log to the proper authorities for each security breach that affects a predefined number of individuals, as necessary. CC ID 06326	Operational management	Log Management
Determine whether or not incident response notifications are necessary during the privacy breach investigation. CC ID 00801	Operational management	Behavior
Avoid false positive incident response notifications. CC ID 04732	Operational management	Behavior
Include information required by law in incident response notifications. CC ID 00802	Operational management	Establish/Maintain Documentation
Include how the affected parties can protect themselves from identity theft in incident response notifications. CC ID 04738	Operational management	Establish/Maintain Documentation
Detect any potentially undiscovered security vulnerabilities on previously compromised systems. CC ID 06265	Operational management	Monitor and Evaluate Occurrences
Test incident monitoring procedures. CC ID 13194	Operational management	Testing
Conduct incident investigations, as necessary. CC ID 13826	Operational management	Process or Activity
Analyze the behaviors of individuals involved in the incident during incident investigations. CC ID 14042	Operational management	Investigate
Identify the affected parties during incident investigations. CC ID 16781	Operational management	Investigate
Interview suspects during incident investigations, as necessary. CC ID 14041	Operational management	Investigate
Interview victims and witnesses during incident investigations, as necessary. CC ID 14038	Operational management	Investigate
Assign monitoring and analyzing the security alert when a security alert is received to the appropriate role in the incident response program. CC ID 11886	Operational management	Investigate
Establish, implement, and maintain incident response procedures. CC ID 01206 [Develop an incident response plan that: Provides the organization with a roadmap for implementing its incident response capability, 03.06.05 a.1.]	Operational management	Establish/Maintain Documentation
Test the incident response procedures. CC ID 01216 [Test the effectiveness of the incident response capability [Assignment: organization-defined frequency]. 03.06.03 ¶ 1]	Operational management	Testing
Test proposed changes prior to their approval. CC ID 00548	Operational management	Testing
Examine all changes to ensure they correspond with the change request. CC ID 12345	Operational management	Business Processes
Conduct network certifications prior to approving change requests for networks. CC ID 13121	Operational management	Process or Activity
Analyze mitigating controls for vulnerabilities in the network when certifying the network. CC ID 13126	Operational management	Investigate
Collect data about the network environment when certifying the network. CC ID 13125	Operational management	Investigate
Review the patch log for missing patches. CC ID 13186	Operational management	Technical Security
Perform a patch test prior to deploying a patch. CC ID 00898	Operational management	Testing
Test software patches for any potential compromise of the system's security. CC ID 13175	Operational management	Testing
Review changes to computer firmware. CC ID 12226	Operational management	Testing
Certify changes to computer firmware are free of malicious logic. CC ID 12227	Operational management	Testing
Implement cryptographic mechanisms to authenticate software and computer firmware before installation. CC ID 10682	Operational management	Technical Security
Establish, implement, and maintain approved change acceptance testing procedures. CC ID 06391	Operational management	Establish/Maintain Documentation
Test the system's operational functionality after implementing approved changes. CC ID 06294	Operational management	Testing
Perform and pass acceptance testing before moving a system back into operation after an approved change has occurred. CC ID 04541 [Verify that the security requirements for the system continue to be satisfied after the system changes have been implemented. 03.04.04 b.]	Operational management	Testing
Establish, implement, and maintain a configuration change log. CC ID 08710 [Monitor and review activities associated with configuration-controlled changes to the system. 03.04.03 d.]	Operational management	Configuration
Verify wireless peripherals meet organizational security requirements. CC ID 00657	System hardening through configuration management	Testing
Review the ownership of service accounts, as necessary. CC ID 13863	System hardening through configuration management	Technical Security
Ensure the root account is the first entry in password files. CC ID 16323	System hardening through configuration management	Data and Information Management
Configure the log to capture creates, reads, updates, or deletes of records containing personal data. CC ID 11890	System hardening through configuration management	Log Management
Configure the log to capture the information referent when personal data is being accessed. CC ID 11968	System hardening through configuration management	Log Management
Configure the log to capture each auditable event's origination. CC ID 01338 [Include the following content in audit records: Source of the event 03.03.02 a.4.]	System hardening through configuration management	Log Management
Configure the log to capture remote access information. CC ID 05596	System hardening through configuration management	Configuration
Configure the log to capture actions taken by individuals with root privileges or administrative privileges and add logging option to the root file system. CC ID 00645 [Log the execution of privileged functions. 03.01.07 b.]	System hardening through configuration management	Log Management
Configure security and protection software to check for up-to-date signature files. CC ID 00576 [Update malicious code protection mechanisms as new releases are available in accordance with configuration management policies and procedures. 03.14.02 b.]	System hardening through configuration management	Testing
Test systems to ensure they conform to configuration baselines. CC ID 13062	System hardening through configuration management	Testing
Audit the configuration of organizational assets, as necessary. CC ID 13653 [Monitor and review activities associated with configuration-controlled changes to the system. 03.04.03 d.]	System hardening through configuration management	Audits and Risk Management
Audit assets after maintenance was performed. CC ID 13657	System hardening through configuration management	Audits and Risk Management
Define each system's preservation requirements for records and logs. CC ID 00904	Records management	Establish/Maintain Documentation
Label printed output for specific record categories as directed by the organization's information classification standard. CC ID 01420	Records management	Records Management
Review the information that the organization collects, processes, and stores, as necessary. CC ID 12988	Records management	Business Processes
Review the information classification of the information that the organization collects, processes, and stores, as necessary. CC ID 13008 [Review the content on publicly accessible systems for CUI and remove such information, if discovered. 03.01.22 b.]	Records management	Process or Activity
Formalize client and third party relationships with contracts or nondisclosure agreements. CC ID 00794	Third Party and supply chain oversight	Process or Activity
Include third party acknowledgment of their data protection responsibilities in third party contracts. CC ID 01364	Third Party and supply chain oversight	Testing
Include auditing third party security controls and compliance controls in third party contracts. CC ID 01366 [Implement processes, methods, and techniques to monitor security requirement compliance by external service providers on an ongoing basis. 03.16.03 c.]	Third Party and supply chain oversight	Testing
Monitor and report on the efficacy of all Service Level Agreements using a Service Level Agreement Monitoring Chart or equivalent. CC ID 00842	Third Party and supply chain oversight	Establish/Maintain Documentation
Approve all Service Level Agreements. CC ID 00843 [Review and update the exchange agreements [Assignment: organization-defined frequency]. 03.12.05 c.]	Third Party and supply chain oversight	Establish/Maintain Documentation
Track all chargeable items in Service Level Agreements. CC ID 11616	Third Party and supply chain oversight	Business Processes
Document all chargeable items in Service Level Agreements. CC ID 00844	Third Party and supply chain oversight	Establish/Maintain Documentation
Perform risk assessments of third parties, as necessary. CC ID 06454	Third Party and supply chain oversight	Testing
Re-evaluate risk assessments of third parties, as necessary. CC ID 12158	Third Party and supply chain oversight	Audits and Risk Management
Include a provision in outsourcing contracts that requires supply chain members' security requirements comply with organizational security requirements. CC ID 00359 [Require the providers of external system services used for the processing, storage, or transmission of CUI to comply with the following security requirements: [Assignment: organization-defined security requirements]. 03.16.03 a.]	Third Party and supply chain oversight	Testing
Assess third parties' compliance environment during due diligence. CC ID 13134	Third Party and supply chain oversight	Process or Activity
Request attestation of compliance from third parties. CC ID 12067	Third Party and supply chain oversight	Establish/Maintain Documentation
Document the third parties compliance with the organization's system hardening framework. CC ID 04263 [Permit authorized individuals to use external systems to access the organizational system or to process, store, or transmit CUI only after: Verifying that the security requirements on the external systems as specified in the organization’s system security plans have been satisfied and 03.01.20 c.1.]	Third Party and supply chain oversight	Technical Security

IT Impact Zone

Mandated - bold Implied - italic Implementation - regular	IMPACT ZONE	TYPE
KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term
Leadership and high level objectives CC ID 00597	Leadership and high level objectives	IT Impact Zone
Monitoring and measurement CC ID 00636	Monitoring and measurement	IT Impact Zone
Audits and risk management CC ID 00677	Audits and risk management	IT Impact Zone
Technical security CC ID 00508	Technical security	IT Impact Zone
Physical and environmental protection CC ID 00709	Physical and environmental protection	IT Impact Zone
Operational and Systems Continuity CC ID 00731	Operational and Systems Continuity	IT Impact Zone
Human Resources management CC ID 00763	Human Resources management	IT Impact Zone
Operational management CC ID 00805	Operational management	IT Impact Zone
System hardening through configuration management CC ID 00860	System hardening through configuration management	IT Impact Zone
Records management CC ID 00902	Records management	IT Impact Zone
Systems design, build, and implementation CC ID 00989	Systems design, build, and implementation	IT Impact Zone
Acquisition or sale of facilities, technology, and services CC ID 01123	Acquisition or sale of facilities, technology, and services	IT Impact Zone
Third Party and supply chain oversight CC ID 08807	Third Party and supply chain oversight	IT Impact Zone

Preventive

1811

Mandated - bold Implied - italic Implementation - regular	IMPACT ZONE	TYPE
KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term
Establish, implement, and maintain a reporting methodology program. CC ID 02072	Leadership and high level objectives	Business Processes
Establish, implement, and maintain communication protocols. CC ID 12245	Leadership and high level objectives	Establish/Maintain Documentation
Establish, implement, and maintain alert procedures. CC ID 12406 [Generate and disseminate internal system security alerts, advisories, and directives, as necessary. 03.14.03 b.]	Leadership and high level objectives	Establish/Maintain Documentation
Include the criteria for notifications in the notification system. CC ID 17139	Leadership and high level objectives	Establish/Maintain Documentation
Include the capturing and alerting of compliance violations in the notification system. CC ID 12962	Leadership and high level objectives	Monitor and Evaluate Occurrences
Include the capturing and alerting of unethical conduct in the notification system. CC ID 12932	Leadership and high level objectives	Monitor and Evaluate Occurrences
Include the capturing and alerting of performance variances in the notification system. CC ID 12929	Leadership and high level objectives	Monitor and Evaluate Occurrences
Include the capturing and alerting of weaknesses in the notification system. CC ID 12928	Leadership and high level objectives	Monitor and Evaluate Occurrences
Include the capturing and alerting of account activity in the notification system. CC ID 15314	Leadership and high level objectives	Monitor and Evaluate Occurrences
Analyze organizational objectives, functions, and activities. CC ID 00598	Leadership and high level objectives	Monitor and Evaluate Occurrences
Disseminate and communicate emerging threats to all interested personnel and affected parties. CC ID 12185 [Generate and disseminate internal system security alerts, advisories, and directives, as necessary. 03.14.03 b.]	Leadership and high level objectives	Communicate
Establish, implement, and maintain a Quality Management framework. CC ID 07196	Leadership and high level objectives	Establish/Maintain Documentation
Establish, implement, and maintain a Quality Management program. CC ID 07201	Leadership and high level objectives	Establish/Maintain Documentation
Establish and maintain the scope of the organizational compliance framework and Information Assurance controls. CC ID 01241	Leadership and high level objectives	Establish/Maintain Documentation
Establish, implement, and maintain a policy and procedure management program. CC ID 06285 [Develop, document, and disseminate to organizational personnel or roles the policies and procedures needed to satisfy the security requirements for the protection of CUI. 03.15.01 a. Review and update policies and procedures [Assignment: organization-defined frequency]. 03.15.01 b.]	Leadership and high level objectives	Establish/Maintain Documentation
Include contact information in the organization's policies, standards, and procedures. CC ID 17167	Leadership and high level objectives	Establish/Maintain Documentation
Include the effective date on all organizational policies. CC ID 06820	Leadership and high level objectives	Establish/Maintain Documentation
Include requirements in the organization’s policies, standards, and procedures. CC ID 12956	Leadership and high level objectives	Establish/Maintain Documentation
Include threats in the organization’s policies, standards, and procedures. CC ID 12953	Leadership and high level objectives	Establish/Maintain Documentation
Assess the impact of changes to organizational policies, standards, and procedures, as necessary. CC ID 14824	Leadership and high level objectives	Business Processes
Include opportunities in the organization’s policies, standards, and procedures. CC ID 12945	Leadership and high level objectives	Establish/Maintain Documentation
Establish and maintain an Authority Document list. CC ID 07113	Leadership and high level objectives	Establish/Maintain Documentation
Document organizational procedures that harmonize external requirements, including all legal requirements. CC ID 00623	Leadership and high level objectives	Establish/Maintain Documentation
Establish, implement, and maintain full documentation of all policies, standards, and procedures that support the organization's compliance framework. CC ID 01636	Leadership and high level objectives	Establish/Maintain Documentation
Disseminate and communicate the organization’s policies, standards, and procedures to all interested personnel and affected parties. CC ID 12901	Leadership and high level objectives	Communicate
Disseminate and communicate the list of Authority Documents that support the organization's compliance framework to interested personnel and affected parties. CC ID 01312	Leadership and high level objectives	Establish/Maintain Documentation
Classify controls according to their preventive, detective, or corrective status. CC ID 06436	Leadership and high level objectives	Establish/Maintain Documentation
Publish, disseminate, and communicate a Statement on Internal Control, as necessary. CC ID 06727	Leadership and high level objectives	Establish/Maintain Documentation
Include signatures of c-level executives in the Statement on Internal Control. CC ID 14778	Leadership and high level objectives	Establish/Maintain Documentation
Include confirmation of any significant weaknesses in the Statement on Internal Control. CC ID 06861	Leadership and high level objectives	Establish/Maintain Documentation
Include roles and responsibilities in the Statement on Internal Control. CC ID 14774	Leadership and high level objectives	Establish/Maintain Documentation
Include an assurance statement regarding the counterterror protective security plan in the Statement on Internal Control. CC ID 06866	Leadership and high level objectives	Establish/Maintain Documentation
Include limitations of internal control systems in the Statement on Internal Control. CC ID 14773	Leadership and high level objectives	Establish/Maintain Documentation
Include a description of the methodology used to evaluate internal controls in the Statement on Internal Control. CC ID 14772	Leadership and high level objectives	Establish/Maintain Documentation
Assign legislative body jurisdiction to the organization's assets, as necessary. CC ID 06956	Leadership and high level objectives	Establish Roles
Approve all compliance documents. CC ID 06286	Leadership and high level objectives	Establish/Maintain Documentation
Align the Authority Document list with external requirements. CC ID 06288	Leadership and high level objectives	Establish/Maintain Documentation
Assign the appropriate roles to all applicable compliance documents. CC ID 06284	Leadership and high level objectives	Establish Roles
Identify and document the Designated Approval Authority for compliance documents. CC ID 07114	Leadership and high level objectives	Establish/Maintain Documentation
Establish, implement, and maintain a compliance exception standard. CC ID 01628	Leadership and high level objectives	Establish/Maintain Documentation
Include the authority for granting exemptions in the compliance exception standard. CC ID 14329	Leadership and high level objectives	Establish/Maintain Documentation
Include explanations, compensating controls, or risk acceptance in the compliance exceptions Exceptions document. CC ID 01631	Leadership and high level objectives	Establish/Maintain Documentation
Review the compliance exceptions in the exceptions document, as necessary. CC ID 01632	Leadership and high level objectives	Business Processes
Include when exemptions expire in the compliance exception standard. CC ID 14330	Leadership and high level objectives	Establish/Maintain Documentation
Assign the approval of compliance exceptions to the appropriate roles inside the organization. CC ID 06443	Leadership and high level objectives	Establish Roles
Include management of the exemption register in the compliance exception standard. CC ID 14328	Leadership and high level objectives	Establish/Maintain Documentation
Disseminate and communicate compliance exceptions to interested personnel and affected parties. CC ID 16945	Leadership and high level objectives	Communicate
Disseminate and communicate compliance documents to all interested personnel and affected parties. CC ID 06282 [Develop, document, and disseminate to organizational personnel or roles the policies and procedures needed to satisfy the security requirements for the protection of CUI. 03.15.01 a.]	Leadership and high level objectives	Behavior
Disseminate and communicate any compliance document changes when the documents are updated to interested personnel and affected parties. CC ID 06283	Leadership and high level objectives	Behavior
Establish, implement, and maintain intrusion management operations. CC ID 00580	Monitoring and measurement	Monitor and Evaluate Occurrences
Monitor systems for unauthorized data transfers. CC ID 12971	Monitoring and measurement	Monitor and Evaluate Occurrences
Address operational anomalies within the incident management system. CC ID 11633	Monitoring and measurement	Audits and Risk Management
Establish, implement, and maintain an Identity Theft Prevention Program. CC ID 11634	Monitoring and measurement	Audits and Risk Management
Prohibit the sale or transfer of a debt caused by identity theft. CC ID 16983	Monitoring and measurement	Acquisition/Sale of Assets or Services
Monitor systems for unauthorized mobile code. CC ID 10034 [Authorize, monitor, and control the use of mobile code. 03.13.13 b.]	Monitoring and measurement	Monitor and Evaluate Occurrences
Include the system components that generate audit records in the event logging procedures. CC ID 16426	Monitoring and measurement	Data and Information Management
Include a standard to collect and interpret event logs in the event logging procedures. CC ID 00643	Monitoring and measurement	Log Management
Protect the event logs from failure. CC ID 06290 [Take the following additional actions: [Assignment: organization-defined additional actions]. 03.03.04 b.]	Monitoring and measurement	Log Management
Overwrite the oldest records when audit logging fails. CC ID 14308	Monitoring and measurement	Data and Information Management
Supply each in scope asset with audit reduction tool and report generation capabilities to support after-the-fact investigations without altering the event logs. CC ID 01427 [Implement an audit record reduction and report generation capability that supports audit record review, analysis, reporting requirements, and after-the-fact investigations of incidents. 03.03.06 a. Preserve the original content and time ordering of audit records. 03.03.06 b.]	Monitoring and measurement	Testing
Include identity information of suspects in the suspicious activity report. CC ID 16648	Monitoring and measurement	Establish/Maintain Documentation
Compile the event logs of multiple components into a system-wide time-correlated audit trail. CC ID 01424 [Analyze and correlate audit records across different repositories to gain organization-wide situational awareness. 03.03.05 c.]	Monitoring and measurement	Audits and Risk Management
Establish, implement, and maintain log analysis tools. CC ID 17056	Monitoring and measurement	Technical Security
Reproduce the event log if a log failure is captured. CC ID 01426	Monitoring and measurement	Log Management
Document the event information to be logged in the event information log specification. CC ID 00639 [Specify the following event types selected for logging within the system: [Assignment: organization-defined event types]. 03.03.01 a.]	Monitoring and measurement	Configuration
Synchronize system clocks to an accurate and universal time source on all devices. CC ID 01340 [Use internal system clocks to generate time stamps for audit records. 03.03.07 a.]	Monitoring and measurement	Configuration
Centralize network time servers to as few as practical. CC ID 06308	Monitoring and measurement	Configuration
Disseminate and communicate information to customers about clock synchronization methods used by the organization. CC ID 13044	Monitoring and measurement	Communicate
Review and update the list of auditable events in the event logging procedures. CC ID 10097 [Review and update the event types selected for logging [Assignment: organization-defined frequency]. 03.03.01 b.]	Monitoring and measurement	Establish/Maintain Documentation
Establish, implement, and maintain a risk monitoring program. CC ID 00658 [Develop and implement a system-level continuous monitoring strategy that includes ongoing monitoring and security assessments. 03.12.03 ¶ 1 Develop and implement a system-level continuous monitoring strategy that includes ongoing monitoring and security assessments. 03.12.03 ¶ 1]	Monitoring and measurement	Establish/Maintain Documentation
Monitor the organization's exposure to threats, as necessary. CC ID 06494	Monitoring and measurement	Monitor and Evaluate Occurrences
Implement a fraud detection system. CC ID 13081	Monitoring and measurement	Business Processes
Monitor for new vulnerabilities. CC ID 06843 [Monitor and scan the system for vulnerabilities [Assignment: organization-defined frequency] and when new vulnerabilities affecting the system are identified. 03.11.02 a.]	Monitoring and measurement	Monitor and Evaluate Occurrences
Establish, implement, and maintain a compliance testing strategy. CC ID 00659	Monitoring and measurement	Establish/Maintain Documentation
Establish, implement, and maintain a self-assessment approach as part of the compliance testing strategy. CC ID 12833	Monitoring and measurement	Testing
Establish, implement, and maintain a system security plan. CC ID 01922 [Develop a system security plan that: 03.15.02 a. Review and update the system security plan [Assignment: organization-defined frequency]. 03.15.02 b.]	Monitoring and measurement	Testing
Include a system description in the system security plan. CC ID 16467	Monitoring and measurement	Establish/Maintain Documentation
Include a description of the operational context in the system security plan. CC ID 14301	Monitoring and measurement	Establish/Maintain Documentation
Include the results of the security categorization in the system security plan. CC ID 14281	Monitoring and measurement	Establish/Maintain Documentation
Include the information types in the system security plan. CC ID 14696 [Develop a system security plan that: Identifies the information types processed, stored, and transmitted by the system; 03.15.02 a.2.]	Monitoring and measurement	Establish/Maintain Documentation
Include the security requirements in the system security plan. CC ID 14274 [Develop a system security plan that: Provides an overview of the security requirements for the system; 03.15.02 a.5. Develop a system security plan that: Describes the safeguards in place or planned for meeting the security requirements; 03.15.02 a.6. Develop a system security plan that: Includes other relevant information necessary for the protection of CUI. 03.15.02 a.8.]	Monitoring and measurement	Establish/Maintain Documentation
Include cryptographic key management procedures in the system security plan. CC ID 17029	Monitoring and measurement	Establish/Maintain Documentation
Include threats in the system security plan. CC ID 14693 [Develop a system security plan that: Describes specific threats to the system that are of concern to the organization; 03.15.02 a.3.]	Monitoring and measurement	Establish/Maintain Documentation
Include network diagrams in the system security plan. CC ID 14273 [Develop a system security plan that: Defines the constituent system components; 03.15.02 a.1. Develop a system security plan that: Describes the operational environment for the system and any dependencies on or connections to other systems or system components; 03.15.02 a.4.]	Monitoring and measurement	Establish/Maintain Documentation
Include roles and responsibilities in the system security plan. CC ID 14682 [Develop a system security plan that: Identifies individuals that fulfill system roles and responsibilities; and 03.15.02 a.7.]	Monitoring and measurement	Establish/Maintain Documentation
Include backup and recovery procedures in the system security plan. CC ID 17043	Monitoring and measurement	Establish/Maintain Documentation
Include the results of the privacy risk assessment in the system security plan. CC ID 14676	Monitoring and measurement	Establish/Maintain Documentation
Include remote access methods in the system security plan. CC ID 16441	Monitoring and measurement	Establish/Maintain Documentation
Disseminate and communicate the system security plan to interested personnel and affected parties. CC ID 14275	Monitoring and measurement	Communicate
Include a description of the operational environment in the system security plan. CC ID 14272 [Develop a system security plan that: Describes the operational environment for the system and any dependencies on or connections to other systems or system components; 03.15.02 a.4.]	Monitoring and measurement	Establish/Maintain Documentation
Include the security categorizations and rationale in the system security plan. CC ID 14270	Monitoring and measurement	Establish/Maintain Documentation
Include the authorization boundary in the system security plan. CC ID 14257	Monitoring and measurement	Establish/Maintain Documentation
Align the enterprise architecture with the system security plan. CC ID 14255	Monitoring and measurement	Process or Activity
Include security controls in the system security plan. CC ID 14239	Monitoring and measurement	Establish/Maintain Documentation
Create specific test plans to test each system component. CC ID 00661	Monitoring and measurement	Establish/Maintain Documentation
Include the roles and responsibilities in the test plan. CC ID 14299	Monitoring and measurement	Establish/Maintain Documentation
Include the assessment team in the test plan. CC ID 14297	Monitoring and measurement	Establish/Maintain Documentation
Include the scope in the test plans. CC ID 14293	Monitoring and measurement	Establish/Maintain Documentation
Include the assessment environment in the test plan. CC ID 14271	Monitoring and measurement	Establish/Maintain Documentation
Approve the system security plan. CC ID 14241	Monitoring and measurement	Business Processes
Review the test plans for each system component. CC ID 00662	Monitoring and measurement	Establish/Maintain Documentation
Document validated testing processes in the testing procedures. CC ID 06200	Monitoring and measurement	Establish/Maintain Documentation
Include error details, identifying the root causes, and mitigation actions in the testing procedures. CC ID 11827	Monitoring and measurement	Establish/Maintain Documentation
Determine the appropriate assessment method for each testing process in the test plan. CC ID 00665	Monitoring and measurement	Testing
Implement automated audit tools. CC ID 04882	Monitoring and measurement	Acquisition/Sale of Assets or Services
Assign senior management to approve test plans. CC ID 13071	Monitoring and measurement	Human Resources Management
Establish, implement, and maintain a testing program. CC ID 00654 [Develop and implement a system-level continuous monitoring strategy that includes ongoing monitoring and security assessments. 03.12.03 ¶ 1]	Monitoring and measurement	Behavior
Establish, implement, and maintain a security assessment and authorization policy. CC ID 14031	Monitoring and measurement	Establish/Maintain Documentation
Establish and maintain a scoring method for Red Team exercise results. CC ID 12136	Monitoring and measurement	Establish/Maintain Documentation
Include coordination amongst entities in the security assessment and authorization policy. CC ID 14222	Monitoring and measurement	Establish/Maintain Documentation
Include the scope in the security assessment and authorization policy. CC ID 14220	Monitoring and measurement	Establish/Maintain Documentation
Include the purpose in the security assessment and authorization policy. CC ID 14219	Monitoring and measurement	Establish/Maintain Documentation
Disseminate and communicate the security assessment and authorization policy to interested personnel and affected parties. CC ID 14218	Monitoring and measurement	Communicate
Include management commitment in the security assessment and authorization policy. CC ID 14189	Monitoring and measurement	Establish/Maintain Documentation
Include compliance requirements in the security assessment and authorization policy. CC ID 14183	Monitoring and measurement	Establish/Maintain Documentation
Include roles and responsibilities in the security assessment and authorization policy. CC ID 14179	Monitoring and measurement	Establish/Maintain Documentation
Establish, implement, and maintain security assessment and authorization procedures. CC ID 14056	Monitoring and measurement	Establish/Maintain Documentation
Disseminate and communicate security assessment and authorization procedures to interested personnel and affected parties. CC ID 14224	Monitoring and measurement	Communicate
Employ third parties to carry out testing programs, as necessary. CC ID 13178	Monitoring and measurement	Human Resources Management
Enable security controls which were disabled to conduct testing. CC ID 17031	Monitoring and measurement	Testing
Document improvement actions based on test results and exercises. CC ID 16840	Monitoring and measurement	Establish/Maintain Documentation
Disable dedicated accounts after testing is complete. CC ID 17033	Monitoring and measurement	Testing
Protect systems and data during testing in the production environment. CC ID 17198	Monitoring and measurement	Testing
Delete personal data upon data subject's withdrawal from testing. CC ID 17238	Monitoring and measurement	Data and Information Management
Define the criteria to conduct testing in the production environment. CC ID 17197	Monitoring and measurement	Testing
Obtain the data subject's consent to participate in testing in real-world conditions. CC ID 17232	Monitoring and measurement	Behavior
Suspend testing in a production environment, as necessary. CC ID 17231	Monitoring and measurement	Testing
Define the test requirements for each testing program. CC ID 13177	Monitoring and measurement	Establish/Maintain Documentation
Include test requirements for the use of production data in the testing program. CC ID 17201	Monitoring and measurement	Testing
Include test requirements for the use of human subjects in the testing program. CC ID 16222	Monitoring and measurement	Testing
Test the in scope system in accordance with its intended purpose. CC ID 14961	Monitoring and measurement	Testing
Perform network testing in accordance with organizational standards. CC ID 16448	Monitoring and measurement	Testing
Notify interested personnel and affected parties prior to performing testing. CC ID 17034	Monitoring and measurement	Communicate
Test user accounts in accordance with organizational standards. CC ID 16421	Monitoring and measurement	Testing
Include mechanisms for emergency stops in the testing program. CC ID 14398	Monitoring and measurement	Establish/Maintain Documentation
Document the business need justification for authorized wireless access points. CC ID 12044	Monitoring and measurement	Establish/Maintain Documentation
Deny network access to rogue devices until network access approval has been received. CC ID 11852	Monitoring and measurement	Configuration
Establish, implement, and maintain conformity assessment procedures. CC ID 15032	Monitoring and measurement	Establish/Maintain Documentation
Share conformity assessment results with affected parties and interested personnel. CC ID 15113	Monitoring and measurement	Communicate
Notify affected parties and interested personnel of technical documentation assessment certificates that have been issued. CC ID 15112	Monitoring and measurement	Communicate
Notify affected parties and interested personnel of technical documentation assessment certificates that have been refused, withdrawn, suspended or restricted. CC ID 15111	Monitoring and measurement	Communicate
Create technical documentation assessment certificates in an official language. CC ID 15110	Monitoring and measurement	Establish/Maintain Documentation
Request an extension of the validity period of technical documentation assessment certificates, as necessary. CC ID 17228	Monitoring and measurement	Process or Activity
Define the validity period for technical documentation assessment certificates. CC ID 17227	Monitoring and measurement	Process or Activity
Opt out of third party conformity assessments when the system meets harmonized standards. CC ID 15096	Monitoring and measurement	Testing
Define the test frequency for each testing program. CC ID 13176	Monitoring and measurement	Establish/Maintain Documentation
Establish, implement, and maintain a stress test program for identification cards or badges. CC ID 15424	Monitoring and measurement	Establish/Maintain Documentation
Establish, implement, and maintain a penetration test program. CC ID 01105	Monitoring and measurement	Behavior
Disseminate and communicate the testing program to all interested personnel and affected parties. CC ID 11871	Monitoring and measurement	Communicate
Align the penetration test program with industry standards. CC ID 12469	Monitoring and measurement	Establish/Maintain Documentation
Assign penetration testing to a qualified internal resource or external third party. CC ID 06429	Monitoring and measurement	Establish Roles
Establish, implement, and maintain a penetration testing methodology that validates scope-reduction controls through network segmentation. CC ID 11958	Monitoring and measurement	Testing
Retain penetration test results according to internal policy. CC ID 10049	Monitoring and measurement	Records Management
Retain penetration test remediation action records according to internal policy. CC ID 11629	Monitoring and measurement	Records Management
Ensure protocols are free from injection flaws. CC ID 16401	Monitoring and measurement	Process or Activity
Prevent adversaries from disabling or compromising security controls. CC ID 17057	Monitoring and measurement	Technical Security
Establish, implement, and maintain a business line testing strategy. CC ID 13245	Monitoring and measurement	Establish/Maintain Documentation
Include facilities in the business line testing strategy. CC ID 13253	Monitoring and measurement	Establish/Maintain Documentation
Include electrical systems in the business line testing strategy. CC ID 13251	Monitoring and measurement	Establish/Maintain Documentation
Include mechanical systems in the business line testing strategy. CC ID 13250	Monitoring and measurement	Establish/Maintain Documentation
Include Heating Ventilation and Air Conditioning systems in the business line testing strategy. CC ID 13248	Monitoring and measurement	Establish/Maintain Documentation
Include emergency power supplies in the business line testing strategy. CC ID 13247	Monitoring and measurement	Establish/Maintain Documentation
Include environmental controls in the business line testing strategy. CC ID 13246	Monitoring and measurement	Establish/Maintain Documentation
Establish, implement, and maintain a vulnerability management program. CC ID 15721	Monitoring and measurement	Establish/Maintain Documentation
Establish, implement, and maintain a vulnerability assessment program. CC ID 11636	Monitoring and measurement	Establish/Maintain Documentation
Conduct scanning activities in a test environment. CC ID 17036	Monitoring and measurement	Testing
Use dedicated user accounts when conducting vulnerability scans. CC ID 12098	Monitoring and measurement	Technical Security
Record the vulnerability scanning activity in the vulnerability scan report. CC ID 12097	Monitoring and measurement	Establish/Maintain Documentation
Disseminate and communicate the vulnerability scan results to interested personnel and affected parties. CC ID 16418	Monitoring and measurement	Communicate
Maintain vulnerability scan reports as organizational records. CC ID 12092	Monitoring and measurement	Records Management
Employ an approved third party to perform external vulnerability scans on the organization's systems. CC ID 12467	Monitoring and measurement	Business Processes
Meet the requirements for a passing score during an external vulnerability scan or rescan. CC ID 12039	Monitoring and measurement	Testing
Approve the vulnerability management program. CC ID 15722	Monitoring and measurement	Process or Activity
Assign ownership of the vulnerability management program to the appropriate role. CC ID 15723	Monitoring and measurement	Establish Roles
Perform penetration tests and vulnerability scans in concert, as necessary. CC ID 12111	Monitoring and measurement	Technical Security
Document and maintain test results. CC ID 17028	Monitoring and measurement	Testing
Include the pass or fail test status in the test results. CC ID 17106	Monitoring and measurement	Establish/Maintain Documentation
Include time information in the test results. CC ID 17105	Monitoring and measurement	Establish/Maintain Documentation
Include a description of the system tested in the test results. CC ID 17104	Monitoring and measurement	Establish/Maintain Documentation
Disseminate and communicate the test results to interested personnel and affected parties. CC ID 17103	Monitoring and measurement	Communicate
Establish, implement, and maintain a compliance monitoring policy. CC ID 00671	Monitoring and measurement	Establish/Maintain Documentation
Establish, implement, and maintain a log management program. CC ID 00673	Monitoring and measurement	Establish/Maintain Documentation
Restrict access to logs to authorized individuals. CC ID 01342 [Authorize access to management of audit logging functionality to only a subset of privileged users or roles. 03.03.08 b.]	Monitoring and measurement	Log Management
Protect logs from unauthorized activity. CC ID 01345 [Protect audit information and audit logging tools from unauthorized access, modification, and deletion. 03.03.08 a.]	Monitoring and measurement	Log Management
Protect against misusing automated audit tools. CC ID 04547 [Protect audit information and audit logging tools from unauthorized access, modification, and deletion. 03.03.08 a.]	Monitoring and measurement	Technical Security
Establish, implement, and maintain an audit program. CC ID 00684	Audits and risk management	Establish/Maintain Documentation
Accept the attestation engagement when all preconditions are met. CC ID 13933	Audits and risk management	Business Processes
Audit in scope audit items and compliance documents. CC ID 06730	Audits and risk management	Audits and Risk Management
Review documentation to determine the effectiveness of in scope controls. CC ID 16522	Audits and risk management	Process or Activity
Establish and maintain organizational audit reports. CC ID 06731	Audits and risk management	Establish/Maintain Documentation
Disseminate and communicate the audit report to all interested personnel and affected parties identified in the distribution list. CC ID 07117	Audits and risk management	Establish/Maintain Documentation
Establish, implement, and maintain a risk management program. CC ID 12051	Audits and risk management	Establish/Maintain Documentation
Establish, implement, and maintain the risk assessment framework. CC ID 00685	Audits and risk management	Establish/Maintain Documentation
Establish, implement, and maintain a risk assessment program. CC ID 00687	Audits and risk management	Establish/Maintain Documentation
Perform risk assessments for all target environments, as necessary. CC ID 06452 [Assess the risk (including supply chain risk) of unauthorized disclosure resulting from the processing, storage, or transmission of CUI. 03.11.01 a.]	Audits and risk management	Testing
Include the probability and potential impact of pandemics in the scope of the risk assessment. CC ID 13241	Audits and risk management	Establish/Maintain Documentation
Include physical assets in the scope of the risk assessment. CC ID 13075	Audits and risk management	Establish/Maintain Documentation
Include the results of the risk assessment in the risk assessment report. CC ID 06481	Audits and risk management	Establish/Maintain Documentation
Approve the results of the risk assessment as documented in the risk assessment report. CC ID 07109	Audits and risk management	Audits and Risk Management
Review risks to the organization's audit function when changes in the supply chain occur. CC ID 01154	Audits and risk management	Audits and Risk Management
Review the risk to the audit function when the audit personnel status changes. CC ID 01153	Audits and risk management	Audits and Risk Management
Document any reasons for modifying or refraining from modifying the organization's risk assessment when the risk assessment has been reviewed. CC ID 13312	Audits and risk management	Establish/Maintain Documentation
Create a risk assessment report based on the risk assessment results. CC ID 15695	Audits and risk management	Establish/Maintain Documentation
Disseminate and communicate the approved risk assessment report to interested personnel and affected parties. CC ID 10633	Audits and risk management	Communicate
Notify the organization upon completion of the external audits of the organization's risk assessment. CC ID 13313	Audits and risk management	Communicate
Review and approve the risk assessment findings. CC ID 06485	Audits and risk management	Establish/Maintain Documentation
Include risk responses in the risk management program. CC ID 13195 [Respond to findings from security assessments, monitoring, and audits. 03.11.04 ¶ 1]	Audits and risk management	Establish/Maintain Documentation
Establish, implement, and maintain a supply chain risk management plan. CC ID 14713 [Develop a plan for managing supply chain risks associated with the research and development, design, manufacturing, acquisition, delivery, integration, operations, maintenance, and disposal of the system, system components, or system services. 03.17.01 a. Review and update the supply chain risk management plan [Assignment: organization-defined frequency]. 03.17.01 b.]	Audits and risk management	Establish/Maintain Documentation
Include processes for monitoring and reporting in the supply chain risk management plan. CC ID 15619	Audits and risk management	Establish/Maintain Documentation
Include dates in the supply chain risk management plan. CC ID 15617	Audits and risk management	Establish/Maintain Documentation
Include implementation milestones in the supply chain risk management plan. CC ID 15615	Audits and risk management	Establish/Maintain Documentation
Include roles and responsibilities in the supply chain risk management plan. CC ID 15613	Audits and risk management	Establish/Maintain Documentation
Include supply chain risk management procedures in the risk management program. CC ID 13190 [Assess the risk (including supply chain risk) of unauthorized disclosure resulting from the processing, storage, or transmission of CUI. 03.11.01 a. Establish a process for identifying and addressing weaknesses or deficiencies in the supply chain elements and processes. 03.17.03 a.]	Audits and risk management	Establish/Maintain Documentation
Disseminate and communicate the supply chain risk management procedures to all interested personnel and affected parties. CC ID 14712	Audits and risk management	Communicate
Assign key stakeholders to review and approve supply chain risk management procedures. CC ID 13199	Audits and risk management	Human Resources Management
Establish, implement, and maintain an access control program. CC ID 11702	Technical security	Establish/Maintain Documentation
Establish, implement, and maintain an access rights management plan. CC ID 00513	Technical security	Establish/Maintain Documentation
Inventory all user accounts. CC ID 13732 [Define the types of system accounts allowed and prohibited. 03.01.01 a.]	Technical security	Establish/Maintain Documentation
Establish and maintain contact information for user accounts, as necessary. CC ID 15418	Technical security	Data and Information Management
Control access rights to organizational assets. CC ID 00004 [Restrict access to CUI on system media to authorized personnel or roles. 03.08.02 ¶ 1]	Technical security	Technical Security
Configure access control lists in accordance with organizational standards. CC ID 16465	Technical security	Configuration
Add all devices requiring access control to the Access Control List. CC ID 06264	Technical security	Establish/Maintain Documentation
Generate but refrain from storing authenticators or Personal Identification Numbers for systems involved in high risk activities. CC ID 06835	Technical security	Technical Security
Define roles for information systems. CC ID 12454 [Specify: Group and role membership, and 03.01.01 c.2.]	Technical security	Human Resources Management
Define access needs for each role assigned to an information system. CC ID 12455	Technical security	Human Resources Management
Define access needs for each system component of an information system. CC ID 12456	Technical security	Technical Security
Define the level of privilege required for each system component of an information system. CC ID 12457	Technical security	Technical Security
Establish access rights based on least privilege. CC ID 01411 [Allow only authorized system access for users (or processes acting on behalf of users) that is necessary to accomplish assigned organizational tasks. 03.01.05 a.]	Technical security	Technical Security
Assign user permissions based on job responsibilities. CC ID 00538 [Authorize access to the system based on: Intended system usage. 03.01.01 d.2.]	Technical security	Technical Security
Assign user privileges after they have management sign off. CC ID 00542	Technical security	Technical Security
Separate processing domains to segregate user privileges and enhance information flow control. CC ID 06767	Technical security	Configuration
Establish, implement, and maintain lockout procedures or lockout mechanisms to be triggered after a predetermined number of consecutive logon attempts. CC ID 01412 [Enforce a limit of [Assignment: organization-defined number] consecutive invalid logon attempts by a user during a [Assignment: organization-defined time period]. 03.01.08 a. Automatically [Selection (one or more): lock the account or node for an [Assignment: organization-defined time period]; lock the account or node until released by an administrator; delay next logon prompt; notify system administrator; take other action] when the maximum number of unsuccessful attempts is exceeded. 03.01.08 b. Automatically [Selection (one or more): lock the account or node for an [Assignment: organization-defined time period]; lock the account or node until released by an administrator; delay next logon prompt; notify system administrator; take other action] when the maximum number of unsuccessful attempts is exceeded. 03.01.08 b.]	Technical security	Technical Security
Configure the lockout procedure to disregard failed logon attempts after the user is authenticated. CC ID 13822	Technical security	Configuration
Notify appropriate parties when the maximum number of unsuccessful logon attempts is exceeded. CC ID 17164 [Automatically [Selection (one or more): lock the account or node for an [Assignment: organization-defined time period]; lock the account or node until released by an administrator; delay next logon prompt; notify system administrator; take other action] when the maximum number of unsuccessful attempts is exceeded. 03.01.08 b.]	Technical security	Communicate
Disallow unlocking user accounts absent system administrator approval. CC ID 01413 [Automatically [Selection (one or more): lock the account or node for an [Assignment: organization-defined time period]; lock the account or node until released by an administrator; delay next logon prompt; notify system administrator; take other action] when the maximum number of unsuccessful attempts is exceeded. 03.01.08 b.]	Technical security	Technical Security
Establish, implement, and maintain session lock capabilities. CC ID 01417 [Prevent access to the system by [Selection (one or more): initiating a device lock after [Assignment: organization-defined time period] of inactivity; requiring the user to initiate a device lock before leaving the system unattended]. 03.01.10 a.]	Technical security	Configuration
Limit concurrent sessions according to account type. CC ID 01416	Technical security	Configuration
Establish session authenticity through Transport Layer Security. CC ID 01627 [Protect the authenticity of communications sessions. 03.13.15 ¶ 1]	Technical security	Technical Security
Configure the "tlsverify" argument to organizational standards. CC ID 14460	Technical security	Configuration
Configure the "tlscacert" argument to organizational standards. CC ID 14521	Technical security	Configuration
Configure the "tlscert" argument to organizational standards. CC ID 14520	Technical security	Configuration
Configure the "tlskey" argument to organizational standards. CC ID 14519	Technical security	Configuration
Enable access control for objects and users on each system. CC ID 04553	Technical security	Configuration
Include all system components in the access control system. CC ID 11939	Technical security	Technical Security
Set access control for objects and users to "deny all" unless explicitly authorized. CC ID 06301	Technical security	Process or Activity
Enable access control for objects and users to match restrictions set by the system's security classification. CC ID 04850	Technical security	Technical Security
Enable attribute-based access control for objects and users on information systems. CC ID 16351	Technical security	Technical Security
Enable role-based access control for objects and users on information systems. CC ID 12458	Technical security	Technical Security
Include the objects and users subject to access control in the security policy. CC ID 11836	Technical security	Establish/Maintain Documentation
Assign Information System access authorizations if implementing segregation of duties. CC ID 06323	Technical security	Establish Roles
Enforce access restrictions for change control. CC ID 01428 [{physical access restriction} Define, document, approve, and enforce physical and logical access restrictions associated with changes to the system. 03.04.05 ¶ 1 {physical access restriction} Define, document, approve, and enforce physical and logical access restrictions associated with changes to the system. 03.04.05 ¶ 1 {physical access restriction} Define, document, approve, and enforce physical and logical access restrictions associated with changes to the system. 03.04.05 ¶ 1]	Technical security	Technical Security
Enforce access restrictions for restricted data. CC ID 01921	Technical security	Data and Information Management
Permit a limited set of user actions absent identification and authentication. CC ID 04849	Technical security	Technical Security
Activate third party maintenance accounts and user identifiers, as necessary. CC ID 04262	Technical security	Technical Security
Establish, implement, and maintain a system use agreement for each information system. CC ID 06500 [Prohibit the use of external systems unless the systems are specifically authorized. 03.01.20 a. Establish the following security requirements to be satisfied on external systems prior to allowing use of or access to those systems by authorized individuals: [Assignment: organization-defined security requirements]. 03.01.20 b.]	Technical security	Establish/Maintain Documentation
Accept and sign the system use agreement before data or system access is enabled. CC ID 06501	Technical security	Establish/Maintain Documentation
Display a logon banner and appropriate logon message before granting access to the system. CC ID 06770 [{privacy notices} Display a system use notification message with privacy and security notices consistent with applicable CUI rules before granting access to the system. 03.01.09 ¶ 1]	Technical security	Technical Security
Display previous logon information in the logon banner. CC ID 01415	Technical security	Configuration
Document actions that can be performed on an information system absent identification and authentication of the user. CC ID 06771	Technical security	Establish/Maintain Documentation
Use automatic equipment identification as a method of connection authentication absent an individual's identification and authentication. CC ID 06964	Technical security	Technical Security
Control user privileges. CC ID 11665 [{information system} Restrict s="term_primary-noun">privileged accounts on the system to [Assignment: organization-defined personnel or roles]. 03.01.06 a. Specify: Access authorizations (i.e., privileges) for each account. 03.01.01 c.3.]	Technical security	Technical Security
Establish and maintain a list of individuals authorized to perform privileged functions. CC ID 17005	Technical security	Establish/Maintain Documentation
Review all user privileges, as necessary. CC ID 06784 [Review the privileges assigned to roles or classes of users [Assignment: organization-defined frequency] to validate the need for such privileges. 03.01.05 c. Reassign or remove privileges, as necessary. 03.01.05 d.]	Technical security	Technical Security
Encrypt files and move them to a secure file server when a user account is disabled. CC ID 07065	Technical security	Configuration
Review each user's access capabilities when their role changes. CC ID 00524	Technical security	Technical Security
Change authenticators after personnel status changes. CC ID 12284	Technical security	Human Resources Management
Establish and maintain a Digital Rights Management program. CC ID 07093	Technical security	Establish/Maintain Documentation
Enable products restricted by Digital Rights Management to be used while offline. CC ID 07094	Technical security	Technical Security
Establish, implement, and maintain User Access Management procedures. CC ID 00514	Technical security	Technical Security
Establish, implement, and maintain an authority for access authorization list. CC ID 06782	Technical security	Establish/Maintain Documentation
Review and approve logical access to all assets based upon organizational policies. CC ID 06641 [Enforce approved authorizations for logical access to CUI and system resources in accordance with applicable access control policies. 03.01.02 ¶ 1 Receive authorization from organizational personnel or roles to assign an individual, group, role, service, or device identifier. 03.05.05 a.]	Technical security	Technical Security
Control the addition and modification of user identifiers, user credentials, or other authenticators. CC ID 00515 [Select and assign an identifier that identifies an individual, group, role, service, or device. 03.05.05 b.]	Technical security	Technical Security
Assign roles and responsibilities for administering user account management. CC ID 11900	Technical security	Human Resources Management
Automate access control methods, as necessary. CC ID 11838	Technical security	Technical Security
Automate Access Control Systems, as necessary. CC ID 06854	Technical security	Technical Security
Refrain from storing logon credentials for third party applications. CC ID 13690	Technical security	Technical Security
Refrain from allowing user access to identifiers and authenticators used by applications. CC ID 10048	Technical security	Technical Security
Establish, implement, and maintain user accounts in accordance with the organizational Governance, Risk, and Compliance framework. CC ID 00526 [Define the types of system accounts allowed and prohibited. 03.01.01 a. Create, enable, modify, disable, and remove system accounts in accordance with policy, procedures, prerequisites, and criteria. 03.01.01 b. Create, enable, modify, disable, and remove system accounts in accordance with policy, procedures, prerequisites, and criteria. 03.01.01 b. Create, enable, modify, disable, and remove system accounts in accordance with policy, procedures, prerequisites, and criteria. 03.01.01 b. Create, enable, modify, disable, and remove system accounts in accordance with policy, procedures, prerequisites, and criteria. 03.01.01 b. Disable system accounts when: Significant risks associated with individuals are discovered. 03.01.01 f.5.]	Technical security	Technical Security
Establish, implement, and maintain access control procedures. CC ID 11663	Technical security	Establish/Maintain Documentation
Grant access to authorized personnel or systems. CC ID 12186 [Authorize access to the system based on: A valid access authorization and 03.01.01 d.1. Authorize access to [Assignment: organization-defined security functions] and [Assignment: organization-defined security-relevant information]. 03.01.05 b.]	Technical security	Configuration
Document approving and granting access in the access control log. CC ID 06786	Technical security	Establish/Maintain Documentation
Disseminate and communicate the access control log to interested personnel and affected parties. CC ID 16442	Technical security	Communicate
Include the user identifiers of all personnel who are authorized to access a system in the system record. CC ID 15171	Technical security	Establish/Maintain Documentation
Include identity information of all personnel who are authorized to access a system in the system record. CC ID 16406	Technical security	Establish/Maintain Documentation
Include the user's location in the system record. CC ID 16996	Technical security	Log Management
Include the date and time that access was reviewed in the system record. CC ID 16416	Technical security	Data and Information Management
Include the date and time that access rights were changed in the system record. CC ID 16415	Technical security	Establish/Maintain Documentation
Include digital identification procedures in the access control program. CC ID 11841	Technical security	Technical Security
Disseminate and communicate user identifiers and authenticators using secure communication protocols. CC ID 06791 [{lost authenticators} {compromised authenticators} Establish and implement administrative procedures for initial authenticator distribution; for lost, compromised, or damaged authenticators; and for revoking authenticators. 03.05.12 c.]	Technical security	Data and Information Management
Require proper authentication for user identifiers. CC ID 11785	Technical security	Technical Security
Assign authentication mechanisms for user account authentication. CC ID 06856	Technical security	Configuration
Establish and maintain a memorized secret list. CC ID 13791 [{commonly used passwords} Maintain a list of commonly-used, expected, or compromised passwords, and update the list [Assignment: organization-defined frequency] and when organizational passwords are suspected to have been compromised. 03.05.07 a. {commonly used passwords} Verify that passwords are not found on the list of commonly used, expected, or compromised passwords when users create or update passwords. 03.05.07 b.]	Technical security	Establish/Maintain Documentation
Identify and control all network access controls. CC ID 00529	Technical security	Technical Security
Establish, implement, and maintain a network configuration standard. CC ID 00530 [Establish usage restrictions, configuration requirements, and connection requirements for each type of allowable remote system access. 03.01.12 a.]	Technical security	Establish/Maintain Documentation
Establish, implement, and maintain network segmentation requirements. CC ID 16380	Technical security	Establish/Maintain Documentation
Enforce the network segmentation requirements. CC ID 16381	Technical security	Process or Activity
Protect system or device management and control planes from unwanted user plane traffic. CC ID 17063	Technical security	Technical Security
Ensure the data plane, control plane, and management plane have been segregated according to organizational standards. CC ID 16385	Technical security	Technical Security
Establish, implement, and maintain a network security policy. CC ID 06440	Technical security	Establish/Maintain Documentation
Include compliance requirements in the network security policy. CC ID 14205	Technical security	Establish/Maintain Documentation
Include coordination amongst entities in the network security policy. CC ID 14204	Technical security	Establish/Maintain Documentation
Include management commitment in the network security policy. CC ID 14203	Technical security	Establish/Maintain Documentation
Include roles and responsibilities in the network security policy. CC ID 14202	Technical security	Establish/Maintain Documentation
Include the scope in the network security policy. CC ID 14201	Technical security	Establish/Maintain Documentation
Include the purpose in the network security policy. CC ID 14200	Technical security	Establish/Maintain Documentation
Disseminate and communicate the network security policy to interested personnel and affected parties. CC ID 14199	Technical security	Communicate
Establish, implement, and maintain system and communications protection procedures. CC ID 14052	Technical security	Establish/Maintain Documentation
Disseminate and communicate the system and communications protection procedures to interested personnel and affected parties. CC ID 14206	Technical security	Communicate
Establish, implement, and maintain a wireless networking policy. CC ID 06732 [Establish usage restrictions, configuration requirements, and connection requirements for each type of wireless access to the system. 03.01.16 a. Establish usage restrictions, configuration requirements, and connection requirements for each type of wireless access to the system. 03.01.16 a. Authorize each type of wireless access to the system prior to establishing such connections. 03.01.16 b.]	Technical security	Establish/Maintain Documentation
Include usage restrictions for Bluetooth in the wireless networking policy. CC ID 16443	Technical security	Establish/Maintain Documentation
Maintain up-to-date network diagrams. CC ID 00531	Technical security	Establish/Maintain Documentation
Include the date of the most recent update on the network diagram. CC ID 14319	Technical security	Establish/Maintain Documentation
Include virtual systems in the network diagram. CC ID 16324	Technical security	Data and Information Management
Include the organization's name in the network diagram. CC ID 14318	Technical security	Establish/Maintain Documentation
Include Internet Protocol addresses in the network diagram. CC ID 16244	Technical security	Establish/Maintain Documentation
Include Domain Name System names in the network diagram. CC ID 16240	Technical security	Establish/Maintain Documentation
Accept, by formal signature, the security implications of the network topology. CC ID 12323	Technical security	Establish/Maintain Documentation
Disseminate and communicate network diagrams to interested personnel and affected parties. CC ID 13137	Technical security	Communicate
Maintain up-to-date data flow diagrams. CC ID 10059	Technical security	Establish/Maintain Documentation
Include information flows to third parties in the data flow diagram. CC ID 13185	Technical security	Establish/Maintain Documentation
Document where data-at-rest and data in transit is encrypted on the data flow diagram. CC ID 16412	Technical security	Establish/Maintain Documentation
Disseminate and communicate the data flow diagrams to interested personnel and affected parties. CC ID 16407	Technical security	Communicate
Manage all external network connections. CC ID 11842 [Authorize the connection of mobile devices to the system. 03.01.18 b. Terminate the network connection associated with a communications session at the end of the session or after [Assignment: organization-defined time period] of inactivity. 03.13.09 ¶ 1]	Technical security	Technical Security
Route outbound Internet traffic through a proxy server that supports decrypting network traffic. CC ID 12116	Technical security	Technical Security
Prevent the insertion of unauthorized network traffic into secure networks. CC ID 17050	Technical security	Technical Security
Prohibit systems from connecting directly to external networks. CC ID 08709	Technical security	Configuration
Prohibit systems from connecting directly to internal networks outside the demilitarized zone (DMZ). CC ID 16360	Technical security	Technical Security
Establish, implement, and maintain a Boundary Defense program. CC ID 00544 [Monitor and control communications at external managed interfaces to the system and key internal managed interfaces within the system. 03.13.01 a. Connect to external systems only through managed interfaces that consist of boundary protection devices arranged in accordance with an organizational security architecture. 03.13.01 c.]	Technical security	Establish/Maintain Documentation
Refrain from disclosing Internet Protocol addresses, routing information, and DNS names, unless necessary. CC ID 11891	Technical security	Technical Security
Authorize the disclosure of private Internet Protocol addresses and routing information to external entities. CC ID 12034	Technical security	Communicate
Segregate systems in accordance with organizational standards. CC ID 12546	Technical security	Technical Security
Implement gateways between security domains. CC ID 16493	Technical security	Systems Design, Build, and Implementation
Implement resource-isolation mechanisms in organizational networks. CC ID 16438	Technical security	Technical Security
Segregate servers that contain restricted data or restricted information from direct public access. CC ID 00533	Technical security	Technical Security
Prevent logical access to dedicated networks from outside the secure areas. CC ID 12310	Technical security	Technical Security
Design Demilitarized Zones with proper isolation rules. CC ID 00532	Technical security	Technical Security
Restrict outbound network traffic out of the Demilitarized Zone. CC ID 16881	Technical security	Technical Security
Restrict inbound network traffic into the Demilitarized Zone. CC ID 01285	Technical security	Data and Information Management
Restrict inbound network traffic into the Demilitarized Zone to destination addresses within the Demilitarized Zone. CC ID 11998	Technical security	Technical Security
Restrict inbound Internet traffic within the Demilitarized Zone to system components that provide publicly accessible services, protocols, and ports. CC ID 11993	Technical security	Technical Security
Segregate applications and databases that contain restricted data or restricted information in an internal network zone. CC ID 01289 [Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. 03.13.01 b.]	Technical security	Data and Information Management
Establish, implement, and maintain a network access control standard. CC ID 00546 [Establish usage restrictions, configuration requirements, and connection requirements for each type of allowable remote system access. 03.01.12 a.]	Technical security	Establish/Maintain Documentation
Include assigned roles and responsibilities in the network access control standard. CC ID 06410	Technical security	Establish Roles
Employ firewalls to secure network connections between networks of different security categorizations. CC ID 16373	Technical security	Technical Security
Employ firewalls to secure network connections between trusted networks and untrusted networks, as necessary. CC ID 11821	Technical security	Technical Security
Place firewalls between security domains and between any Demilitarized Zone and internal network zones. CC ID 01274	Technical security	Configuration
Place firewalls between wireless networks and applications or databases that contain restricted data or restricted information. CC ID 01293	Technical security	Configuration
Place firewalls between all security domains and between any secure subnet and internal network zones. CC ID 11784	Technical security	Configuration
Separate the wireless access points and wireless bridges from the wired network via a firewall. CC ID 04588	Technical security	Technical Security
Include configuration management and rulesets in the network access control standard. CC ID 11845	Technical security	Establish/Maintain Documentation
Secure the network access control standard against unauthorized changes. CC ID 11920	Technical security	Establish/Maintain Documentation
Employ centralized management systems to configure and control networks, as necessary. CC ID 12540	Technical security	Technical Security
Establish, implement, and maintain a firewall and router configuration standard. CC ID 00541	Technical security	Configuration
Include compensating controls implemented for insecure protocols in the firewall and router configuration standard. CC ID 11948	Technical security	Establish/Maintain Documentation
Include restricting inbound network traffic in the firewall and router configuration standard. CC ID 11960	Technical security	Establish/Maintain Documentation
Include restricting outbound network traffic in the firewall and router configuration standard. CC ID 11961	Technical security	Establish/Maintain Documentation
Include requirements for a firewall at each Internet connection and between any demilitarized zone and the internal network zone in the firewall and router configuration standard. CC ID 12435	Technical security	Establish/Maintain Documentation
Include network diagrams that identify connections between all subnets and wireless networks in the firewall and router configuration standard. CC ID 12434	Technical security	Establish/Maintain Documentation
Include network diagrams that identify storage or processing locations of all restricted data in the firewall and router configuration standard. CC ID 12426	Technical security	Establish/Maintain Documentation
Deny or strictly control wireless traffic to applications or databases that contain restricted data or restricted information. CC ID 11847	Technical security	Configuration
Include a protocols, ports, applications, and services list in the firewall and router configuration standard. CC ID 00537 [Prohibit or restrict use of the following functions, ports, protocols, connections, and services: [Assignment: organization-defined functions, ports, protocols, connections, and services]. 03.04.06 b.]	Technical security	Establish/Maintain Documentation
Configure network ports to organizational standards. CC ID 14007	Technical security	Configuration
Include approval of the protocols, ports, applications, and services list in the firewall and router configuration standard. CC ID 12547	Technical security	Establish/Maintain Documentation
Include the use of protocols above and beyond common information service protocols in the protocols, ports, applications, and services list in the firewall and router configuration standard. CC ID 00539	Technical security	Establish/Maintain Documentation
Include justifying the use of risky protocols in the protocols, ports, applications, and services list in the firewall and router configuration standard. CC ID 01280	Technical security	Establish/Maintain Documentation
Document and implement security features for each identified insecure service, protocol, and port in the protocols, ports, applications, and services list. CC ID 12033	Technical security	Establish/Maintain Documentation
Identify the insecure services, protocols, and ports in the protocols, ports, applications, and services list in the firewall and router configuration. CC ID 12032 [Review the system [Assignment: organization-defined frequency] to identify unnecessary or nonsecure functions, ports, protocols, connections, and services. 03.04.06 c.]	Technical security	Establish/Maintain Documentation
Disseminate and communicate the protocols, ports, applications, and services list to interested personnel and affected parties. CC ID 17089	Technical security	Communicate
Install and configure firewalls to be enabled on all mobile devices, if possible. CC ID 00550	Technical security	Configuration
Lock personal firewall configurations to prevent them from being disabled or changed by end users. CC ID 06420	Technical security	Technical Security
Configure network access and control points to protect restricted information and restricted functions. CC ID 01284	Technical security	Configuration
Protect data stored at external locations. CC ID 16333	Technical security	Data and Information Management
Protect the firewall's network connection interfaces. CC ID 01955	Technical security	Technical Security
Configure firewalls to deny all traffic by default, except explicitly designated traffic. CC ID 00547 [Deny network communications traffic by default, and allow network communications traffic by exception. 03.13.06 ¶ 1]	Technical security	Configuration
Allow local program exceptions on the firewall, as necessary. CC ID 01956	Technical security	Configuration
Allow remote administration exceptions on the firewall, as necessary. CC ID 01957	Technical security	Configuration
Allow file sharing exceptions on the firewall, as necessary. CC ID 01958	Technical security	Configuration
Allow printer sharing exceptions on the firewall, as necessary. CC ID 11849	Technical security	Configuration
Allow Internet Control Message Protocol exceptions on the firewall, as necessary. CC ID 01959	Technical security	Configuration
Allow Remote Desktop Connection exceptions on the firewall, as necessary. CC ID 01960	Technical security	Configuration
Allow UPnP framework exceptions on the firewall, as necessary. CC ID 01961	Technical security	Configuration
Allow notification exceptions on the firewall, as necessary. CC ID 01962	Technical security	Configuration
Allow unicast response to multicast or broadcast exceptions on the firewall, as necessary. CC ID 01964	Technical security	Configuration
Allow protocol port exceptions on the firewall, as necessary. CC ID 01965	Technical security	Configuration
Allow local port exceptions on the firewall, as necessary. CC ID 01966	Technical security	Configuration
Establish, implement, and maintain internet protocol address filters on the firewall, as necessary CC ID 01287	Technical security	Configuration
Establish, implement, and maintain packet filtering requirements. CC ID 16362	Technical security	Technical Security
Filter packets based on IPv6 header fields. CC ID 17048	Technical security	Technical Security
Configure firewall filtering to only permit established connections into the network. CC ID 12482	Technical security	Technical Security
Restrict outbound network traffic from systems that contain restricted data or restricted information. CC ID 01295	Technical security	Data and Information Management
Filter traffic at firewalls based on application layer attributes. CC ID 17054	Technical security	Technical Security
Deny direct Internet access to databases that store restricted data or restricted information. CC ID 01271	Technical security	Data and Information Management
Synchronize and secure all router configuration files. CC ID 01291	Technical security	Configuration
Synchronize and secure all firewall configuration files. CC ID 11851	Technical security	Configuration
Configure firewalls to generate an audit log. CC ID 12038	Technical security	Audits and Risk Management
Configure firewalls to generate an alert when a potential security incident is detected. CC ID 12165	Technical security	Configuration
Record the configuration rules for network access and control points in the configuration management system. CC ID 12105	Technical security	Establish/Maintain Documentation
Record the duration of the business need associated with changes to the configuration rules for network access and control points in the configuration management system. CC ID 12107	Technical security	Establish/Maintain Documentation
Record each individual's name and business need associated with changes to the configuration rules for network access and control points in the configuration management system. CC ID 12106	Technical security	Establish/Maintain Documentation
Install and configure application layer firewalls for all key web-facing applications. CC ID 01450	Technical security	Configuration
Update application layer firewalls to the most current version. CC ID 12037	Technical security	Process or Activity
Enforce information flow control. CC ID 11781	Technical security	Monitor and Evaluate Occurrences
Establish, implement, and maintain information flow control configuration standards. CC ID 01924	Technical security	Establish/Maintain Documentation
Require the system to identify and authenticate approved devices before establishing a connection. CC ID 01429 [Uniquely identify and authenticate [Assignment: organization-defined devices or types of devices] before establishing a system connection. 03.05.02 ¶ 1]	Technical security	Testing
Maintain a record of the challenge state during identification and authentication in an automated information exchange. CC ID 06629	Technical security	Establish/Maintain Documentation
Establish, implement, and maintain information flow control policies inside the system and between interconnected systems. CC ID 01410 [Enforce approved authorizations for controlling the flow of CUI within the system and between connected systems. 03.01.03 ¶ 1]	Technical security	Establish/Maintain Documentation
Define risk tolerance to illicit data flow for each type of information classification. CC ID 01923	Technical security	Data and Information Management
Establish, implement, and maintain a document printing policy. CC ID 14384	Technical security	Establish/Maintain Documentation
Include printing to personal printers during a continuity event in the document printing policy. CC ID 14396	Technical security	Establish/Maintain Documentation
Establish, implement, and maintain information flow procedures. CC ID 04542	Technical security	Establish/Maintain Documentation
Disclose non-privacy related restricted information after a court makes a determination the information is material to a court case. CC ID 06242	Technical security	Data and Information Management
Exchange non-privacy related restricted information with approved third parties if the information supports an approved activity. CC ID 06243	Technical security	Data and Information Management
Establish, implement, and maintain information exchange procedures. CC ID 11782 [Approve and manage the exchange of CUI between the system and other systems using [Selection (one or more): interconnection security agreements; information exchange security agreements; memoranda of understanding or agreement; service-level agreements; user agreements; non-disclosure agreements; other types of agreements]. 03.12.05 a. Approve and manage the exchange of CUI between the system and other systems using [Selection (one or more): interconnection security agreements; information exchange security agreements; memoranda of understanding or agreement; service-level agreements; user agreements; non-disclosure agreements; other types of agreements]. 03.12.05 a.]	Technical security	Establish/Maintain Documentation
Include the connected Information Technology assets in the information exchange procedures. CC ID 17025	Technical security	Establish/Maintain Documentation
Include connection termination procedures in the information exchange procedures. CC ID 17027	Technical security	Establish/Maintain Documentation
Include the data sensitivity levels in the information exchange procedures. CC ID 17024	Technical security	Establish/Maintain Documentation
Include communication requirements in the information exchange procedures. CC ID 17026	Technical security	Establish/Maintain Documentation
Include roles and responsibilities in the information exchange procedures. CC ID 17023	Technical security	Establish/Maintain Documentation
Include implementation procedures in the information exchange procedures. CC ID 17022	Technical security	Establish/Maintain Documentation
Include security controls in the information exchange procedures. CC ID 17021	Technical security	Establish/Maintain Documentation
Include testing procedures in the information exchange procedures. CC ID 17020	Technical security	Establish/Maintain Documentation
Include measurement criteria in the information exchange procedures. CC ID 17019	Technical security	Establish/Maintain Documentation
Include training requirements in the information exchange procedures. CC ID 17017	Technical security	Establish/Maintain Documentation
Test the information exchange procedures. CC ID 17115	Technical security	Testing
Perform content sanitization on data-in-transit. CC ID 16512	Technical security	Data and Information Management
Perform content conversion on data-in-transit. CC ID 16510	Technical security	Data and Information Management
Protect data from unauthorized access while transmitting between separate parts of the system. CC ID 16499	Technical security	Data and Information Management
Protect data from modification or loss while transmitting between separate parts of the system. CC ID 04554	Technical security	Data and Information Management
Protect data from unauthorized disclosure while transmitting between separate parts of the system. CC ID 11859	Technical security	Data and Information Management
Review and approve information exchange system connections. CC ID 07143	Technical security	Technical Security
Log issuers who send personal data in cleartext in the transfer audit log. CC ID 12312	Technical security	Log Management
Establish, implement, and maintain measures to detect and prevent the use of unsafe internet services. CC ID 13104	Technical security	Technical Security
Refrain from storing restricted data at unsafe Internet services or virtual servers. CC ID 13107	Technical security	Technical Security
Establish, implement, and maintain whitelists and blacklists of domain names. CC ID 07097	Technical security	Establish/Maintain Documentation
Deploy sender policy framework records in the organization's Domain Name Servers. CC ID 12183	Technical security	Configuration
Block uncategorized sites using URL filtering. CC ID 12140	Technical security	Technical Security
Establish, implement, and maintain whitelists and blacklists of web content. CC ID 15234	Technical security	Data and Information Management
Establish, implement, and maintain whitelists and blacklists of software. CC ID 11780 [Identify software programs authorized to execute on the system. 03.04.08 a. Review and update the list of authorized software programs [Assignment: organization-defined frequency]. 03.04.08 c.]	Technical security	Establish/Maintain Documentation
Implement information flow control policies when making decisions about information sharing or collaboration. CC ID 10094	Technical security	Behavior
Secure access to each system component operating system. CC ID 00551	Technical security	Configuration
Enforce privileged accounts and non-privileged accounts for system access. CC ID 00558 [Require that users (or roles) with privileged accounts use non-privileged accounts when accessing non-security functions or non-security information. 03.01.06 b. Prevent non-privileged users from executing privileged functions. 03.01.07 a.]	Technical security	Technical Security
Control all methods of remote access and teleworking. CC ID 00559 [Authorize each type of remote system access prior to establishing such connections. 03.01.12 b. Authorize the remote execution of privileged commands and remote access to security-relevant information. 03.01.12 d.]	Technical security	Technical Security
Assign virtual escorting to authorized personnel. CC ID 16440	Technical security	Process or Activity
Establish, implement, and maintain a remote access and teleworking program. CC ID 04545 [Establish usage restrictions, configuration requirements, and connection requirements for each type of allowable remote system access. 03.01.12 a.]	Technical security	Establish/Maintain Documentation
Include information security requirements in the remote access and teleworking program. CC ID 15704	Technical security	Establish/Maintain Documentation
Refrain from allowing remote users to copy files to remote devices. CC ID 06792	Technical security	Technical Security
Control remote administration in accordance with organizational standards. CC ID 04459 [Authorize the remote execution of privileged commands and remote access to security-relevant information. 03.01.12 d.]	Technical security	Configuration
Control remote access through a network access control. CC ID 01421 [Route remote access to the system through authorized and managed access control points. 03.01.12 c.]	Technical security	Technical Security
Install and maintain remote control software and other remote control mechanisms on critical systems. CC ID 06371	Technical security	Configuration
Prohibit remote access to systems processing cleartext restricted data or restricted information. CC ID 12324	Technical security	Technical Security
Employ multifactor authentication for remote access to the organization's network. CC ID 12505 [Implement multi-factor authentication and replay resistance in the establishment of nonlocal maintenance and diagnostic sessions. 03.07.05 b.]	Technical security	Technical Security
Implement multifactor authentication techniques. CC ID 00561 [{privileged accounts} Implement multi-factor authentication for access to privileged and non-privileged accounts. 03.05.03 ¶ 1]	Technical security	Configuration
Refrain from allowing individuals to self-enroll into multifactor authentication from untrusted devices. CC ID 17173	Technical security	Technical Security
Implement phishing-resistant multifactor authentication techniques. CC ID 16541	Technical security	Technical Security
Document and approve requests to bypass multifactor authentication. CC ID 15464	Technical security	Establish/Maintain Documentation
Limit the source addresses from which remote administration is performed. CC ID 16393	Technical security	Technical Security
Protect remote access accounts with encryption. CC ID 00562	Technical security	Configuration
Manage the use of encryption controls and cryptographic controls. CC ID 00570	Technical security	Technical Security
Employ cryptographic controls that comply with applicable requirements. CC ID 12491 [Implement the following types of cryptography to protect the confidentiality of CUI: [Assignment: organization-defined types of cryptography]. 03.13.11 ¶ 1]	Technical security	Technical Security
Establish, implement, and maintain cryptographic key management procedures. CC ID 00571 [Establish and manage cryptographic keys in the system in accordance with the following key management requirements: [Assignment: organization-defined requirements for key generation, distribution, storage, access, and destruction]. 03.13.10 ¶ 1]	Technical security	Establish/Maintain Documentation
Disseminate and communicate cryptographic key management procedures to interested personnel and affected parties. CC ID 13164	Technical security	Communicate
Bind keys to each identity. CC ID 12337	Technical security	Technical Security
Include recommended cryptographic key management procedures for cloud service providers in the cryptographic key management procedures. CC ID 13152	Technical security	Establish/Maintain Documentation
Include requesting cryptographic key types in the cryptographic key management procedures. CC ID 13151	Technical security	Establish/Maintain Documentation
Include cryptographic key expiration in the cryptographic key management procedures. CC ID 17079	Technical security	Establish/Maintain Documentation
Recover encrypted data for lost cryptographic keys, compromised cryptographic keys, or damaged cryptographic keys. CC ID 01301	Technical security	Data and Information Management
Generate strong cryptographic keys. CC ID 01299	Technical security	Data and Information Management
Generate unique cryptographic keys for each user. CC ID 12169	Technical security	Technical Security
Use approved random number generators for creating cryptographic keys. CC ID 06574	Technical security	Data and Information Management
Implement decryption keys so that they are not linked to user accounts. CC ID 06851	Technical security	Technical Security
Include the establishment of cryptographic keys in the cryptographic key management procedures. CC ID 06540	Technical security	Establish/Maintain Documentation
Disseminate and communicate cryptographic keys securely. CC ID 01300	Technical security	Data and Information Management
Control the input and output of cryptographic keys from a cryptographic module. CC ID 06541	Technical security	Data and Information Management
Store cryptographic keys securely. CC ID 01298	Technical security	Data and Information Management
Restrict access to cryptographic keys. CC ID 01297	Technical security	Data and Information Management
Store cryptographic keys in encrypted format. CC ID 06084	Technical security	Data and Information Management
Store key-encrypting keys and data-encrypting keys in different locations. CC ID 06085	Technical security	Technical Security
Include offsite backups of cryptographic keys in the cryptographic key management procedures. CC ID 13127	Technical security	Establish/Maintain Documentation
Change cryptographic keys in accordance with organizational standards. CC ID 01302	Technical security	Data and Information Management
Notify interested personnel and affected parties upon cryptographic key supersession. CC ID 17084	Technical security	Communicate
Destroy cryptographic keys promptly after the retention period. CC ID 01303	Technical security	Data and Information Management
Control cryptographic keys with split knowledge and dual control. CC ID 01304	Technical security	Data and Information Management
Prevent the unauthorized substitution of cryptographic keys. CC ID 01305	Technical security	Data and Information Management
Manage outdated cryptographic keys, compromised cryptographic keys, or revoked cryptographic keys. CC ID 06852	Technical security	Technical Security
Archive outdated cryptographic keys. CC ID 06884	Technical security	Data and Information Management
Archive revoked cryptographic keys. CC ID 11819	Technical security	Data and Information Management
Require key custodians to sign the cryptographic key management policy. CC ID 01308	Technical security	Establish/Maintain Documentation
Require key custodians to sign the key custodian's roles and responsibilities. CC ID 11820	Technical security	Human Resources Management
Manage the digital signature cryptographic key pair. CC ID 06576	Technical security	Data and Information Management
Establish, implement, and maintain requirements for Personal Identity Verification authentication certificates. CC ID 06587	Technical security	Establish/Maintain Documentation
Establish, implement, and maintain Public Key certificate application procedures. CC ID 07079	Technical security	Establish/Maintain Documentation
Establish a Registration Authority to support the Public Key Infrastructure. CC ID 15725	Technical security	Establish Roles
Include the Identification and Authentication of individuals or entities in the Public Key certificate application procedures. CC ID 07080	Technical security	Establish/Maintain Documentation
Include approving or rejecting Public Key certificate applications in the Public Key certificate application procedure. CC ID 07081	Technical security	Establish/Maintain Documentation
Include revocation of Public Key certificates in the Public Key certificate procedures. CC ID 07082	Technical security	Establish/Maintain Documentation
Publish revoked Public Key certificates in the Certificate Revocation List. CC ID 07089	Technical security	Establish/Maintain Documentation
Establish, implement, and maintain Public Key renewal or rekeying request procedures. CC ID 07083	Technical security	Establish/Maintain Documentation
Include identification and authentication in Public Key renewal or rekeying request procedures. CC ID 11816	Technical security	Establish/Maintain Documentation
Issue authentication mechanisms that support the Public Key Infrastructure. CC ID 07092	Technical security	Technical Security
Establish a Root Certification Authority to support the Public Key Infrastructure. CC ID 07084	Technical security	Technical Security
Establish, implement, and maintain Public Key certificate procedures. CC ID 07085	Technical security	Establish/Maintain Documentation
Include signing and issuing Public Key certificates in the Public Key certificate procedures. CC ID 11817	Technical security	Establish/Maintain Documentation
Include publishing Public Key certificates in the Public Key certificate procedures. CC ID 07087	Technical security	Establish/Maintain Documentation
Include access to issued Public Key certificates in the Public Key certificate procedures. CC ID 07086	Technical security	Establish/Maintain Documentation
Connect the Public Key Infrastructure to the organization's identity and access management system. CC ID 07091	Technical security	Technical Security
Archive Public Key certificate records according to organizational Records Management rules. CC ID 07090	Technical security	Records Management
Use strong data encryption to transmit in scope data or in scope information, as necessary. CC ID 00564 [Transmit passwords only over cryptographically protected channels. 03.05.07 c.]	Technical security	Technical Security
Ensure restricted data or restricted information are encrypted prior to or at the time of transmission. CC ID 01749 [Implement cryptographic mechanisms to prevent the unauthorized disclosure of CUI during transmission and while in storage. 03.13.08 ¶ 1]	Technical security	Configuration
Configure the encryption strength to be appropriate for the encryption methodology of the cryptographic controls. CC ID 12492	Technical security	Technical Security
Encrypt traffic over networks with trusted cryptographic keys. CC ID 12490	Technical security	Technical Security
Authorize transactions of data transmitted over public networks or shared data networks. CC ID 00566	Technical security	Establish/Maintain Documentation
Treat data messages that do not receive an acknowledgment as never been sent. CC ID 14416	Technical security	Technical Security
Establish trusted paths to transmit restricted data or restricted information over public networks or wireless networks. CC ID 00568	Technical security	Technical Security
Protect application services information transmitted over a public network from unauthorized modification. CC ID 12021	Technical security	Technical Security
Protect application services information transmitted over a public network from unauthorized disclosure. CC ID 12020	Technical security	Technical Security
Protect application services information transmitted over a public network from contract disputes. CC ID 12019	Technical security	Technical Security
Protect application services information transmitted over a public network from fraudulent activity. CC ID 12018	Technical security	Technical Security
Establish, implement, and maintain a malicious code protection program. CC ID 00574 [Configure malicious code protection mechanisms to: Block malicious code, quarantine malicious code, or take other mitigation actions in response to malicious code detection. 03.14.02 c.2. Configure malicious code protection mechanisms to: Block malicious code, quarantine malicious code, or take other mitigation actions in response to malicious code detection. 03.14.02 c.2. Configure malicious code protection mechanisms to: Block malicious code, quarantine malicious code, or take other mitigation actions in response to malicious code detection. 03.14.02 c.2.]	Technical security	Establish/Maintain Documentation
Disseminate and communicate the malicious code protection policy to all interested personnel and affected parties. CC ID 15485	Technical security	Communicate
Disseminate and communicate the malicious code protection procedures to all interested personnel and affected parties. CC ID 15484	Technical security	Communicate
Establish, implement, and maintain malicious code protection procedures. CC ID 15483	Technical security	Establish/Maintain Documentation
Establish, implement, and maintain a malicious code protection policy. CC ID 15478	Technical security	Establish/Maintain Documentation
Restrict downloading to reduce malicious code attacks. CC ID 04576	Technical security	Behavior
Install security and protection software, as necessary. CC ID 00575 [{entry points} Implement malicious code protection mechanisms at system entry and exit points to detect and eradicate malicious code. 03.14.02 a.]	Technical security	Configuration
Install and maintain container security solutions. CC ID 16178	Technical security	Technical Security
Protect systems and devices from fragmentation based attacks and anomalies. CC ID 17058	Technical security	Technical Security
Protect the system against replay attacks. CC ID 04552 [{privileged accounts} Implement replay-resistant authentication mechanisms for access to privileged and non-privileged accounts. 03.05.04 ¶ 1 Implement multi-factor authentication and replay resistance in the establishment of nonlocal maintenance and diagnostic sessions. 03.07.05 b.]	Technical security	Technical Security
Define and assign roles and responsibilities for malicious code protection. CC ID 15474	Technical security	Establish Roles
Lock antivirus configurations. CC ID 10047	Technical security	Configuration
Establish, implement, and maintain a virtual environment and shared resources security program. CC ID 06551	Technical security	Establish/Maintain Documentation
Establish, implement, and maintain a shared resources management program. CC ID 07096 [Prevent unauthorized and unintended information transfer via shared system resources. 03.13.04 ¶ 1]	Technical security	Establish/Maintain Documentation
Maintain ownership of all shared resources. CC ID 12180	Technical security	Business Processes
Employ resource-isolation mechanisms in virtual environments. CC ID 12178	Technical security	Configuration
Establish, implement, and maintain a physical security program. CC ID 11757	Physical and environmental protection	Establish/Maintain Documentation
Establish, implement, and maintain a facility physical security program. CC ID 00711	Physical and environmental protection	Establish/Maintain Documentation
Identify and document physical access controls for all physical entry points. CC ID 01637	Physical and environmental protection	Establish/Maintain Documentation
Control physical access to (and within) the facility. CC ID 01329 [{entry points} Enforce physical access authorizations at entry and exit points to the facility where the system resides by: Controlling ingress and egress with physical access control systems, devices, or guards. 03.10.07 a.2.]	Physical and environmental protection	Physical and Environmental Protection
Establish, implement, and maintain physical access procedures. CC ID 13629 [{entry points} Enforce physical access authorizations at entry and exit points to the facility where the system resides by: Verifying individual physical access authorizations before granting access to the facility and 03.10.07 a.1.]	Physical and environmental protection	Establish/Maintain Documentation
Meet the physical access requirements of disabled individuals, if reasonably possible. CC ID 00419	Physical and environmental protection	Physical and Environmental Protection
Configure the access control system to grant access only during authorized working hours. CC ID 12325	Physical and environmental protection	Physical and Environmental Protection
Establish, implement, and maintain a visitor access permission policy. CC ID 06699	Physical and environmental protection	Establish/Maintain Documentation
Escort visitors within the facility, as necessary. CC ID 06417 [Escort visitors, and control visitor activity. 03.10.07 c.]	Physical and environmental protection	Establish/Maintain Documentation
Check the visitor's stated identity against a provided government issued identification. CC ID 06701	Physical and environmental protection	Physical and Environmental Protection
Authorize visitors before granting entry to physical areas containing restricted data or restricted information. CC ID 01330	Physical and environmental protection	Testing
Disseminate and communicate the right of the organization to search visitors while at the facility. CC ID 06702	Physical and environmental protection	Behavior
Establish, implement, and maintain procedures for changing a visitor's access requirements. CC ID 12048	Physical and environmental protection	Establish/Maintain Documentation
Maintain and review facility access lists of personnel who have been granted authorized entry to (and within) facilities that contain restricted data or restricted information. CC ID 01436 [{maintenance personnel} Maintain a list of authorized maintenance organizations or personnel. 03.07.06 b. Verify that non-escorted personnel who perform maintenance on the system possess the required access authorizations. 03.07.06 c. Develop, approve, and maintain a list of individuals with authorized access to the facility where the system resides. 03.10.01 a. Review the facility access list [Assignment: organization-defined frequency]. 03.10.01 c. Remove individuals from the facility access list when access is no longer required. 03.10.01 d.]	Physical and environmental protection	Establish/Maintain Documentation
Log the individual's address in the facility access list. CC ID 16921	Physical and environmental protection	Log Management
Log the contact information for the person authorizing access in the facility access list. CC ID 16920	Physical and environmental protection	Log Management
Log the organization's name in the facility access list. CC ID 16919	Physical and environmental protection	Log Management
Log the individual's name in the facility access list. CC ID 16918	Physical and environmental protection	Log Management
Log the purpose in the facility access list. CC ID 16982	Physical and environmental protection	Log Management
Log the level of access in the facility access list. CC ID 16975	Physical and environmental protection	Log Management
Authorize physical access to sensitive areas based on job functions. CC ID 12462	Physical and environmental protection	Establish/Maintain Documentation
Escort uncleared personnel who need to work in or access controlled access areas. CC ID 00747 [{maintenance personnel} Designate organizational personnel with required access authorizations and technical competence to supervise the maintenance activities of personnel who an style="background-color:#B7D8ED;" class="term_primary-verb">do not possess the required access authorizations. 03.07.06 d.]	Physical and environmental protection	Monitor and Evaluate Occurrences
Establish, implement, and maintain physical identification procedures. CC ID 00713	Physical and environmental protection	Establish/Maintain Documentation
Disallow opting out of wearing or displaying identification cards or badges. CC ID 13030	Physical and environmental protection	Human Resources Management
Implement physical identification processes. CC ID 13715	Physical and environmental protection	Process or Activity
Refrain from using knowledge-based authentication for in-person identity verification. CC ID 13717	Physical and environmental protection	Process or Activity
Issue photo identification badges to all employees. CC ID 12326	Physical and environmental protection	Physical and Environmental Protection
Implement operational requirements for card readers. CC ID 02225	Physical and environmental protection	Testing
Establish, implement, and maintain lost or damaged identification card procedures, as necessary. CC ID 14819	Physical and environmental protection	Establish/Maintain Documentation
Report lost badges, stolen badges, and broken badges to the Security Manager. CC ID 12334	Physical and environmental protection	Physical and Environmental Protection
Manage constituent identification inside the facility. CC ID 02215	Physical and environmental protection	Behavior
Direct each employee to be responsible for their identification card or badge. CC ID 12332	Physical and environmental protection	Human Resources Management
Manage visitor identification inside the facility. CC ID 11670	Physical and environmental protection	Physical and Environmental Protection
Issue visitor identification badges to all non-employees. CC ID 00543	Physical and environmental protection	Behavior
Secure unissued visitor identification badges. CC ID 06712	Physical and environmental protection	Physical and Environmental Protection
Retrieve visitor identification badges prior to the exit of a visitor from the facility. CC ID 01331	Physical and environmental protection	Behavior
Include name, date of entry, and validity period on disposable identification cards or badges. CC ID 12331	Physical and environmental protection	Physical and Environmental Protection
Establish, implement, and maintain identification issuance procedures for identification cards or badges. CC ID 06598 [Issue authorization credentials for facility access. 03.10.01 b.]	Physical and environmental protection	Establish/Maintain Documentation
Record the assigned identification card or badge serial number when issuing an identification card or badge. CC ID 06714	Physical and environmental protection	Process or Activity
Include error handling controls in identification issuance procedures. CC ID 13709	Physical and environmental protection	Establish/Maintain Documentation
Include an appeal process in the identification issuance procedures. CC ID 15428	Physical and environmental protection	Business Processes
Include information security in the identification issuance procedures. CC ID 15425	Physical and environmental protection	Establish/Maintain Documentation
Include identity proofing processes in the identification issuance procedures. CC ID 06597	Physical and environmental protection	Process or Activity
Establish, implement, and maintain post-issuance update procedures for identification cards or badges. CC ID 15426	Physical and environmental protection	Establish/Maintain Documentation
Include an identity registration process in the identification issuance procedures. CC ID 11671	Physical and environmental protection	Establish/Maintain Documentation
Restrict access to the badge system to authorized personnel. CC ID 12043	Physical and environmental protection	Physical and Environmental Protection
Enforce dual control for badge assignments. CC ID 12328	Physical and environmental protection	Physical and Environmental Protection
Enforce dual control for accessing unassigned identification cards or badges. CC ID 12327	Physical and environmental protection	Physical and Environmental Protection
Refrain from imprinting the company name or company logo on identification cards or badges. CC ID 12282	Physical and environmental protection	Physical and Environmental Protection
Establish, implement, and maintain identification renewal procedures for identification cards or badges. CC ID 06599	Physical and environmental protection	Establish/Maintain Documentation
Assign employees the responsibility for controlling their identification badges. CC ID 12333	Physical and environmental protection	Human Resources Management
Establish, implement, and maintain identification re-issuing procedures for identification cards or badges. CC ID 06596	Physical and environmental protection	Establish/Maintain Documentation
Charge a fee for replacement of identification cards or badges, as necessary. CC ID 17001	Physical and environmental protection	Business Processes
Establish, implement, and maintain identification mechanism termination procedures. CC ID 06306	Physical and environmental protection	Establish/Maintain Documentation
Prevent tailgating through physical entry points. CC ID 06685	Physical and environmental protection	Physical and Environmental Protection
Use locks to protect against unauthorized physical access. CC ID 06342	Physical and environmental protection	Physical and Environmental Protection
Use locks with electronic authentication systems or cipher locks, as necessary. CC ID 06650	Physical and environmental protection	Configuration
Secure unissued access mechanisms. CC ID 06713 [Secure keys, combinations, and other physical access devices. 03.10.07 d.]	Physical and environmental protection	Technical Security
Establish and maintain a visitor log. CC ID 00715 [Escort visitors, and control visitor activity. 03.10.07 c.]	Physical and environmental protection	Log Management
Require all visitors to sign in to the visitor log before the entrance of a visitor to the facility. CC ID 06700	Physical and environmental protection	Establish/Maintain Documentation
Require all visitors to sign out of the visitor log before the exit of a visitor from the facility. CC ID 06649	Physical and environmental protection	Behavior
Record the purpose of the visit in the visitor log. CC ID 16917	Physical and environmental protection	Log Management
Record the visitor's name in the visitor log. CC ID 00557	Physical and environmental protection	Log Management
Record the visitor's organization in the visitor log. CC ID 12121	Physical and environmental protection	Log Management
Record the visitor's acceptable access areas in the visitor log. CC ID 12237	Physical and environmental protection	Log Management
Record the date and time of entry in the visitor log. CC ID 13255	Physical and environmental protection	Establish/Maintain Documentation
Record the date and time of departure in the visitor log. CC ID 16897	Physical and environmental protection	Log Management
Record the onsite personnel authorizing physical access for the visitor in the visitor log. CC ID 12466	Physical and environmental protection	Establish/Maintain Documentation
Record the type of identification used in the visitor log. CC ID 16916	Physical and environmental protection	Log Management
Retain all records in the visitor log as prescribed by law. CC ID 00572	Physical and environmental protection	Log Management
Establish, implement, and maintain a physical access log. CC ID 12080 [Review physical access logs [Assignment: organization-defined frequency] and upon occurrence of [Assignment: organization-defined events or potential indications of events]. 03.10.02 b. {entry points} Maintain physical access audit logs for entry or exit points. 03.10.07 b.]	Physical and environmental protection	Establish/Maintain Documentation
Log the entrance of a staff member to a facility or designated rooms within the facility. CC ID 01641	Physical and environmental protection	Log Management
Store facility access logs in off-site storage. CC ID 06958	Physical and environmental protection	Log Management
Log the exit of a staff member to a facility or designated rooms within the facility. CC ID 11675	Physical and environmental protection	Monitor and Evaluate Occurrences
Include the requestor's name in the physical access log. CC ID 16922	Physical and environmental protection	Log Management
Configure video cameras to cover all physical entry points. CC ID 06302	Physical and environmental protection	Configuration
Configure video cameras to prevent physical tampering or disablement. CC ID 06303	Physical and environmental protection	Configuration
Retain video events according to Records Management procedures. CC ID 06304	Physical and environmental protection	Records Management
Establish, implement, and maintain physical security threat reports. CC ID 02207	Physical and environmental protection	Establish/Maintain Documentation
Establish, implement, and maintain physical security controls for distributed assets. CC ID 00718	Physical and environmental protection	Physical and Environmental Protection
Control the transiting and internal distribution or external distribution of assets. CC ID 00963 [Protect and control system media that contain CUI during transport outside of controlled areas. 03.08.05 a.]	Physical and environmental protection	Records Management
Log the transiting, internal distribution, and external distribution of restricted storage media. CC ID 12321 [Document activities associated with the transport of system media that contain CUI. 03.08.05 c.]	Physical and environmental protection	Log Management
Encrypt digital media containing sensitive information during transport outside controlled areas. CC ID 14258	Physical and environmental protection	Technical Security
Obtain management authorization for restricted storage media transit or distribution from a controlled access area. CC ID 00964	Physical and environmental protection	Records Management
Use locked containers to transport non-digital media outside of controlled areas. CC ID 14286	Physical and environmental protection	Physical and Environmental Protection
Transport restricted media using a delivery method that can be tracked. CC ID 11777	Physical and environmental protection	Business Processes
Restrict physical access to distributed assets. CC ID 11865 [Control physical access to output devices to prevent unauthorized individuals from obtaining access to CUI. 03.10.07 e.]	Physical and environmental protection	Physical and Environmental Protection
House network hardware in lockable rooms or lockable equipment cabinets. CC ID 01873	Physical and environmental protection	Physical and Environmental Protection
Protect electronic storage media with physical access controls. CC ID 00720	Physical and environmental protection	Physical and Environmental Protection
Establish, implement, and maintain removable storage media controls. CC ID 06680 [Restrict the use of organization-controlled portable storage devices by authorized individuals on external systems. 03.01.20 d. Restrict or prohibit the use of [Assignment: organization-defined types of system media]. 03.08.07 a.]	Physical and environmental protection	Data and Information Management
Control access to restricted storage media. CC ID 04889	Physical and environmental protection	Data and Information Management
Physically secure all electronic storage media that store restricted data or restricted information. CC ID 11664 [Physically control and securely store system media that contain CUI. 03.08.01 ¶ 1]	Physical and environmental protection	Physical and Environmental Protection
Separate duplicate originals and backup media from the original electronic storage media. CC ID 00961	Physical and environmental protection	Records Management
Treat archive media as evidence. CC ID 00960	Physical and environmental protection	Records Management
Log the transfer of removable storage media. CC ID 12322	Physical and environmental protection	Log Management
Establish, implement, and maintain storage media access control procedures. CC ID 00959	Physical and environmental protection	Establish/Maintain Documentation
Require removable storage media be in the custody of an authorized individual. CC ID 12319	Physical and environmental protection	Behavior
Control the storage of restricted storage media. CC ID 00965	Physical and environmental protection	Records Management
Store removable storage media containing restricted data or restricted information using electronic media storage cabinets or electronic media storage vaults. CC ID 00717	Physical and environmental protection	Physical and Environmental Protection
Protect the combinations for all combination locks. CC ID 02199	Physical and environmental protection	Physical and Environmental Protection
Establish, implement, and maintain electronic media storage container repair guidelines. CC ID 02200	Physical and environmental protection	Establish/Maintain Documentation
Establish and maintain eavesdropping protection for vaults. CC ID 02231	Physical and environmental protection	Physical and Environmental Protection
Serialize all removable storage media. CC ID 00949	Physical and environmental protection	Configuration
Protect distributed assets against theft. CC ID 06799	Physical and environmental protection	Physical and Environmental Protection
Establish, implement, and maintain asset removal procedures or asset decommissioning procedures. CC ID 04540 [{does not contain} Prevent the removal of system maintenance equipment containing CUI by verifying that there is no CUI on the equipment, sanitizing or destroying the equipment, or retaining the equipment within the facility. 03.07.04 c.]	Physical and environmental protection	Establish/Maintain Documentation
Obtain management approval prior to decommissioning assets. CC ID 17269	Physical and environmental protection	Business Processes
Prohibit assets from being taken off-site absent prior authorization. CC ID 12027	Physical and environmental protection	Process or Activity
Establish, implement, and maintain end user computing device security guidelines. CC ID 00719	Physical and environmental protection	Establish/Maintain Documentation
Establish, implement, and maintain a locking screen saver policy. CC ID 06717 [Prevent access to the system by [Selection (one or more): initiating a device lock after [Assignment: organization-defined time period] of inactivity; requiring the user to initiate a device lock before leaving the system unattended]. 03.01.10 a.]	Physical and environmental protection	Establish/Maintain Documentation
Establish, implement, and maintain mobile device security guidelines. CC ID 04723 [Establish usage restrictions, configuration requirements, and connection requirements for mobile devices. 03.01.18 a.]	Physical and environmental protection	Establish/Maintain Documentation
Include a "Return to Sender" text file on mobile devices. CC ID 17075	Physical and environmental protection	Process or Activity
Include usage restrictions for untrusted networks in the mobile device security guidelines. CC ID 17076	Physical and environmental protection	Establish/Maintain Documentation
Require users to refrain from leaving mobile devices unattended. CC ID 16446	Physical and environmental protection	Business Processes
Include the expectation of data loss in the event of sanitizing the mobile device in the mobile device security guidelines. CC ID 12292	Physical and environmental protection	Establish/Maintain Documentation
Include legal requirements in the mobile device security guidelines. CC ID 12291	Physical and environmental protection	Establish/Maintain Documentation
Include the use of privacy filters in the mobile device security guidelines. CC ID 16452	Physical and environmental protection	Physical and Environmental Protection
Include prohibiting the usage of unapproved application stores in the mobile device security guidelines. CC ID 12290	Physical and environmental protection	Establish/Maintain Documentation
Include requiring users to create data backups in the mobile device security guidelines. CC ID 12289	Physical and environmental protection	Establish/Maintain Documentation
Include the definition of mobile devices in the mobile device security guidelines. CC ID 12288	Physical and environmental protection	Establish/Maintain Documentation
Refrain from responding to unsolicited Personal Identification Number requests. CC ID 12430	Physical and environmental protection	Physical and Environmental Protection
Wipe information from mobile devices after a predetermined number of unsuccessful logon attempts. CC ID 14242	Physical and environmental protection	Data and Information Management
Refrain from pairing Bluetooth devices in unsecured areas. CC ID 12429	Physical and environmental protection	Physical and Environmental Protection
Encrypt information stored on mobile devices. CC ID 01422 [Implement full-device or container-based encryption to protect the confidentiality of CUI on mobile devices. 03.01.18 c.]	Physical and environmental protection	Data and Information Management
Establish, implement, and maintain asset return procedures. CC ID 04537	Physical and environmental protection	Establish/Maintain Documentation
Require the return of all assets upon notification an individual is terminated. CC ID 06679 [When individual employment is terminated: Retrieve security-related system property. 03.09.02 a.3.]	Physical and environmental protection	Behavior
Prohibit the unauthorized remote activation of collaborative computing devices. CC ID 06768 [Prohibit the remote activation of collaborative computing devices and applications with the following exceptions: [Assignment: organization-defined exceptions where remote activation is to be allowed]. 03.13.12 a.]	Physical and environmental protection	Technical Security
Indicate the active use of collaborative computing devices to users physically present at the device. CC ID 10647 [Provide an explicit indication of use to users physically present at the devices. 03.13.12 b.]	Physical and environmental protection	Technical Security
Install and protect network cabling. CC ID 08624	Physical and environmental protection	Physical and Environmental Protection
Control physical access to network cables. CC ID 00723 [Control physical access to system distribution and transmission lines within organizational facilities. 03.10.08 ¶ 1]	Physical and environmental protection	Process or Activity
Establish, implement, and maintain a business continuity program. CC ID 13210	Operational and Systems Continuity	Establish/Maintain Documentation
Establish, implement, and maintain system continuity plan strategies. CC ID 00735	Operational and Systems Continuity	Establish/Maintain Documentation
Include technical preparation considerations for backup operations in the continuity plan. CC ID 01250	Operational and Systems Continuity	Establish/Maintain Documentation
Perform backup procedures for in scope systems. CC ID 11692	Operational and Systems Continuity	Process or Activity
Encrypt backup data. CC ID 00958 [Implement cryptographic mechanisms to prevent the unauthorized disclosure of CUI at backup storage locations. 03.08.09 b.]	Operational and Systems Continuity	Configuration
Establish, implement, and maintain a pandemic plan. CC ID 13214	Operational and Systems Continuity	Establish/Maintain Documentation
Include alternate work locations in the pandemic plan. CC ID 14376 [Determine alternate work sites allowed for use by employees. 03.10.06 a.]	Operational and Systems Continuity	Establish/Maintain Documentation
Prepare the alternate facility for an emergency offsite relocation. CC ID 00744	Operational and Systems Continuity	Systems Continuity
Configure the alternate facility to meet the least needed operational capabilities. CC ID 01395 [Employ the following security requirements at alternate work sites: [Assignment: organization-defined security requirements]. 03.10.06 b.]	Operational and Systems Continuity	Configuration
Define and assign workforce roles and responsibilities. CC ID 13267 [Define and document user roles and responsibilities with regard to external system services, including shared responsibilities with external service providers. 03.16.03 b.]	Human Resources management	Human Resources Management
Establish, implement, and maintain cybersecurity roles and responsibilities. CC ID 13201	Human Resources management	Human Resources Management
Assign roles and responsibilities for physical security, as necessary. CC ID 13113	Human Resources management	Establish Roles
Document the use of external experts. CC ID 16263	Human Resources management	Human Resources Management
Define and assign roles and responsibilities for the biometric system. CC ID 17004	Human Resources management	Human Resources Management
Define and assign roles and responsibilities for those involved in risk management. CC ID 13660	Human Resources management	Human Resources Management
Include the management structure in the duties and responsibilities for risk management. CC ID 13665	Human Resources management	Human Resources Management
Assign the roles and responsibilities for the change control program. CC ID 13118	Human Resources management	Human Resources Management
Identify and define all critical roles. CC ID 00777	Human Resources management	Establish Roles
Assign cybersecurity reporting responsibilities to qualified personnel. CC ID 12739	Human Resources management	Establish Roles
Assign responsibility for cyber threat intelligence. CC ID 12746	Human Resources management	Human Resources Management
Assign the role of security management to applicable controls. CC ID 06444	Human Resources management	Establish Roles
Assign the role of security leader to keep up to date on the latest threats. CC ID 12112	Human Resources management	Human Resources Management
Define and assign the data processor's roles and responsibilities. CC ID 12607	Human Resources management	Human Resources Management
Assign the data processor to assist the data controller in implementing security controls. CC ID 12677	Human Resources management	Human Resources Management
Assign the data processor to notify the data controller when personal data processing could infringe on regulations. CC ID 12617	Human Resources management	Communicate
Define and assign the data controller's roles and responsibilities. CC ID 00471	Human Resources management	Establish Roles
Assign the role of data controller to be the Point of Contact for the supervisory authority. CC ID 12616	Human Resources management	Human Resources Management
Assign the role of the Data Controller to cooperate with the supervisory authority. CC ID 12615	Human Resources management	Human Resources Management
Assign the data controller to facilitate the exercise of the data subject's rights. CC ID 12666	Human Resources management	Human Resources Management
Assign the role of data controller to applicable controls. CC ID 00354	Human Resources management	Establish Roles
Assign the role of data controller to provide advice, when requested. CC ID 12611	Human Resources management	Human Resources Management
Assign the role of data controller to additional personnel, as necessary. CC ID 00473	Human Resources management	Establish Roles
Assign the role of Information Technology operations to applicable controls. CC ID 00682	Human Resources management	Establish Roles
Assign the role of logical access control to applicable controls. CC ID 00772	Human Resources management	Establish Roles
Assign the role of asset physical security to applicable controls. CC ID 00770	Human Resources management	Establish Roles
Assign the role of data custodian to applicable controls. CC ID 04789	Human Resources management	Establish Roles
Assign the role of the Quality Management committee to applicable controls. CC ID 00769	Human Resources management	Establish Roles
Assign interested personnel to the Quality Management committee. CC ID 07193	Human Resources management	Establish Roles
Assign the roles and responsibilities for the asset management system. CC ID 14368	Human Resources management	Establish/Maintain Documentation
Assign personnel to a crime prevention unit and announce the members of the unit. CC ID 06348	Human Resources management	Establish Roles
Assign the role of fire protection management to applicable controls. CC ID 04891	Human Resources management	Establish Roles
Assign the role of Information Technology Service Continuity Management to applicable controls. CC ID 04894	Human Resources management	Establish Roles
Assign the role of the Computer Emergency Response Team to applicable controls. CC ID 04895	Human Resources management	Establish Roles
Assign the role of CRYPTO custodian to applicable controls. CC ID 06723	Human Resources management	Establish Roles
Define and assign the roles and responsibilities of security guards. CC ID 12543	Human Resources management	Human Resources Management
Define and assign roles and responsibilities for dispute resolution. CC ID 13626	Human Resources management	Human Resources Management
Define and assign the roles for Legal Support Workers. CC ID 13711	Human Resources management	Human Resources Management
Establish, implement, and maintain a personnel management program. CC ID 14018	Human Resources management	Establish/Maintain Documentation
Establish, implement, and maintain a personnel security program. CC ID 10628	Human Resources management	Establish/Maintain Documentation
Perform personnel screening procedures, as necessary. CC ID 11763 [Screen individuals prior to authorizing access to the system. 03.09.01 a. Rescreen individuals in accordance with [Assignment: organization-defined conditions requiring rescreening]. 03.09.01 b.]	Human Resources management	Human Resources Management
Establish, implement, and maintain personnel status change and termination procedures. CC ID 06549	Human Resources management	Establish/Maintain Documentation
Notify all interested personnel and affected parties when personnel status changes or an individual is terminated. CC ID 06677 [Notify account managers and designated personnel or roles within: [Assignment: organization-defined time period] when accounts are no longer required. 03.01.01 g.1. Notify account managers and designated personnel or roles within: [Assignment: organization-defined time period] when users are terminated or transferred. 03.01.01 g.2. Notify account managers and designated personnel or roles within: [Assignment: organization-defined time period] when system usage or the need-to-know changes for an individual. 03.01.01 g.3.]	Human Resources management	Behavior
Establish and maintain the staff structure in line with the strategic plan. CC ID 00764	Human Resources management	Establish Roles
Establish, implement, and maintain segregation of duties compensating controls if segregation of duties is not practical. CC ID 06960	Human Resources management	Technical Security
Train all personnel and third parties, as necessary. CC ID 00785 [Train authorized individuals to ensure that publicly accessible information does not contain CUI. 03.01.22 a.]	Human Resources management	Behavior
Provide new hires limited network access to complete computer-based training. CC ID 17008	Human Resources management	Training
Establish, implement, and maintain an education methodology. CC ID 06671	Human Resources management	Business Processes
Support certification programs as viable training programs. CC ID 13268	Human Resources management	Human Resources Management
Include evidence of experience in applications for professional certification. CC ID 16193	Human Resources management	Establish/Maintain Documentation
Include supporting documentation in applications for professional certification. CC ID 16195	Human Resources management	Establish/Maintain Documentation
Submit applications for professional certification. CC ID 16192	Human Resources management	Training
Retrain all personnel, as necessary. CC ID 01362 [{security training} Provide security literacy training to system users: When required by system changes or following [Assignment: organization-defined events], and 03.02.01 a.2. Provide role-based security training to organizational personnel: When required by system changes or following [Assignment: organization-defined events]. 03.02.02 a.2.]	Human Resources management	Behavior
Tailor training to meet published guidance on the subject being taught. CC ID 02217	Human Resources management	Behavior
Tailor training to be taught at each person's level of responsibility. CC ID 06674 [Provide role-based security training to organizational personnel: Before authorizing access to the system or CUI, before performing assigned duties, and [Assignment: organization-defined frequency] thereafter 03.02.02 a.1.]	Human Resources management	Behavior
Conduct cross-training or staff backup training to minimize dependency on critical individuals. CC ID 00786	Human Resources management	Behavior
Use automated mechanisms in the training environment, where appropriate. CC ID 06752	Human Resources management	Behavior
Hire third parties to conduct training, as necessary. CC ID 13167	Human Resources management	Human Resources Management
Review the current published guidance and awareness and training programs. CC ID 01245 [Review and update incident response training content [Assignment: organization-defined frequency] and following [Assignment: organization-defined events]. 03.06.04 b.]	Human Resources management	Establish/Maintain Documentation
Establish, implement, and maintain training plans. CC ID 00828	Human Resources management	Establish/Maintain Documentation
Approve training plans, as necessary. CC ID 17193	Human Resources management	Training
Include prevention techniques in training regarding diseases or sicknesses. CC ID 14387	Human Resources management	Training
Include the concept of disease clusters when training to recognize conditions of diseases or sicknesses. CC ID 14386	Human Resources management	Training
Develop or acquire content to update the training plans. CC ID 12867 [Update security literacy training content [Assignment: organization-defined frequency] and following [Assignment: organization-defined events]. 03.02.01 b. Update role-based training content [Assignment: organization-defined frequency] and following [Assignment: organization-defined events]. 03.02.02 b.]	Human Resources management	Training
Establish, implement, and maintain a list of tasks to include in the training plan. CC ID 17101	Human Resources management	Training
Designate training facilities in the training plan. CC ID 16200	Human Resources management	Training
Include portions of the visitor control program in the training plan. CC ID 13287	Human Resources management	Establish/Maintain Documentation
Include ethical culture in the security awareness program. CC ID 12801	Human Resources management	Human Resources Management
Include insider threats in the security awareness program. CC ID 16963	Human Resources management	Training
Include in scope external requirements in the training plan, as necessary. CC ID 13041	Human Resources management	Training
Include duties and responsibilities in the training plan, as necessary. CC ID 12800	Human Resources management	Human Resources Management
Conduct bespoke roles and responsibilities training, as necessary. CC ID 13192	Human Resources management	Training
Include risk management in the security awareness program. CC ID 13040	Human Resources management	Training
Conduct Archives and Records Management training. CC ID 00975	Human Resources management	Behavior
Conduct personal data processing training. CC ID 13757	Human Resources management	Training
Include in personal data processing training how to provide the contact information for the categories of personal data the organization may disclose. CC ID 13758	Human Resources management	Training
Include cloud security in the security awareness program. CC ID 13039	Human Resources management	Training
Establish, implement, and maintain a security awareness program. CC ID 11746	Human Resources management	Establish/Maintain Documentation
Complete security awareness training prior to being granted access to information systems or data. CC ID 17009	Human Resources management	Training
Establish, implement, and maintain a security awareness and training policy. CC ID 14022	Human Resources management	Establish/Maintain Documentation
Include compliance requirements in the security awareness and training policy. CC ID 14092	Human Resources management	Establish/Maintain Documentation
Include coordination amongst entities in the security awareness and training policy. CC ID 14091	Human Resources management	Establish/Maintain Documentation
Establish, implement, and maintain security awareness and training procedures. CC ID 14054	Human Resources management	Establish/Maintain Documentation
Disseminate and communicate the security awareness and training procedures to interested personnel and affected parties. CC ID 14138	Human Resources management	Communicate
Include management commitment in the security awareness and training policy. CC ID 14049	Human Resources management	Establish/Maintain Documentation
Include roles and responsibilities in the security awareness and training policy. CC ID 14048	Human Resources management	Establish/Maintain Documentation
Include the scope in the security awareness and training policy. CC ID 14047	Human Resources management	Establish/Maintain Documentation
Include the purpose in the security awareness and training policy. CC ID 14045	Human Resources management	Establish/Maintain Documentation
Include configuration management procedures in the security awareness program. CC ID 13967	Human Resources management	Establish/Maintain Documentation
Include media protection in the security awareness program. CC ID 16368	Human Resources management	Training
Document security awareness requirements. CC ID 12146	Human Resources management	Establish/Maintain Documentation
Include safeguards for information systems in the security awareness program. CC ID 13046	Human Resources management	Establish/Maintain Documentation
Include identity and access management in the security awareness program. CC ID 17013	Human Resources management	Training
Include the encryption process in the security awareness program. CC ID 17014	Human Resources management	Training
Include security policies and security standards in the security awareness program. CC ID 13045	Human Resources management	Establish/Maintain Documentation
Include physical security in the security awareness program. CC ID 16369	Human Resources management	Training
Include data management in the security awareness program. CC ID 17010	Human Resources management	Training
Include e-mail and electronic messaging in the security awareness program. CC ID 17012	Human Resources management	Training
Include mobile device security guidelines in the security awareness program. CC ID 11803	Human Resources management	Establish/Maintain Documentation
Include updates on emerging issues in the security awareness program. CC ID 13184	Human Resources management	Training
Include cybersecurity in the security awareness program. CC ID 13183	Human Resources management	Training
Include implications of non-compliance in the security awareness program. CC ID 16425	Human Resources management	Training
Include social networking in the security awareness program. CC ID 17011	Human Resources management	Training
Include the acceptable use policy in the security awareness program. CC ID 15487	Human Resources management	Training
Include training based on the participants' level of responsibility and access level in the security awareness program. CC ID 11802	Human Resources management	Establish/Maintain Documentation
Include a requirement to train all new hires and interested personnel in the security awareness program. CC ID 11800 [{security training} Provide security literacy training to system users: As part of initial training for new users and [Assignment: organization-defined frequency] thereafter, 03.02.01 a.1.]	Human Resources management	Establish/Maintain Documentation
Include remote access in the security awareness program. CC ID 13892	Human Resources management	Establish/Maintain Documentation
Document the goals of the security awareness program. CC ID 12145	Human Resources management	Establish/Maintain Documentation
Compare current security awareness assessment reports to the security awareness baseline. CC ID 12150	Human Resources management	Establish/Maintain Documentation
Establish and maintain management's commitment to supporting the security awareness program. CC ID 12151	Human Resources management	Human Resources Management
Establish and maintain a steering committee to guide the security awareness program. CC ID 12149	Human Resources management	Human Resources Management
Document the scope of the security awareness program. CC ID 12148	Human Resources management	Establish/Maintain Documentation
Establish, implement, and maintain a security awareness baseline. CC ID 12147	Human Resources management	Establish/Maintain Documentation
Encourage interested personnel to obtain security certification. CC ID 11804	Human Resources management	Human Resources Management
Disseminate and communicate the security awareness program to all interested personnel and affected parties. CC ID 00823	Human Resources management	Behavior
Train all personnel and third parties on how to recognize and report security incidents. CC ID 01211 [{security training} Provide security literacy training to system users: On recognizing and reporting indicators of insider threat, social engineering, and social mining. 03.02.01 a.3.]	Human Resources management	Behavior
Train all personnel and third parties on how to recognize and report system failures. CC ID 13475	Human Resources management	Training
Require personnel to acknowledge, through writing their signature, that they have read and understand the organization's security policies. CC ID 01363	Human Resources management	Establish/Maintain Documentation
Establish, implement, and maintain an environmental management system awareness program. CC ID 15200	Human Resources management	Establish/Maintain Documentation
Conduct tampering prevention training. CC ID 11875	Human Resources management	Training
Include the mandate to refrain from installing, refrain from replacing, and refrain from returning any asset absent verification in the tampering prevention training. CC ID 11877	Human Resources management	Training
Include how to identify and authenticate third parties claiming to be maintenance personnel in the tampering prevention training. CC ID 11876	Human Resources management	Training
Include how to report tampering and unauthorized substitution in the tampering prevention training. CC ID 11879	Human Resources management	Training
Include how to prevent physical tampering in the tampering prevention training. CC ID 11878	Human Resources management	Training
Include procedures on how to inspect devices in the tampering prevention training. CC ID 11990	Human Resources management	Training
Train interested personnel and affected parties to collect digital forensic evidence. CC ID 08658	Human Resources management	Training
Conduct crime prevention training. CC ID 06350	Human Resources management	Behavior
Establish, implement, and maintain an occupational health and safety management system. CC ID 16201	Human Resources management	Business Processes
Establish, implement, and maintain an occupational health and safety policy. CC ID 00716	Human Resources management	Establish/Maintain Documentation
Establish, implement, and maintain a travel program for all personnel. CC ID 10597	Human Resources management	Human Resources Management
Issue devices with secure configurations to individuals traveling to locations deemed to be of risk. CC ID 10598 [Issue systems or system components with the following configurations to individuals traveling to high-risk locations: [Assignment: organization-defined system configurations]. 03.04.12 a.]	Human Resources management	Configuration
Establish, implement, and maintain a Governance, Risk, and Compliance framework. CC ID 01406	Operational management	Establish/Maintain Documentation
Establish, implement, and maintain an information security program. CC ID 00812	Operational management	Establish/Maintain Documentation
Establish, implement, and maintain the Acceptable Use Policy. CC ID 01350 [Establish rules that describe the responsibilities and expected behavior for system usage and protecting CUI. 03.15.03 a. Review and update the rules of behavior [Assignment: organization-defined frequency]. 03.15.03 d.]	Operational management	Establish/Maintain Documentation
Include that explicit management authorization must be given for the use of all technologies and their documentation in the Acceptable Use Policy. CC ID 01351 [Authorize, monitor, and control the use of mobile code. 03.13.13 b.]	Operational management	Establish/Maintain Documentation
Include requiring users to protect restricted data in accordance with the Governance, Risk, and Compliance framework in the Acceptable Use Policy. CC ID 11894	Operational management	Establish/Maintain Documentation
Include Bring Your Own Device agreements in the Acceptable Use Policy. CC ID 15703	Operational management	Establish/Maintain Documentation
Include the obligations of users in the Bring Your Own Device agreement. CC ID 15708	Operational management	Establish/Maintain Documentation
Include the rights of the organization in the Bring Your Own Device agreement. CC ID 15707	Operational management	Establish/Maintain Documentation
Include the circumstances in which the organization may confiscate, audit, or inspect assets in the Bring Your Own Device agreement. CC ID 15706	Operational management	Establish/Maintain Documentation
Include the circumstances in which the organization may manage assets in the Bring Your Own Device agreement. CC ID 15705	Operational management	Establish/Maintain Documentation
Include Bring Your Own Device usage in the Acceptable Use Policy. CC ID 12293	Operational management	Establish/Maintain Documentation
Include a web usage policy in the Acceptable Use Policy. CC ID 16496	Operational management	Establish/Maintain Documentation
Include Bring Your Own Device security guidelines in the Acceptable Use Policy. CC ID 01352	Operational management	Establish/Maintain Documentation
Include asset tags in the Acceptable Use Policy. CC ID 01354	Operational management	Establish/Maintain Documentation
Specify the owner of applicable assets in the Acceptable Use Policy. CC ID 15699	Operational management	Establish/Maintain Documentation
Include asset use policies in the Acceptable Use Policy. CC ID 01355 [Establish usage restrictions, configuration requirements, and connection requirements for mobile devices. 03.01.18 a. Define acceptable mobile code and mobile code technologies. 03.13.13 a.]	Operational management	Establish/Maintain Documentation
Include authority for access authorization lists for assets in all relevant Acceptable Use Policies. CC ID 11872	Operational management	Establish/Maintain Documentation
Include access control mechanisms in the Acceptable Use Policy. CC ID 01353	Operational management	Establish/Maintain Documentation
Include temporary activation of remote access technologies for third parties in the Acceptable Use Policy. CC ID 11892	Operational management	Technical Security
Include prohibiting the copying or moving of restricted data from its original source onto local hard drives or removable storage media in the Acceptable Use Policy. CC ID 11893	Operational management	Establish/Maintain Documentation
Include a removable storage media use policy in the Acceptable Use Policy. CC ID 06772	Operational management	Data and Information Management
Correlate the Acceptable Use Policy with the network security policy. CC ID 01356	Operational management	Establish/Maintain Documentation
Include appropriate network locations for each technology in the Acceptable Use Policy. CC ID 11881	Operational management	Establish/Maintain Documentation
Correlate the Acceptable Use Policy with the approved product list. CC ID 01357	Operational management	Establish/Maintain Documentation
Include facility access and facility use in the Acceptable Use Policy. CC ID 06441	Operational management	Establish/Maintain Documentation
Include usage restrictions in the Acceptable Use Policy. CC ID 15311	Operational management	Establish/Maintain Documentation
Include a software installation policy in the Acceptable Use Policy. CC ID 06749	Operational management	Establish/Maintain Documentation
Document idle session termination and logout for remote access technologies in the Acceptable Use Policy. CC ID 12472	Operational management	Establish/Maintain Documentation
Disseminate and communicate the Acceptable Use Policy to all interested personnel and affected parties. CC ID 12431 [Provide rules to individuals who require access to the system. 03.15.03 b.]	Operational management	Communicate
Require interested personnel and affected parties to sign Acceptable Use Policies. CC ID 06661 [Receive a documented acknowledgement from individuals indicating that they have read, understand, and agree to abide by the rules of behavior before authorizing access to CUI and the system. 03.15.03 c.]	Operational management	Establish/Maintain Documentation
Require interested personnel and affected parties to re-sign Acceptable Use Policies, as necessary. CC ID 06663	Operational management	Establish/Maintain Documentation
Protect policies, standards, and procedures from unauthorized modification or disclosure. CC ID 10603 [Protect the incident response plan from unauthorized disclosure. 03.06.05 d. Protect the system security plan from unauthorized disclosure. 03.15.02 c. Protect the supply chain risk management plan from unauthorized disclosure. 03.17.01 c.]	Operational management	Establish/Maintain Documentation
Establish, implement, and maintain nondisclosure agreements. CC ID 04536 [Approve and manage the exchange of CUI between the system and other systems using [Selection (one or more): interconnection security agreements; information exchange security agreements; memoranda of understanding or agreement; service-level agreements; user agreements; non-disclosure agreements; other types of agreements]. 03.12.05 a.]	Operational management	Establish/Maintain Documentation
Disseminate and communicate nondisclosure agreements to interested personnel and affected parties. CC ID 16191	Operational management	Communicate
Require interested personnel and affected parties to sign nondisclosure agreements. CC ID 06667	Operational management	Establish/Maintain Documentation
Require interested personnel and affected parties to re-sign nondisclosure agreements, as necessary. CC ID 06669	Operational management	Establish/Maintain Documentation
Establish, implement, and maintain an Asset Management program. CC ID 06630	Operational management	Business Processes
Establish, implement, and maintain an asset inventory. CC ID 06631 [Develop and document an inventory of system components. 03.04.10 a. Review and update the system component inventory [Assignment: organization-defined frequency]. 03.04.10 b. Update the system component inventory as part of installations, removals, and system updates. 03.04.10 c.]	Operational management	Business Processes
Establish, implement, and maintain an Information Technology inventory with asset discovery audit trails. CC ID 00689	Operational management	Establish/Maintain Documentation
Include all account types in the Information Technology inventory. CC ID 13311	Operational management	Establish/Maintain Documentation
Include each Information System's system boundaries in the Information Technology inventory. CC ID 00695	Operational management	Systems Design, Build, and Implementation
Identify processes, Information Systems, and third parties that transmit, process, or store restricted data. CC ID 06289	Operational management	Data and Information Management
Include each Information System's major applications in the Information Technology inventory. CC ID 01407	Operational management	Establish/Maintain Documentation
Categorize all major applications according to the business information they process. CC ID 07182	Operational management	Establish/Maintain Documentation
Document the resources, hazards, and Evaluation Assurance Levels for each major application. CC ID 01164	Operational management	Establish/Maintain Documentation
Include the General Support Systems and security support structure in the Information Technology inventory. CC ID 01408	Operational management	Establish/Maintain Documentation
Include each Information System's minor applications in the Information Technology inventory. CC ID 01409	Operational management	Establish/Maintain Documentation
Conduct environmental surveys. CC ID 00690	Operational management	Physical and Environmental Protection
Categorize facilities in the Information Technology inventory according to their environmental risks. CC ID 06729	Operational management	Establish/Maintain Documentation
Establish, implement, and maintain a hardware asset inventory. CC ID 00691	Operational management	Establish/Maintain Documentation
Include network equipment in the Information Technology inventory. CC ID 00693	Operational management	Establish/Maintain Documentation
Include mobile devices that store restricted data or restricted information in the Information Technology inventory. CC ID 04719	Operational management	Establish/Maintain Documentation
Include interconnected systems and Software as a Service in the Information Technology inventory. CC ID 04885	Operational management	Process or Activity
Include software in the Information Technology inventory. CC ID 00692	Operational management	Establish/Maintain Documentation
Establish and maintain a list of authorized software and versions required for each system. CC ID 12093	Operational management	Establish/Maintain Documentation
Establish, implement, and maintain a storage media inventory. CC ID 00694	Operational management	Establish/Maintain Documentation
Establish, implement, and maintain a records inventory and database inventory. CC ID 01260	Operational management	Establish/Maintain Documentation
Add inventoried assets to the asset register database, as necessary. CC ID 07051	Operational management	Establish/Maintain Documentation
Organize the asset register database by grouping objects according to an organizational information classification standard. CC ID 07181	Operational management	Establish/Maintain Documentation
Use automated tools to collect Information Technology inventory information, as necessary. CC ID 07054	Operational management	Technical Security
Link the authentication system to the asset inventory. CC ID 13718	Operational management	Technical Security
Record a unique name for each asset in the asset inventory. CC ID 16305	Operational management	Data and Information Management
Record the decommission date for applicable assets in the asset inventory. CC ID 14920	Operational management	Establish/Maintain Documentation
Record the status of information systems in the asset inventory. CC ID 16304	Operational management	Data and Information Management
Record the communication interfaces for applicable assets in the asset inventory. CC ID 16301	Operational management	Data and Information Management
Record the Uniform Resource Locator for applicable assets in the asset inventory. CC ID 14918	Operational management	Establish/Maintain Documentation
Include source code in the asset inventory. CC ID 14858	Operational management	Records Management
Assign ownership of maintaining the asset inventory, as necessary. CC ID 12344	Operational management	Human Resources Management
Record the review date for applicable assets in the asset inventory. CC ID 14919	Operational management	Establish/Maintain Documentation
Record software license information for each asset in the asset inventory. CC ID 11736	Operational management	Data and Information Management
Record services for applicable assets in the asset inventory. CC ID 13733	Operational management	Establish/Maintain Documentation
Record dependencies and interconnections between applicable assets in the asset inventory. CC ID 17196	Operational management	Data and Information Management
Record protocols for applicable assets in the asset inventory. CC ID 13734	Operational management	Establish/Maintain Documentation
Record the software version in the asset inventory. CC ID 12196	Operational management	Establish/Maintain Documentation
Record the publisher for applicable assets in the asset inventory. CC ID 13725	Operational management	Establish/Maintain Documentation
Record the authentication system in the asset inventory. CC ID 13724	Operational management	Establish/Maintain Documentation
Tag unsupported assets in the asset inventory. CC ID 13723	Operational management	Establish/Maintain Documentation
Record the vendor support end date for applicable assets in the asset inventory. CC ID 17194	Operational management	Data and Information Management
Record the install date for applicable assets in the asset inventory. CC ID 13720	Operational management	Establish/Maintain Documentation
Record the make, model of device for applicable assets in the asset inventory. CC ID 12465	Operational management	Establish/Maintain Documentation
Record the asset tag for physical assets in the asset inventory. CC ID 06632	Operational management	Establish/Maintain Documentation
Record the host name of applicable assets in the asset inventory. CC ID 13722	Operational management	Establish/Maintain Documentation
Record network ports for applicable assets in the asset inventory. CC ID 13730	Operational management	Establish/Maintain Documentation
Record the MAC address for applicable assets in the asset inventory. CC ID 13721	Operational management	Establish/Maintain Documentation
Record the operating system version for applicable assets in the asset inventory. CC ID 11748	Operational management	Data and Information Management
Record the operating system type for applicable assets in the asset inventory. CC ID 06633	Operational management	Establish/Maintain Documentation
Record rooms at external locations in the asset inventory. CC ID 16302	Operational management	Data and Information Management
Record the department associated with the asset in the asset inventory. CC ID 12084	Operational management	Establish/Maintain Documentation
Record the physical location for applicable assets in the asset inventory. CC ID 06634 [Identify and document the location of CUI and the system components on which the information is processed and stored. 03.04.11 a. Document changes to the system or system component location where CUI is processed and stored. 03.04.11 b.]	Operational management	Establish/Maintain Documentation
Record the manufacturer's serial number for applicable assets in the asset inventory. CC ID 06635	Operational management	Establish/Maintain Documentation
Record the firmware version for applicable assets in the asset inventory. CC ID 12195	Operational management	Establish/Maintain Documentation
Record the related business function for applicable assets in the asset inventory. CC ID 06636	Operational management	Establish/Maintain Documentation
Record the deployment environment for applicable assets in the asset inventory. CC ID 06637	Operational management	Establish/Maintain Documentation
Record the Internet Protocol address for applicable assets in the asset inventory. CC ID 06638	Operational management	Establish/Maintain Documentation
Record trusted keys and certificates in the asset inventory. CC ID 15486	Operational management	Data and Information Management
Record cipher suites and protocols in the asset inventory. CC ID 15489	Operational management	Data and Information Management
Link the software asset inventory to the hardware asset inventory. CC ID 12085	Operational management	Establish/Maintain Documentation
Record the owner for applicable assets in the asset inventory. CC ID 06640	Operational management	Establish/Maintain Documentation
Record all compliance requirements for applicable assets in the asset inventory. CC ID 15696	Operational management	Establish/Maintain Documentation
Record all changes to assets in the asset inventory. CC ID 12190	Operational management	Establish/Maintain Documentation
Record cloud service derived data in the asset inventory. CC ID 13007	Operational management	Establish/Maintain Documentation
Include cloud service customer data in the asset inventory. CC ID 13006	Operational management	Establish/Maintain Documentation
Establish, implement, and maintain a software accountability policy. CC ID 00868 [Implement a deny-all, allow-by-exception policy for the execution of authorized software programs on the system. 03.04.08 b.]	Operational management	Establish/Maintain Documentation
Establish, implement, and maintain software asset management procedures. CC ID 00895	Operational management	Establish/Maintain Documentation
Prevent users from disabling required software. CC ID 16417	Operational management	Technical Security
Establish, implement, and maintain software archives procedures. CC ID 00866	Operational management	Establish/Maintain Documentation
Establish, implement, and maintain software distribution procedures. CC ID 00894	Operational management	Establish/Maintain Documentation
Establish, implement, and maintain software documentation management procedures. CC ID 06395	Operational management	Establish/Maintain Documentation
Establish, implement, and maintain software license management procedures. CC ID 06639	Operational management	Establish/Maintain Documentation
Automate software license monitoring, as necessary. CC ID 07057	Operational management	Monitor and Evaluate Occurrences
Establish, implement, and maintain a system preventive maintenance program. CC ID 00885	Operational management	Establish/Maintain Documentation
Maintain contact with the device manufacturer or component manufacturer for maintenance requests. CC ID 06388	Operational management	Behavior
Use system components only when third party support is available. CC ID 10644 [Replace system components when support for the components is no longer available from the developer, vendor, or manufacturer. 03.16.02 a.]	Operational management	Maintenance
Obtain justification for the continued use of system components when third party support is no longer available. CC ID 10645 [Provide options for risk mitigation or alternative sources for continued support for unsupported components that cannot be replaced. 03.16.02 b.]	Operational management	Maintenance
Obtain approval before removing maintenance tools from the facility. CC ID 14298	Operational management	Business Processes
Control remote maintenance according to the system's asset classification. CC ID 01433 [Approve and monitor nonlocal maintenance and diagnostic activities. 03.07.05 a.]	Operational management	Technical Security
Separate remote maintenance sessions from other network sessions with a logically separate communications path based upon encryption. CC ID 10614	Operational management	Configuration
Approve all remote maintenance sessions. CC ID 10615 [Approve and monitor nonlocal maintenance and diagnostic activities. 03.07.05 a.]	Operational management	Technical Security
Log the performance of all remote maintenance. CC ID 13202	Operational management	Log Management
Terminate remote maintenance sessions when the remote maintenance is complete. CC ID 12083 [Terminate session and network connections when nonlocal maintenance is completed. 03.07.05 c.]	Operational management	Technical Security
Disconnect non-volatile media from information systems prior to performing maintenance with uncleared personnel. CC ID 14295	Operational management	Maintenance
Sanitize volatile media in information systems prior to performing maintenance with uncleared personnel. CC ID 14291	Operational management	Maintenance
Establish, implement, and maintain a customer service program. CC ID 00846	Operational management	Establish/Maintain Documentation
Establish, implement, and maintain an Incident Management program. CC ID 00853 [Implement an incident-handling capability that is consistent with the incident response plan and includes preparation, detection and analysis, containment, eradication, and recovery. 03.06.01 ¶ 1]	Operational management	Business Processes
Establish, implement, and maintain an incident management policy. CC ID 16414	Operational management	Establish/Maintain Documentation
Disseminate and communicate the incident management policy to interested personnel and affected parties. CC ID 16885	Operational management	Communicate
Define and assign the roles and responsibilities for Incident Management program. CC ID 13055	Operational management	Human Resources Management
Define the uses and capabilities of the Incident Management program. CC ID 00854	Operational management	Establish/Maintain Documentation
Include incident escalation procedures in the Incident Management program. CC ID 00856	Operational management	Establish/Maintain Documentation
Define the characteristics of the Incident Management program. CC ID 00855	Operational management	Establish/Maintain Documentation
Include the criteria for a data loss event in the Incident Management program. CC ID 12179	Operational management	Establish/Maintain Documentation
Include the criteria for an incident in the Incident Management program. CC ID 12173	Operational management	Establish/Maintain Documentation
Include a definition of affected transactions in the incident criteria. CC ID 17180	Operational management	Establish/Maintain Documentation
Include a definition of affected parties in the incident criteria. CC ID 17179	Operational management	Establish/Maintain Documentation
Include references to, or portions of, the Governance, Risk, and Compliance framework in the incident management program, as necessary. CC ID 13504	Operational management	Establish/Maintain Documentation
Include incident monitoring procedures in the Incident Management program. CC ID 01207 [Track and document system security incidents. 03.06.02 a. Implement an incident-handling capability that is consistent with the incident response plan and includes preparation, detection and analysis, containment, eradication, and recovery. 03.06.01 ¶ 1]	Operational management	Establish/Maintain Documentation
Categorize the incident following an incident response. CC ID 13208	Operational management	Technical Security
Define and document the criteria to be used in categorizing incidents. CC ID 10033	Operational management	Establish/Maintain Documentation
Record actions taken by investigators during a forensic investigation in the forensic investigation report. CC ID 07095	Operational management	Establish/Maintain Documentation
Include the investigation methodology in the forensic investigation report. CC ID 17071	Operational management	Establish/Maintain Documentation
Include corrective actions in the forensic investigation report. CC ID 17070	Operational management	Establish/Maintain Documentation
Include the investigation results in the forensic investigation report. CC ID 17069	Operational management	Establish/Maintain Documentation
Comply with privacy regulations and civil liberties requirements when sharing data loss event information. CC ID 10036	Operational management	Data and Information Management
Redact restricted data before sharing incident information. CC ID 16994	Operational management	Data and Information Management
Notify interested personnel and affected parties of an extortion payment in the event of a cybersecurity event. CC ID 16539	Operational management	Communicate
Notify interested personnel and affected parties of the reasons for the extortion payment, along with any alternative solutions. CC ID 16538	Operational management	Communicate
Document the justification for not reporting incidents to interested personnel and affected parties. CC ID 16547	Operational management	Establish/Maintain Documentation
Report to breach notification organizations the reasons for a delay in sending breach notifications. CC ID 16797	Operational management	Communicate
Report to breach notification organizations the distribution list to which the organization will send data loss event notifications. CC ID 16782	Operational management	Communicate
Remediate security violations according to organizational standards. CC ID 12338 [Implement an incident-handling capability that is consistent with the incident response plan and includes preparation, detection and analysis, containment, eradication, and recovery. 03.06.01 ¶ 1]	Operational management	Business Processes
Include data loss event notifications in the Incident Response program. CC ID 00364	Operational management	Establish/Maintain Documentation
Include legal requirements for data loss event notifications in the Incident Response program. CC ID 11954	Operational management	Establish/Maintain Documentation
Include required information in the written request to delay the notification to affected parties. CC ID 16785	Operational management	Establish/Maintain Documentation
Submit written requests to delay the notification of affected parties. CC ID 16783	Operational management	Communicate
Revoke the written request to delay the notification. CC ID 16843	Operational management	Process or Activity
Design the text of the notice for all incident response notifications to be no smaller than 10-point type. CC ID 12985	Operational management	Establish/Maintain Documentation
Refrain from charging for providing incident response notifications. CC ID 13876	Operational management	Business Processes
Title breach notifications "Notice of Data Breach". CC ID 12977	Operational management	Establish/Maintain Documentation
Display titles of incident response notifications clearly and conspicuously. CC ID 12986	Operational management	Establish/Maintain Documentation
Display headings in incident response notifications clearly and conspicuously. CC ID 12987	Operational management	Establish/Maintain Documentation
Design the incident response notification to call attention to its nature and significance. CC ID 12984	Operational management	Establish/Maintain Documentation
Use plain language to write incident response notifications. CC ID 12976	Operational management	Establish/Maintain Documentation
Include directions for changing the user's authenticator or security questions and answers in the breach notification. CC ID 12983	Operational management	Establish/Maintain Documentation
Refrain from including restricted information in the incident response notification. CC ID 16806	Operational management	Actionable Reports or Measurements
Include the affected parties rights in the incident response notification. CC ID 16811	Operational management	Establish/Maintain Documentation
Include details of the investigation in incident response notifications. CC ID 12296	Operational management	Establish/Maintain Documentation
Include the issuer's name in incident response notifications. CC ID 12062	Operational management	Establish/Maintain Documentation
Include a "What Happened" heading in breach notifications. CC ID 12978	Operational management	Establish/Maintain Documentation
Include a general description of the data loss event in incident response notifications. CC ID 04734	Operational management	Establish/Maintain Documentation
Include time information in incident response notifications. CC ID 04745	Operational management	Establish/Maintain Documentation
Include the identification of the data source in incident response notifications. CC ID 12305	Operational management	Establish/Maintain Documentation
Include a "What Information Was Involved" heading in the breach notification. CC ID 12979	Operational management	Establish/Maintain Documentation
Include the type of information that was lost in incident response notifications. CC ID 04735	Operational management	Establish/Maintain Documentation
Include the type of information the organization maintains about the affected parties in incident response notifications. CC ID 04776	Operational management	Establish/Maintain Documentation
Include a "What We Are Doing" heading in the breach notification. CC ID 12982	Operational management	Establish/Maintain Documentation
Include what the organization has done to enhance data protection controls in incident response notifications. CC ID 04736	Operational management	Establish/Maintain Documentation
Include what the organization is offering or has already done to assist affected parties in incident response notifications. CC ID 04737	Operational management	Establish/Maintain Documentation
Include a "For More Information" heading in breach notifications. CC ID 12981	Operational management	Establish/Maintain Documentation
Include details of the companies and persons involved in incident response notifications. CC ID 12295	Operational management	Establish/Maintain Documentation
Include the credit reporting agencies' contact information in incident response notifications. CC ID 04744	Operational management	Establish/Maintain Documentation
Include the reporting individual's contact information in incident response notifications. CC ID 12297	Operational management	Establish/Maintain Documentation
Include any consequences in the incident response notifications. CC ID 12604	Operational management	Establish/Maintain Documentation
Include whether the notification was delayed due to a law enforcement investigation in incident response notifications. CC ID 04746	Operational management	Establish/Maintain Documentation
Include a "What You Can Do" heading in the breach notification. CC ID 12980	Operational management	Establish/Maintain Documentation
Include contact information in incident response notifications. CC ID 04739	Operational management	Establish/Maintain Documentation
Include a copy of the incident response notification in breach notifications, as necessary. CC ID 13085	Operational management	Communicate
Post the incident response notification on the organization's website. CC ID 16809	Operational management	Process or Activity
Document the determination for providing a substitute incident response notification. CC ID 16841	Operational management	Process or Activity
Send electronic substitute incident response notifications to affected parties, as necessary. CC ID 04747	Operational management	Behavior
Include contact information in the substitute incident response notification. CC ID 16776	Operational management	Establish/Maintain Documentation
Post substitute incident response notifications to the organization's website, as necessary. CC ID 04748	Operational management	Establish/Maintain Documentation
Send substitute incident response notifications to breach notification organizations, as necessary. CC ID 04750	Operational management	Behavior
Publish the substitute incident response notification in a general circulation periodical, as necessary. CC ID 04769	Operational management	Behavior
Establish, implement, and maintain a containment strategy. CC ID 13480	Operational management	Establish/Maintain Documentation
Include the containment approach in the containment strategy. CC ID 13486	Operational management	Establish/Maintain Documentation
Include response times in the containment strategy. CC ID 13485	Operational management	Establish/Maintain Documentation
Establish, implement, and maintain a restoration log. CC ID 12745	Operational management	Establish/Maintain Documentation
Include a description of the restored data that was restored manually in the restoration log. CC ID 15463	Operational management	Data and Information Management
Include a description of the restored data in the restoration log. CC ID 15462	Operational management	Data and Information Management
Establish, implement, and maintain compromised system reaccreditation procedures. CC ID 00592	Operational management	Establish/Maintain Documentation
Analyze security violations in Suspicious Activity Reports. CC ID 00591	Operational management	Establish/Maintain Documentation
Include lessons learned from analyzing security violations in the Incident Management program. CC ID 01234	Operational management	Monitor and Evaluate Occurrences
Provide progress reports of the incident investigation to the appropriate roles, as necessary. CC ID 12298	Operational management	Investigate
Update the incident response procedures using the lessons learned. CC ID 01233	Operational management	Establish/Maintain Documentation
Include incident response procedures in the Incident Management program. CC ID 01218	Operational management	Establish/Maintain Documentation
Integrate configuration management procedures into the incident management program. CC ID 13647	Operational management	Technical Security
Include incident management procedures in the Incident Management program. CC ID 12689 [Implement an incident-handling capability that is consistent with the incident response plan and includes preparation, detection and analysis, containment, eradication, and recovery. 03.06.01 ¶ 1]	Operational management	Establish/Maintain Documentation
Establish, implement, and maintain temporary and emergency access revocation procedures. CC ID 15334	Operational management	Establish/Maintain Documentation
Include after-action analysis procedures in the Incident Management program. CC ID 01219	Operational management	Establish/Maintain Documentation
Establish, implement, and maintain security and breach investigation procedures. CC ID 16844	Operational management	Establish/Maintain Documentation
Document any potential harm in the incident finding when concluding the incident investigation. CC ID 13830	Operational management	Establish/Maintain Documentation
Destroy investigative materials, as necessary. CC ID 17082	Operational management	Data and Information Management
Establish, implement, and maintain incident management audit logs. CC ID 13514	Operational management	Records Management
Log incidents in the Incident Management audit log. CC ID 00857	Operational management	Establish/Maintain Documentation
Include who the incident was reported to in the incident management audit log. CC ID 16487	Operational management	Log Management
Include the information that was exchanged in the incident management audit log. CC ID 16995	Operational management	Log Management
Include corrective actions in the incident management audit log. CC ID 16466	Operational management	Establish/Maintain Documentation
Include the organization's business products and services affected by disruptions in the Incident Management audit log. CC ID 12234	Operational management	Log Management
Include emergency processing priorities in the Incident Management program. CC ID 00859	Operational management	Establish/Maintain Documentation
Include user's responsibilities for when a theft has occurred in the Incident Management program. CC ID 06387	Operational management	Establish/Maintain Documentation
Include incident record closure procedures in the Incident Management program. CC ID 01620	Operational management	Establish/Maintain Documentation
Include incident reporting procedures in the Incident Management program. CC ID 11772 [Report suspected incidents to the organizational incident response capability within [Assignment: organization-defined time period]. 03.06.02 b.]	Operational management	Establish/Maintain Documentation
Establish, implement, and maintain incident reporting time frame standards. CC ID 12142	Operational management	Communicate
Provide customer security advice, as necessary. CC ID 13674 [Provide an incident response support resource that offers advice and assistance to system users on handling and reporting incidents. 03.06.02 d.]	Operational management	Communicate
Use simple understandable language when providing customer security advice. CC ID 13685	Operational management	Communicate
Disseminate and communicate to customers the risks associated with transaction limits. CC ID 13686	Operational management	Communicate
Display customer security advice prominently. CC ID 13667	Operational management	Establish/Maintain Documentation
Establish, implement, and maintain an Incident Response program. CC ID 00579	Operational management	Establish/Maintain Documentation
Establish, implement, and maintain an incident response plan. CC ID 12056 [Develop an incident response plan that: 03.06.05 a. Develop an incident response plan that: Describes the structure and organization of the incident response capability, 03.06.05 a.2. {system changes} Update the incident response plan to address system and organizational changes or problems encountered during plan implementation, execution, or testing. 03.06.05 c.]	Operational management	Establish/Maintain Documentation
Include addressing external communications in the incident response plan. CC ID 13351	Operational management	Establish/Maintain Documentation
Include addressing internal communications in the incident response plan. CC ID 13350	Operational management	Establish/Maintain Documentation
Include change control procedures in the incident response plan. CC ID 15479	Operational management	Establish/Maintain Documentation
Include addressing information sharing in the incident response plan. CC ID 13349	Operational management	Establish/Maintain Documentation
Include dynamic reconfiguration in the incident response plan. CC ID 14306	Operational management	Establish/Maintain Documentation
Include a definition of reportable incidents in the incident response plan. CC ID 14303 [Develop an incident response plan that: Defines reportable incidents, 03.06.05 a.4.]	Operational management	Establish/Maintain Documentation
Include the management support needed for incident response in the incident response plan. CC ID 14300	Operational management	Establish/Maintain Documentation
Include root cause analysis in the incident response plan. CC ID 16423	Operational management	Establish/Maintain Documentation
Include how incident response fits into the organization in the incident response plan. CC ID 14294 [Develop an incident response plan that: Provides a high-level approach for how the incident response capability fits into the overall organization, 03.06.05 a.3.]	Operational management	Establish/Maintain Documentation
Include the resources needed for incident response in the incident response plan. CC ID 14292	Operational management	Establish/Maintain Documentation
Include incident response team structures in the Incident Response program. CC ID 01237 [Develop an incident response plan that: Designates responsibilities to organizational entities, personnel, or roles. 03.06.05 a.6.]	Operational management	Establish/Maintain Documentation
Include the incident response team member's roles and responsibilities in the Incident Response program. CC ID 01652	Operational management	Establish Roles
Include the incident response point of contact's roles and responsibilities in the Incident Response program. CC ID 01877	Operational management	Establish Roles
Include the head of information security's roles and responsibilities in the Incident Response program. CC ID 01878	Operational management	Establish Roles
Include the customer database owner's roles and responsibilities in the Incident Response program. CC ID 01879	Operational management	Establish Roles
Include the online sales department's roles and responsibilities in the Incident Response program. CC ID 01880	Operational management	Establish Roles
Include the incident response point of contact for credit card payment system's roles and responsibilities in the Incident Response program. CC ID 01881	Operational management	Establish Roles
Include the organizational legal counsel's roles and responsibilities in the Incident Response program. CC ID 01882	Operational management	Establish Roles
Include the Human Resources point of contact's roles and responsibilities in the Incident Response program. CC ID 01883	Operational management	Establish Roles
Include the organizational incident response network architecture point of contact's roles and responsibilities in the Incident Response program. CC ID 01884	Operational management	Establish Roles
Include the organizational incident response public relations point of contact's roles and responsibilities in the Incident Response program. CC ID 01885	Operational management	Establish Roles
Include the organizational incident response location manager's roles and responsibilities in the Incident Response program. CC ID 01886	Operational management	Establish Roles
Assign the distribution of security alerts to the appropriate role in the incident response program. CC ID 11887	Operational management	Human Resources Management
Assign establishing, implementing, and maintaining incident response procedures to the appropriate role in the incident response program. CC ID 12473	Operational management	Establish/Maintain Documentation
Assign the distribution of incident response procedures to the appropriate role in the incident response program. CC ID 12474	Operational management	Communicate
Include personnel contact information in the event of an incident in the Incident Response program. CC ID 06385	Operational management	Establish/Maintain Documentation
Include what information interested personnel and affected parties need in the event of an incident in the Incident Response program. CC ID 11789	Operational management	Establish/Maintain Documentation
Include identifying remediation actions in the incident response plan. CC ID 13354	Operational management	Establish/Maintain Documentation
Include procedures for providing updated status information to the crisis management team in the incident response plan. CC ID 12776	Operational management	Establish/Maintain Documentation
Include incident response team services in the Incident Response program. CC ID 11766	Operational management	Establish/Maintain Documentation
Include the incident response training program in the Incident Response program. CC ID 06750	Operational management	Establish/Maintain Documentation
Conduct incident response training. CC ID 11889 [Provide incident response training to system users consistent with assigned roles and responsibilities: 03.06.04 a. Provide incident response training to system users consistent with assigned roles and responsibilities: Within [Assignment: organization-defined time period] of assuming an incident response role or responsibility or acquiring system access, 03.06.04 a.1. Provide incident response training to system users consistent with assigned roles and responsibilities: When required by system changes, and 03.06.04 a.2. Provide incident response training to system users consistent with assigned roles and responsibilities: [Assignment: organization-defined frequency] thereafter. 03.06.04 a.3.]	Operational management	Training
Include references to industry best practices in the incident response procedures. CC ID 11956	Operational management	Establish/Maintain Documentation
Include responding to alerts from security monitoring systems in the incident response procedures. CC ID 11949	Operational management	Establish/Maintain Documentation
Disseminate and communicate the incident response procedures to all interested personnel and affected parties. CC ID 01215 [Distribute copies of the incident response plan to designated incident response personnel (identified by name and/or by role) and organizational elements. 03.06.05 b.]	Operational management	Establish/Maintain Documentation
Document the results of incident response tests and provide them to senior management. CC ID 14857	Operational management	Actionable Reports or Measurements
Establish, implement, and maintain a change control program. CC ID 00886 [{configuration-controlled changes} Define the types of changes to the system that are configuration-controlled. 03.04.03 a.]	Operational management	Establish/Maintain Documentation
Include potential consequences of unintended changes in the change control program. CC ID 12243	Operational management	Establish/Maintain Documentation
Include version control in the change control program. CC ID 13119	Operational management	Establish/Maintain Documentation
Include service design and transition in the change control program. CC ID 13920	Operational management	Establish/Maintain Documentation
Separate the production environment from development environment or test environment for the change control process. CC ID 11864	Operational management	Maintenance
Integrate configuration management procedures into the change control program. CC ID 13646	Operational management	Technical Security
Establish, implement, and maintain a back-out plan. CC ID 13623	Operational management	Establish/Maintain Documentation
Establish, implement, and maintain back-out procedures for each proposed change in a change request. CC ID 00373	Operational management	Establish/Maintain Documentation
Manage change requests. CC ID 00887 [Review proposed configuration-controlled changes to the system, and approve or disapprove such changes with explicit consideration for security impacts. 03.04.03 b.]	Operational management	Business Processes
Include documentation of the impact level of proposed changes in the change request. CC ID 11942	Operational management	Establish/Maintain Documentation
Establish and maintain a change request approver list. CC ID 06795	Operational management	Establish/Maintain Documentation
Document all change requests in change request forms. CC ID 06794 [Review proposed configuration-controlled changes to the system, and approve or disapprove such changes with explicit consideration for security impacts. 03.04.03 b.]	Operational management	Establish/Maintain Documentation
Approve tested change requests. CC ID 11783	Operational management	Data and Information Management
Validate the system before implementing approved changes. CC ID 01510	Operational management	Systems Design, Build, and Implementation
Disseminate and communicate proposed changes to all interested personnel and affected parties. CC ID 06807	Operational management	Behavior
Establish, implement, and maintain emergency change procedures. CC ID 00890	Operational management	Establish/Maintain Documentation
Perform emergency changes, as necessary. CC ID 12707	Operational management	Process or Activity
Back up emergency changes after the change has been performed. CC ID 12734	Operational management	Process or Activity
Log emergency changes after they have been performed. CC ID 12733	Operational management	Establish/Maintain Documentation
Perform risk assessments prior to approving change requests. CC ID 00888 [Analyze changes to the system to determine potential security impacts prior to change implementation. 03.04.04 a.]	Operational management	Testing
Implement changes according to the change control program. CC ID 11776 [Implement and document approved configuration-controlled changes to the system. 03.04.03 c.]	Operational management	Business Processes
Provide audit trails for all approved changes. CC ID 13120	Operational management	Establish/Maintain Documentation
Establish, implement, and maintain a transition strategy. CC ID 17049	Operational management	Establish/Maintain Documentation
Establish, implement, and maintain a patch management program. CC ID 00896	Operational management	Process or Activity
Document the sources of all software updates. CC ID 13316	Operational management	Establish/Maintain Documentation
Implement patch management software, as necessary. CC ID 12094	Operational management	Technical Security
Include updates and exceptions to hardened images as a part of the patch management program. CC ID 12087	Operational management	Technical Security
Establish, implement, and maintain a patch management policy. CC ID 16432	Operational management	Establish/Maintain Documentation
Establish, implement, and maintain patch management procedures. CC ID 15224	Operational management	Establish/Maintain Documentation
Establish, implement, and maintain a patch log. CC ID 01642	Operational management	Establish/Maintain Documentation
Prioritize deploying patches according to vulnerability risk metrics. CC ID 06796	Operational management	Business Processes
Establish, implement, and maintain a software release policy. CC ID 00893	Operational management	Establish/Maintain Documentation
Establish, implement, and maintain traceability documentation. CC ID 16388	Operational management	Systems Design, Build, and Implementation
Disseminate and communicate software update information to users and regulators. CC ID 06602	Operational management	Behavior
Allow interested personnel and affected parties to opt out of specific version releases and software updates. CC ID 06809	Operational management	Data and Information Management
Update associated documentation after the system configuration has been changed. CC ID 00891	Operational management	Establish/Maintain Documentation
Establish, implement, and maintain a Configuration Management program. CC ID 00867	System hardening through configuration management	Establish/Maintain Documentation
Establish, implement, and maintain configuration control and Configuration Status Accounting. CC ID 00863 [Establish usage restrictions, configuration requirements, and connection requirements for each type of wireless access to the system. 03.01.16 a.]	System hardening through configuration management	Business Processes
Establish, implement, and maintain appropriate system labeling. CC ID 01900	System hardening through configuration management	Establish/Maintain Documentation
Include the identification number of the third party who performed the conformity assessment procedures on all promotional materials. CC ID 15041	System hardening through configuration management	Establish/Maintain Documentation
Include the identification number of the third party who conducted the conformity assessment procedures after the CE marking of conformity. CC ID 15040	System hardening through configuration management	Establish/Maintain Documentation
Verify configuration files requiring passwords for automation do not contain those passwords after the installation process is complete. CC ID 06555	System hardening through configuration management	Configuration
Establish, implement, and maintain a configuration baseline based on the least functionality principle. CC ID 00862 [Develop and maintain under configuration control, a current baseline configuration of the system. 03.04.01 a.]	System hardening through configuration management	Establish/Maintain Documentation
Include the measures used to account for any differences in operation between the test environments and production environments in the baseline configuration. CC ID 13285	System hardening through configuration management	Establish/Maintain Documentation
Include the differences between test environments and production environments in the baseline configuration. CC ID 13284	System hardening through configuration management	Establish/Maintain Documentation
Include the applied security patches in the baseline configuration. CC ID 13271	System hardening through configuration management	Establish/Maintain Documentation
Include the installed application software and version numbers in the baseline configuration. CC ID 13270	System hardening through configuration management	Establish/Maintain Documentation
Include installed custom software in the baseline configuration. CC ID 13274	System hardening through configuration management	Establish/Maintain Documentation
Include network ports in the baseline configuration. CC ID 13273	System hardening through configuration management	Establish/Maintain Documentation
Include the operating systems and version numbers in the baseline configuration. CC ID 13269	System hardening through configuration management	Establish/Maintain Documentation
Establish, implement, and maintain a system hardening standard. CC ID 00876	System hardening through configuration management	Establish/Maintain Documentation
Establish, implement, and maintain configuration standards. CC ID 11953 [Establish, document, and implement the following configuration settings for the system that reflect the most restrictive mode consistent with operational requirements: [Assignment: organization-defined configuration settings]. 03.04.02 a.]	System hardening through configuration management	Configuration
Include common security parameter settings in the configuration standards for all systems. CC ID 12544	System hardening through configuration management	Establish/Maintain Documentation
Apply configuration standards to all systems, as necessary. CC ID 12503	System hardening through configuration management	Configuration
Document and justify system hardening standard exceptions. CC ID 06845 [Identify, document, and approve any deviations from established configuration settings. 03.04.02 b.]	System hardening through configuration management	Configuration
Configure security parameter settings on all system components appropriately. CC ID 12041	System hardening through configuration management	Technical Security
Provide documentation verifying devices are not susceptible to known exploits. CC ID 11987	System hardening through configuration management	Establish/Maintain Documentation
Establish, implement, and maintain system hardening procedures. CC ID 12001	System hardening through configuration management	Establish/Maintain Documentation
Configure session timeout and reauthentication settings according to organizational standards. CC ID 12460	System hardening through configuration management	Technical Security
Configure automatic logoff to terminate the sessions based on inactivity according to organizational standards. CC ID 04490 [Terminate a user session automatically after [Assignment: organization-defined conditions or trigger events requiring session disconnect]. 03.01.11 ¶ 1 Terminate the network connection associated with a communications session at the end of the session or after [Assignment: organization-defined time period] of inactivity. 03.13.09 ¶ 1]	System hardening through configuration management	Configuration
Use the latest approved version of all assets. CC ID 00897	System hardening through configuration management	Technical Security
Install critical security updates and important security updates in a timely manner. CC ID 01696 [Install security-relevant software and firmware updates within [Assignment: organization-defined time period] of the release of the updates. 03.14.01 b.]	System hardening through configuration management	Configuration
Include risk information when communicating critical security updates. CC ID 14948	System hardening through configuration management	Communicate
Establish, implement, and maintain idle session termination and logout capabilities. CC ID 01418 [Require that users log out of the system after [Assignment: organization-defined time period] of expected inactivity or when [Assignment: organization-defined circumstances]. 03.01.01 h.]	System hardening through configuration management	Configuration
Refrain from using assertion lifetimes to limit each session. CC ID 13871	System hardening through configuration management	Technical Security
Configure Session Configuration settings in accordance with organizational standards. CC ID 07698	System hardening through configuration management	Configuration
Invalidate unexpected session identifiers. CC ID 15307	System hardening through configuration management	Configuration
Configure the "MaxStartups" settings to organizational standards. CC ID 15329	System hardening through configuration management	Configuration
Reject session identifiers that are not valid. CC ID 15306	System hardening through configuration management	Configuration
Configure the "MaxSessions" settings to organizational standards. CC ID 15330	System hardening through configuration management	Configuration
Configure the "Interactive logon: Message title for users attempting to log on" to organizational standards. CC ID 07699	System hardening through configuration management	Configuration
Configure the "LoginGraceTime" settings to organizational standards. CC ID 15328	System hardening through configuration management	Configuration
Configure the "Network security: Force logoff when logon hours expire" to organizational standards. CC ID 07738	System hardening through configuration management	Configuration
Configure the "MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended)" to organizational standards. CC ID 07758	System hardening through configuration management	Configuration
Configure the "Microsoft network server: Disconnect clients when logon hours expire" to organizational standards. CC ID 07824	System hardening through configuration management	Configuration
Configure the "Microsoft network server: Amount of idle time required before suspending session" to organizational standards. CC ID 07826	System hardening through configuration management	Configuration
Configure the "Interactive logon: Do not display last user name" to organizational standards. CC ID 07832	System hardening through configuration management	Configuration
Configure the "Interactive logon: Display user information when the session is locked" to organizational standards. CC ID 07848	System hardening through configuration management	Configuration
Configure the "Interactive logon: Message text for users attempting to log on" to organizational standards. CC ID 07870	System hardening through configuration management	Configuration
Configure the "Always prompt for password upon connection" to organizational standards. CC ID 08229	System hardening through configuration management	Configuration
Configure the "Interactive logon: Machine inactivity limit" to organizational standards. CC ID 08350	System hardening through configuration management	Configuration
Remove all unnecessary functionality. CC ID 00882 [{essential capabilities} Configure the system to provide only mission-essential capabilities. 03.04.06 a. Disable or remove functions, ports, protocols, connections, and services that are unnecessary or nonsecure. 03.04.06 d.]	System hardening through configuration management	Configuration
Document that all enabled functions support secure configurations. CC ID 11985	System hardening through configuration management	Establish/Maintain Documentation
Find and eradicate unauthorized world writable files. CC ID 01541	System hardening through configuration management	Configuration
Strip dangerous/unneeded SUID/SGID system executables. CC ID 01542	System hardening through configuration management	Configuration
Find and eradicate unauthorized SUID/SGID system executables. CC ID 01543	System hardening through configuration management	Configuration
Find and eradicate unowned files and unowned directories. CC ID 01544	System hardening through configuration management	Configuration
Disable logon prompts on serial ports. CC ID 01553	System hardening through configuration management	Configuration
Disable "nobody" access for Secure RPC. CC ID 01554	System hardening through configuration management	Configuration
Disable all unnecessary interfaces. CC ID 04826	System hardening through configuration management	Configuration
Enable or disable all unused USB ports as appropriate. CC ID 06042	System hardening through configuration management	Configuration
Disable all user-mounted removable file systems. CC ID 01536	System hardening through configuration management	Configuration
Set the Bluetooth Security Mode to the organizational standard. CC ID 00587	System hardening through configuration management	Configuration
Secure the Bluetooth headset connections. CC ID 00593	System hardening through configuration management	Configuration
Disable automatic dial-in access to computers that have installed modems. CC ID 02036	System hardening through configuration management	Configuration
Configure the "Turn off AutoPlay" setting. CC ID 01787	System hardening through configuration management	Configuration
Configure the "Devices: Restrict floppy access to locally logged on users only" setting. CC ID 01732	System hardening through configuration management	Configuration
Configure the "Devices: Restrict CD-ROM access to locally logged on users" setting. CC ID 01731	System hardening through configuration management	Configuration
Configure the "Remove CD Burning features" setting. CC ID 04379	System hardening through configuration management	Configuration
Disable Autorun. CC ID 01790	System hardening through configuration management	Configuration
Disable USB devices (aka hotplugger). CC ID 01545	System hardening through configuration management	Configuration
Enable or disable all unused auxiliary ports as appropriate. CC ID 06414	System hardening through configuration management	Configuration
Remove rhosts support unless absolutely necessary. CC ID 01555	System hardening through configuration management	Configuration
Remove weak authentication services from Pluggable Authentication Modules. CC ID 01556	System hardening through configuration management	Configuration
Remove the /etc/hosts.equiv file. CC ID 01559	System hardening through configuration management	Configuration
Create the /etc/ftpd/ftpusers file. CC ID 01560	System hardening through configuration management	Configuration
Remove the X Wrapper and enable the X Display Manager. CC ID 01564	System hardening through configuration management	Configuration
Remove empty crontab files and restrict file permissions to the file. CC ID 01571	System hardening through configuration management	Configuration
Remove all compilers and assemblers from the system. CC ID 01594	System hardening through configuration management	Configuration
Disable all unnecessary applications unless otherwise noted in a policy exception. CC ID 04827	System hardening through configuration management	Configuration
Restrict and control the use of privileged utility programs. CC ID 12030	System hardening through configuration management	Technical Security
Disable the storing of movies in cache in Apple's QuickTime. CC ID 04489	System hardening through configuration management	Configuration
Install and enable file sharing utilities, as necessary. CC ID 02174	System hardening through configuration management	Configuration
Disable boot services unless boot services are absolutely necessary. CC ID 01481	System hardening through configuration management	Configuration
Disable File Services for Macintosh unless File Services for Macintosh are absolutely necessary. CC ID 04279	System hardening through configuration management	Configuration
Configure the Trivial FTP Daemon service to organizational standards. CC ID 01484	System hardening through configuration management	Configuration
Disable printer daemons or the printer service unless printer daemons or the printer service is absolutely necessary. CC ID 01487	System hardening through configuration management	Configuration
Disable web server unless web server is absolutely necessary. CC ID 01490	System hardening through configuration management	Configuration
Disable portmapper unless portmapper is absolutely necessary. CC ID 01492	System hardening through configuration management	Configuration
Disable writesrv, pmd, and httpdlite unless writesrv, pmd, and httpdlite are absolutely necessary. CC ID 01498	System hardening through configuration management	Configuration
Disable hwscan hardware detection unless hwscan hardware detection is absolutely necessary. CC ID 01504	System hardening through configuration management	Configuration
Configure the “xinetd” service to organizational standards. CC ID 01509	System hardening through configuration management	Configuration
Configure the /etc/xinetd.conf file permissions as appropriate. CC ID 01568	System hardening through configuration management	Configuration
Disable inetd unless inetd is absolutely necessary. CC ID 01508	System hardening through configuration management	Configuration
Disable Network Computing System unless it is absolutely necessary. CC ID 01497	System hardening through configuration management	Configuration
Disable print server for macintosh unless print server for macintosh is absolutely necessary. CC ID 04284	System hardening through configuration management	Configuration
Disable Print Server unless Print Server is absolutely necessary. CC ID 01488	System hardening through configuration management	Configuration
Disable ruser/remote login/remote shell/rcp command, unless it is absolutely necessary. CC ID 01480	System hardening through configuration management	Configuration
Disable xfsmd unless xfsmd is absolutely necessary. CC ID 02179	System hardening through configuration management	Configuration
Disable RPC-based services unless RPC-based services are absolutely necessary. CC ID 01455	System hardening through configuration management	Configuration
Disable netfs script unless netfs script is absolutely necessary. CC ID 01495	System hardening through configuration management	Configuration
Disable Remote Procedure Calls unless Remote Procedure Calls are absolutely necessary and if enabled, set restrictions. CC ID 01456	System hardening through configuration management	Configuration
Configure the "RPC Endpoint Mapper Client Authentication" setting. CC ID 04327	System hardening through configuration management	Configuration
Disable ncpfs Script unless ncpfs Script is absolutely necessary. CC ID 01494	System hardening through configuration management	Configuration
Disable sendmail server unless sendmail server is absolutely necessary. CC ID 01511	System hardening through configuration management	Configuration
Disable postfix unless postfix is absolutely necessary. CC ID 01512	System hardening through configuration management	Configuration
Disable directory server unless directory server is absolutely necessary. CC ID 01464	System hardening through configuration management	Configuration
Disable Windows-compatibility client processes unless Windows-compatibility client processes are absolutely necessary. CC ID 01471	System hardening through configuration management	Configuration
Disable Windows-compatibility servers unless Windows-compatibility servers are absolutely necessary. CC ID 01470	System hardening through configuration management	Configuration
Configure the “Network File System” server to organizational standards CC ID 01472	System hardening through configuration management	Configuration
Configure NFS to respond or not as appropriate to NFS client requests that do not include a User ID. CC ID 05981	System hardening through configuration management	Configuration
Configure NFS with appropriate authentication methods. CC ID 05982	System hardening through configuration management	Configuration
Configure the "AUTH_DES authentication mechanism" for "NFS server" setting to organizational standards. CC ID 08971	System hardening through configuration management	Configuration
Configure the "AUTH_KERB authentication mechanism" for "NFS server" setting to organizational standards. CC ID 08972	System hardening through configuration management	Configuration
Configure the "AUTH_NONE authentication mechanism" for "NFS server" setting to organizational standards. CC ID 08973	System hardening through configuration management	Configuration
Configure the "AUTH_UNIX authentication mechanism" for "NFS server" setting to organizational standards. CC ID 08974	System hardening through configuration management	Configuration
Disable webmin processes unless the webmin process is absolutely necessary. CC ID 01501	System hardening through configuration management	Configuration
Disable automount daemon unless automount daemon is absolutely necessary. CC ID 01476	System hardening through configuration management	Configuration
Disable CDE-related daemons unless CDE-related daemons are absolutely necessary. CC ID 01474	System hardening through configuration management	Configuration
Disable finger unless finger is absolutely necessary. CC ID 01505	System hardening through configuration management	Configuration
Disable Rexec unless Rexec is absolutely necessary. CC ID 02164	System hardening through configuration management	Configuration
Disable Squid cache server unless Squid cache server is absolutely necessary. CC ID 01502	System hardening through configuration management	Configuration
Disable Kudzu hardware detection unless Kudzu hardware detection is absolutely necessary. CC ID 01503	System hardening through configuration management	Configuration
Install and enable public Instant Messaging clients as necessary. CC ID 02173	System hardening through configuration management	Configuration
Disable x font server unless x font server is absolutely necessary. CC ID 01499	System hardening through configuration management	Configuration
Validate, approve, and document all UNIX shells prior to use. CC ID 02161	System hardening through configuration management	Establish/Maintain Documentation
Disable NFS client processes unless NFS client processes are absolutely necessary. CC ID 01475	System hardening through configuration management	Configuration
Disable the use of removable storage media for systems that process restricted data or restricted information, as necessary. CC ID 06681 [{absent} Prohibit the use of removable system media without an identifiable owner. 03.08.07 b.]	System hardening through configuration management	Data and Information Management
Disable removable storage media daemon unless the removable storage media daemon is absolutely necessary. CC ID 01477	System hardening through configuration management	Configuration
Disable GSS daemon unless GSS daemon is absolutely necessary. CC ID 01465	System hardening through configuration management	Configuration
Disable Computer Browser unless Computer Browser is absolutely necessary. CC ID 01814	System hardening through configuration management	Configuration
Configure the Computer Browser ResetBrowser Frames as appropriate. CC ID 05984	System hardening through configuration management	Configuration
Configure the /etc/samba/smb.conf file file permissions as appropriate. CC ID 05989	System hardening through configuration management	Configuration
Disable NetMeeting remote desktop sharing unless NetMeeting remote desktop sharing is absolutely necessary. CC ID 01821	System hardening through configuration management	Configuration
Disable web directory browsing on all web-enabled devices. CC ID 01874	System hardening through configuration management	Configuration
Disable WWW publishing services unless WWW publishing services are absolutely necessary. CC ID 01833	System hardening through configuration management	Configuration
Install and enable samba, as necessary. CC ID 02175	System hardening through configuration management	Configuration
Configure the samba hosts allow option with an appropriate set of networks. CC ID 05985	System hardening through configuration management	Configuration
Configure the samba security option option as appropriate. CC ID 05986	System hardening through configuration management	Configuration
Configure the samba encrypt passwords option as appropriate. CC ID 05987	System hardening through configuration management	Configuration
Configure the Samba 'smb passwd file' option with an appropriate password file or no password file. CC ID 05988	System hardening through configuration management	Configuration
Disable Usenet Internet news package file capabilities unless Usenet Internet news package file capabilities are absolutely necessary. CC ID 02176	System hardening through configuration management	Configuration
Disable iPlanet Web Server unless iPlanet Web Server is absolutely necessary. CC ID 02172	System hardening through configuration management	Configuration
Disable volume manager unless volume manager is absolutely necessary. CC ID 01469	System hardening through configuration management	Configuration
Disable Solaris Management Console unless Solaris Management Console is absolutely necessary. CC ID 01468	System hardening through configuration management	Configuration
Disable the Graphical User Interface unless it is absolutely necessary. CC ID 01466	System hardening through configuration management	Configuration
Disable help and support unless help and support is absolutely necessary. CC ID 04280	System hardening through configuration management	Configuration
Disable speech recognition unless speech recognition is absolutely necessary. CC ID 04491	System hardening through configuration management	Configuration
Disable or secure the NetWare QuickFinder search engine. CC ID 04453	System hardening through configuration management	Configuration
Disable messenger unless messenger is absolutely necessary. CC ID 01819	System hardening through configuration management	Configuration
Configure the "Do not allow Windows Messenger to be run" setting. CC ID 04516	System hardening through configuration management	Configuration
Configure the "Do not automatically start Windows Messenger initially" setting. CC ID 04517	System hardening through configuration management	Configuration
Configure the "Turn off the Windows Messenger Customer Experience Improvement Program" setting. CC ID 04330	System hardening through configuration management	Configuration
Disable automatic updates unless automatic updates are absolutely necessary. CC ID 01811	System hardening through configuration management	Configuration
Configure automatic update installation and shutdown/restart options and shutdown/restart procedures to organizational standards. CC ID 05979	System hardening through configuration management	Configuration
Disable Name Service Cache Daemon unless Name Service Cache Daemon is absolutely necessary. CC ID 04846	System hardening through configuration management	Configuration
Prohibit R-command files from existing for root or administrator. CC ID 16322	System hardening through configuration management	Configuration
Verify the /bin/rsh file exists or not, as appropriate. CC ID 05101	System hardening through configuration management	Configuration
Verify the /sbin/rsh file exists or not, as appropriate. CC ID 05102	System hardening through configuration management	Configuration
Verify the /usr/bin/rsh file exists or not, as appropriate. CC ID 05103	System hardening through configuration management	Configuration
Verify the /etc/ftpusers file exists or not, as appropriate. CC ID 05104	System hardening through configuration management	Configuration
Verify the /etc/rsh file exists or not, as appropriate. CC ID 05105	System hardening through configuration management	Configuration
Install or uninstall the AIDE package, as appropriate. CC ID 05106	System hardening through configuration management	Configuration
Enable the GNOME automounter (gnome-volume-manager) as necessary. CC ID 05107	System hardening through configuration management	Configuration
Install or uninstall the setroubleshoot package, as appropriate. CC ID 05108	System hardening through configuration management	Configuration
Configure Avahi properly. CC ID 05109	System hardening through configuration management	Configuration
Install or uninstall OpenNTPD, as appropriate. CC ID 05110	System hardening through configuration management	Configuration
Configure the "httpd" service to organizational standards. CC ID 05111	System hardening through configuration management	Configuration
Install or uninstall the net-smtp package properly. CC ID 05112	System hardening through configuration management	Configuration
Configure the apache web service properly. CC ID 05113	System hardening through configuration management	Configuration
Configure the vlock package properly. CC ID 05114	System hardening through configuration management	Configuration
Establish, implement, and maintain service accounts. CC ID 13861	System hardening through configuration management	Technical Security
Manage access credentials for service accounts. CC ID 13862	System hardening through configuration management	Technical Security
Configure the daemon account properly. CC ID 05115	System hardening through configuration management	Configuration
Configure the bin account properly. CC ID 05116	System hardening through configuration management	Configuration
Configure the nuucp account properly. CC ID 05117	System hardening through configuration management	Configuration
Configure the smmsp account properly. CC ID 05118	System hardening through configuration management	Configuration
Configure the listen account properly. CC ID 05119	System hardening through configuration management	Configuration
Configure the gdm account properly. CC ID 05120	System hardening through configuration management	Configuration
Configure the webservd account properly. CC ID 05121	System hardening through configuration management	Configuration
Configure the nobody account properly. CC ID 05122	System hardening through configuration management	Configuration
Configure the noaccess account properly. CC ID 05123	System hardening through configuration management	Configuration
Configure the nobody4 account properly. CC ID 05124	System hardening through configuration management	Configuration
Configure the sys account properly. CC ID 05125	System hardening through configuration management	Configuration
Configure the adm account properly. CC ID 05126	System hardening through configuration management	Configuration
Configure the lp account properly. CC ID 05127	System hardening through configuration management	Configuration
Configure the uucp account properly. CC ID 05128	System hardening through configuration management	Configuration
Install or uninstall the tftp-server package, as appropriate. CC ID 05130	System hardening through configuration management	Configuration
Enable the web console as necessary. CC ID 05131	System hardening through configuration management	Configuration
Enable rlogin auth by Pluggable Authentication Modules or pam.d properly. CC ID 05132	System hardening through configuration management	Configuration
Enable rsh auth by Pluggable Authentication Modules properly. CC ID 05133	System hardening through configuration management	Configuration
Enable the listening sendmail daemon, as appropriate. CC ID 05134	System hardening through configuration management	Configuration
Configure Squid properly. CC ID 05135	System hardening through configuration management	Configuration
Configure the "global Package signature checking" setting to organizational standards. CC ID 08735	System hardening through configuration management	Establish/Maintain Documentation
Configure the "Package signature checking" setting for "all configured repositories" to organizational standards. CC ID 08736	System hardening through configuration management	Establish/Maintain Documentation
Configure the "verify against the package database" setting for "all installed software packages" to organizational standards. CC ID 08737	System hardening through configuration management	Establish/Maintain Documentation
Configure the "isdn4k-utils" package to organizational standards. CC ID 08738	System hardening through configuration management	Establish/Maintain Documentation
Configure the "postfix" package to organizational standards. CC ID 08739	System hardening through configuration management	Establish/Maintain Documentation
Configure the "vsftpd" package to organizational standards. CC ID 08740	System hardening through configuration management	Establish/Maintain Documentation
Configure the "net-snmpd" package to organizational standards. CC ID 08741	System hardening through configuration management	Establish/Maintain Documentation
Configure the "rsyslog" package to organizational standards. CC ID 08742	System hardening through configuration management	Establish/Maintain Documentation
Configure the "ipsec-tools" package to organizational standards. CC ID 08743	System hardening through configuration management	Establish/Maintain Documentation
Configure the "pam_ccreds" package to organizational standards. CC ID 08744	System hardening through configuration management	Establish/Maintain Documentation
Configure the "talk-server" package to organizational standards. CC ID 08745	System hardening through configuration management	Establish/Maintain Documentation
Configure the "talk" package to organizational standards. CC ID 08746	System hardening through configuration management	Establish/Maintain Documentation
Configure the "irda-utils" package to organizational standards. CC ID 08747	System hardening through configuration management	Establish/Maintain Documentation
Configure the "/etc/shells" file to organizational standards. CC ID 08978	System hardening through configuration management	Configuration
Configure the LDAP package to organizational standards. CC ID 09937	System hardening through configuration management	Configuration
Configure the "FTP server" package to organizational standards. CC ID 09938	System hardening through configuration management	Configuration
Configure the "HTTP Proxy Server" package to organizational standards. CC ID 09939	System hardening through configuration management	Configuration
Configure the "prelink" package to organizational standards. CC ID 11379	System hardening through configuration management	Configuration
Configure the Network Information Service (NIS) package to organizational standards. CC ID 11380	System hardening through configuration management	Configuration
Configure the "time" setting to organizational standards. CC ID 11381	System hardening through configuration management	Configuration
Configure the "biosdevname" package to organizational standards. CC ID 11383	System hardening through configuration management	Configuration
Configure the "ufw" setting to organizational standards. CC ID 11384	System hardening through configuration management	Configuration
Configure the "Devices: Allow undock without having to log on" setting. CC ID 01728	System hardening through configuration management	Configuration
Limit the user roles that are allowed to format and eject removable storage media. CC ID 01729	System hardening through configuration management	Configuration
Prevent users from installing printer drivers. CC ID 01730	System hardening through configuration management	Configuration
Minimize the inetd.conf file and set the file to the appropriate permissions. CC ID 01506	System hardening through configuration management	Configuration
Configure the unsigned driver installation behavior. CC ID 01733	System hardening through configuration management	Configuration
Configure the unsigned non-driver installation behavior. CC ID 02038	System hardening through configuration management	Configuration
Remove all demonstration applications on the system. CC ID 01875	System hardening through configuration management	Configuration
Configure the system to disallow optional Subsystems. CC ID 04265	System hardening through configuration management	Configuration
Configure the "Remove Security tab" setting. CC ID 04380	System hardening through configuration management	Configuration
Disable all unnecessary services unless otherwise noted in a policy exception. CC ID 00880	System hardening through configuration management	Configuration
Disable rquotad unless rquotad is absolutely necessary. CC ID 01473	System hardening through configuration management	Configuration
Configure the rquotad service to use a static port or a dynamic portmapper port as appropriate. CC ID 05983	System hardening through configuration management	Configuration
Disable telnet unless telnet use is absolutely necessary. CC ID 01478	System hardening through configuration management	Configuration
Disable File Transfer Protocol unless File Transfer Protocol use is absolutely necessary. CC ID 01479	System hardening through configuration management	Configuration
Configure anonymous FTP to restrict the use of restricted data. CC ID 16314	System hardening through configuration management	Configuration
Disable anonymous access to File Transfer Protocol. CC ID 06739	System hardening through configuration management	Configuration
Disable Internet Message Access Protocol unless Internet Message Access Protocol use is absolutely necessary. CC ID 01485	System hardening through configuration management	Configuration
Disable Post Office Protocol unless its use is absolutely necessary. CC ID 01486	System hardening through configuration management	Configuration
Disable SQLServer processes unless SQLServer processes use is absolutely necessary. CC ID 01500	System hardening through configuration management	Configuration
Disable alerter unless alerter use is absolutely necessary. CC ID 01810	System hardening through configuration management	Configuration
Disable Background Intelligent Transfer Service unless Background Intelligent Transfer Service use is absolutely necessary. CC ID 01812	System hardening through configuration management	Configuration
Disable ClipBook unless ClipBook use is absolutely necessary. CC ID 01813	System hardening through configuration management	Configuration
Disable Fax Service unless Fax Service use is absolutely necessary. CC ID 01815	System hardening through configuration management	Configuration
Disable IIS admin service unless IIS admin service use is absolutely necessary. CC ID 01817	System hardening through configuration management	Configuration
Disable indexing service unless indexing service use is absolutely necessary. CC ID 01818	System hardening through configuration management	Configuration
Disable net logon unless net logon use is absolutely necessary. CC ID 01820	System hardening through configuration management	Configuration
Disable Remote Desktop Help Session Manager unless Remote Desktop Help Session Manager use is absolutely necessary. CC ID 01822	System hardening through configuration management	Configuration
Disable the "Offer Remote Assistance" setting. CC ID 04325	System hardening through configuration management	Configuration
Disable the "Solicited Remote Assistance" setting. CC ID 04326	System hardening through configuration management	Configuration
Disable Remote Registry Service unless Remote Registry Service use is absolutely necessary. CC ID 01823	System hardening through configuration management	Configuration
Disable Routing and Remote Access unless Routing and Remote Access use is necessary. CC ID 01824	System hardening through configuration management	Configuration
Disable task scheduler unless task scheduler use is absolutely necessary. CC ID 01829	System hardening through configuration management	Configuration
Disable Terminal Services unless Terminal Services use is absolutely necessary. CC ID 01831	System hardening through configuration management	Configuration
Disable Universal Plug and Play device host unless Universal Plug and Play device host use is absolutely necessary. CC ID 01832	System hardening through configuration management	Configuration
Disable File Service Protocol. CC ID 02167	System hardening through configuration management	Configuration
Disable the License Logging Service unless unless it is absolutely necessary. CC ID 04282	System hardening through configuration management	Configuration
Disable Remote Access Auto Connection Manager unless Remote Access Auto Connection Manager use is absolutely necessary. CC ID 04285	System hardening through configuration management	Configuration
Disable Remote Access Connection Manager unless Remote Access Connection Manager use is absolutely necessary. CC ID 04286	System hardening through configuration management	Configuration
Disable Remote Administration Service unless remote administration management is absolutely necessary. CC ID 04287	System hardening through configuration management	Configuration
Disable remote installation unless remote installation is absolutely necessary. CC ID 04288	System hardening through configuration management	Configuration
Disable Remote Server Manager unless Remote Server Manager is absolutely necessary. CC ID 04289	System hardening through configuration management	Configuration
Disable Remote Server Monitor unless Remote Server Monitor use is absolutely necessary. CC ID 04290	System hardening through configuration management	Configuration
Disable Remote Storage Notification unless Remote Storage Notification use is absolutely necessary. CC ID 04291	System hardening through configuration management	Configuration
Disable Remote Storage Server unless Remote Storage Server use is absolutely necessary. CC ID 04292	System hardening through configuration management	Configuration
Disable telephony services unless telephony services use is absolutely necessary. CC ID 04293	System hardening through configuration management	Configuration
Disable Wireless Zero Configuration service unless Wireless Zero Configuration service use is absolutely necessary. CC ID 04294	System hardening through configuration management	Configuration
Disable SSDP/UPnp unless SSDP/UPnP is absolutely necessary. CC ID 04315	System hardening through configuration management	Configuration
Configure the "ntpd service" setting to organizational standards. CC ID 04911	System hardening through configuration management	Configuration
Configure the "echo service" setting to organizational standards. CC ID 04912	System hardening through configuration management	Configuration
Configure the "echo-dgram service" setting to organizational standards. CC ID 09927	System hardening through configuration management	Configuration
Configure the "echo-stream service" setting to organizational standards. CC ID 09928	System hardening through configuration management	Configuration
Configure the "AllowTcpForwarding" to organizational standards. CC ID 15327	System hardening through configuration management	Configuration
Configure the "tcpmux-server" setting to organizational standards. CC ID 09929	System hardening through configuration management	Configuration
Configure the "netstat service" setting to organizational standards. CC ID 04913	System hardening through configuration management	Configuration
Configure the "character generator protocol (chargen)" setting to organizational standards. CC ID 04914	System hardening through configuration management	Configuration
Configure the "tftpd service" setting to organizational standards. CC ID 04915	System hardening through configuration management	Configuration
Configure the "walld service" setting to organizational standards. CC ID 04916	System hardening through configuration management	Configuration
Configure the "rstatd service" setting to organizational standards. CC ID 04917	System hardening through configuration management	Configuration
Configure the "sprayd service" setting to organizational standards. CC ID 04918	System hardening through configuration management	Configuration
Configure the "rusersd service" setting to organizational standards. CC ID 04919	System hardening through configuration management	Configuration
Configure the "inn service" setting to organizational standards. CC ID 04920	System hardening through configuration management	Configuration
Configure the "font service" setting to organizational standards. CC ID 04921	System hardening through configuration management	Configuration
Configure the "ident service" setting to organizational standards. CC ID 04922	System hardening through configuration management	Configuration
Configure the "rexd service" setting to organizational standards. CC ID 04923	System hardening through configuration management	Configuration
Configure the "daytime service" setting to organizational standards. CC ID 04924	System hardening through configuration management	Configuration
Configure the "dtspc (cde-spc) service" setting to organizational standards. CC ID 04925	System hardening through configuration management	Configuration
Configure the "cmsd service" setting to organizational standards. CC ID 04926	System hardening through configuration management	Configuration
Configure the "ToolTalk service" setting to organizational standards. CC ID 04927	System hardening through configuration management	Configuration
Configure the "discard service" setting to organizational standards. CC ID 04928	System hardening through configuration management	Configuration
Configure the "vino-server service" setting to organizational standards. CC ID 04929	System hardening through configuration management	Configuration
Configure the "bind service" setting to organizational standards. CC ID 04930	System hardening through configuration management	Configuration
Configure the "nfsd service" setting to organizational standards. CC ID 04931	System hardening through configuration management	Configuration
Configure the "mountd service" setting to organizational standards. CC ID 04932	System hardening through configuration management	Configuration
Configure the "statd service" setting to organizational standards. CC ID 04933	System hardening through configuration management	Configuration
Configure the "lockd service" setting to organizational standards. CC ID 04934	System hardening through configuration management	Configuration
Configure the lockd service to use a static port or a dynamic portmapper port for User Datagram Protocol as appropriate. CC ID 05980	System hardening through configuration management	Configuration
Configure the "decode sendmail alias" setting to organizational standards. CC ID 04935	System hardening through configuration management	Configuration
Configure the sendmail vrfy command, as appropriate. CC ID 04936	System hardening through configuration management	Configuration
Configure the sendmail expn command, as appropriate. CC ID 04937	System hardening through configuration management	Configuration
Configure .netrc with an appropriate set of services. CC ID 04938	System hardening through configuration management	Configuration
Enable NFS insecure locks as necessary. CC ID 04939	System hardening through configuration management	Configuration
Configure the "X server ac" setting to organizational standards. CC ID 04940	System hardening through configuration management	Configuration
Configure the "X server core" setting to organizational standards. CC ID 04941	System hardening through configuration management	Configuration
Enable or disable the setroubleshoot service, as appropriate. CC ID 05540	System hardening through configuration management	Configuration
Configure the "X server nolock" setting to organizational standards. CC ID 04942	System hardening through configuration management	Configuration
Enable or disable the mcstrans service, as appropriate. CC ID 05541	System hardening through configuration management	Configuration
Configure the "PAM console" setting to organizational standards. CC ID 04943	System hardening through configuration management	Configuration
Enable or disable the restorecond service, as appropriate. CC ID 05542	System hardening through configuration management	Configuration
Enable the rhnsd service as necessary. CC ID 04944	System hardening through configuration management	Configuration
Enable the yum-updatesd service as necessary. CC ID 04945	System hardening through configuration management	Configuration
Enable the autofs service as necessary. CC ID 04946	System hardening through configuration management	Configuration
Enable the ip6tables service as necessary. CC ID 04947	System hardening through configuration management	Configuration
Configure syslog to organizational standards. CC ID 04949	System hardening through configuration management	Configuration
Enable the auditd service as necessary. CC ID 04950	System hardening through configuration management	Configuration
Enable the logwatch service as necessary. CC ID 04951	System hardening through configuration management	Configuration
Enable the logrotate (syslog rotator) service as necessary. CC ID 04952	System hardening through configuration management	Configuration
Install or uninstall the telnet server package, only if absolutely necessary. CC ID 04953	System hardening through configuration management	Configuration
Enable the ypbind service as necessary. CC ID 04954	System hardening through configuration management	Configuration
Enable the ypserv service as necessary. CC ID 04955	System hardening through configuration management	Configuration
Enable the firstboot service as necessary. CC ID 04956	System hardening through configuration management	Configuration
Enable the gpm service as necessary. CC ID 04957	System hardening through configuration management	Configuration
Enable the irqbalance service as necessary. CC ID 04958	System hardening through configuration management	Configuration
Enable the isdn service as necessary. CC ID 04959	System hardening through configuration management	Configuration
Enable the kdump service as necessary. CC ID 04960	System hardening through configuration management	Configuration
Enable the mdmonitor service as necessary. CC ID 04961	System hardening through configuration management	Configuration
Enable the microcode_ctl service as necessary. CC ID 04962	System hardening through configuration management	Configuration
Enable the pcscd service as necessary. CC ID 04963	System hardening through configuration management	Configuration
Enable the smartd service as necessary. CC ID 04964	System hardening through configuration management	Configuration
Enable the readahead_early service as necessary. CC ID 04965	System hardening through configuration management	Configuration
Enable the readahead_later service as necessary. CC ID 04966	System hardening through configuration management	Configuration
Enable the messagebus service as necessary. CC ID 04967	System hardening through configuration management	Configuration
Enable the haldaemon service as necessary. CC ID 04968	System hardening through configuration management	Configuration
Enable the apmd service as necessary. CC ID 04969	System hardening through configuration management	Configuration
Enable the acpid service as necessary. CC ID 04970	System hardening through configuration management	Configuration
Enable the cpuspeed service as necessary. CC ID 04971	System hardening through configuration management	Configuration
Enable the network service as necessary. CC ID 04972	System hardening through configuration management	Configuration
Enable the hidd service as necessary. CC ID 04973	System hardening through configuration management	Configuration
Enable the crond service as necessary. CC ID 04974	System hardening through configuration management	Configuration
Install and enable the anacron service as necessary. CC ID 04975	System hardening through configuration management	Configuration
Enable the xfs service as necessary. CC ID 04976	System hardening through configuration management	Configuration
Install and enable the Avahi daemon service, as necessary. CC ID 04977	System hardening through configuration management	Configuration
Enable the CUPS service, as necessary. CC ID 04978	System hardening through configuration management	Configuration
Enable the hplip service as necessary. CC ID 04979	System hardening through configuration management	Configuration
Enable the dhcpd service as necessary. CC ID 04980	System hardening through configuration management	Configuration
Enable the nfslock service as necessary. CC ID 04981	System hardening through configuration management	Configuration
Enable the rpcgssd service as necessary. CC ID 04982	System hardening through configuration management	Configuration
Enable the rpcidmapd service as necessary. CC ID 04983	System hardening through configuration management	Configuration
Enable the rpcsvcgssd service as necessary. CC ID 04985	System hardening through configuration management	Configuration
Configure root squashing for all NFS shares, as appropriate. CC ID 04986	System hardening through configuration management	Configuration
Configure write access to NFS shares, as appropriate. CC ID 04987	System hardening through configuration management	Configuration
Configure the named service, as appropriate. CC ID 04988	System hardening through configuration management	Configuration
Configure the vsftpd service, as appropriate. CC ID 04989	System hardening through configuration management	Configuration
Configure the “dovecot” service to organizational standards. CC ID 04990	System hardening through configuration management	Configuration
Configure Server Message Block (SMB) to organizational standards. CC ID 04991	System hardening through configuration management	Configuration
Enable the snmpd service as necessary. CC ID 04992	System hardening through configuration management	Configuration
Enable the calendar manager as necessary. CC ID 04993	System hardening through configuration management	Configuration
Enable the GNOME logon service as necessary. CC ID 04994	System hardening through configuration management	Configuration
Enable the WBEM services as necessary. CC ID 04995	System hardening through configuration management	Configuration
Enable the keyserv service as necessary. CC ID 04996	System hardening through configuration management	Configuration
Enable the Generic Security Service daemon as necessary. CC ID 04997	System hardening through configuration management	Configuration
Enable the volfs service as necessary. CC ID 04998	System hardening through configuration management	Configuration
Enable the smserver service as necessary. CC ID 04999	System hardening through configuration management	Configuration
Enable the mpxio-upgrade service as necessary. CC ID 05000	System hardening through configuration management	Configuration
Enable the metainit service as necessary. CC ID 05001	System hardening through configuration management	Configuration
Enable the meta service as necessary. CC ID 05003	System hardening through configuration management	Configuration
Enable the metaed service as necessary. CC ID 05004	System hardening through configuration management	Configuration
Enable the metamh service as necessary. CC ID 05005	System hardening through configuration management	Configuration
Enable the Local RPC Port Mapping Service as necessary. CC ID 05006	System hardening through configuration management	Configuration
Enable the Kerberos kadmind service as necessary. CC ID 05007	System hardening through configuration management	Configuration
Enable the Kerberos krb5kdc service as necessary. CC ID 05008	System hardening through configuration management	Configuration
Enable the Kerberos kpropd service as necessary. CC ID 05009	System hardening through configuration management	Configuration
Enable the Kerberos ktkt_warnd service as necessary. CC ID 05010	System hardening through configuration management	Configuration
Enable the sadmin service as necessary. CC ID 05011	System hardening through configuration management	Configuration
Enable the IPP listener as necessary. CC ID 05012	System hardening through configuration management	Configuration
Enable the serial port listener as necessary. CC ID 05013	System hardening through configuration management	Configuration
Enable the Smart Card Helper service as necessary. CC ID 05014	System hardening through configuration management	Configuration
Enable the Application Management service as necessary. CC ID 05015	System hardening through configuration management	Configuration
Enable the Resultant Set of Policy (RSoP) Provider service as necessary. CC ID 05016	System hardening through configuration management	Configuration
Enable the Network News Transport Protocol service as necessary. CC ID 05017	System hardening through configuration management	Configuration
Enable the network Dynamic Data Exchange service as necessary. CC ID 05018	System hardening through configuration management	Configuration
Enable the Distributed Link Tracking Server service as necessary. CC ID 05019	System hardening through configuration management	Configuration
Enable the RARP service as necessary. CC ID 05020	System hardening through configuration management	Configuration
Configure the ".NET Framework service" setting to organizational standards. CC ID 05021	System hardening through configuration management	Configuration
Enable the Network DDE Share Database Manager service as necessary. CC ID 05022	System hardening through configuration management	Configuration
Enable the Certificate Services service as necessary. CC ID 05023	System hardening through configuration management	Configuration
Configure the ATI hotkey poller service properly. CC ID 05024	System hardening through configuration management	Configuration
Configure the Interix Subsystem Startup service properly. CC ID 05025	System hardening through configuration management	Configuration
Configure the Cluster Service service properly. CC ID 05026	System hardening through configuration management	Configuration
Configure the IAS Jet Database Access service properly. CC ID 05027	System hardening through configuration management	Configuration
Configure the IAS service properly. CC ID 05028	System hardening through configuration management	Configuration
Configure the IP Version 6 Helper service properly. CC ID 05029	System hardening through configuration management	Configuration
Configure "Message Queuing service" to organizational standards. CC ID 05030	System hardening through configuration management	Configuration
Configure the Message Queuing Down Level Clients service properly. CC ID 05031	System hardening through configuration management	Configuration
Configure the Windows Management Instrumentation Driver Extensions service properly. CC ID 05033	System hardening through configuration management	Configuration
Configure the TCP/IP NetBIOS Helper Service properly. CC ID 05034	System hardening through configuration management	Configuration
Configure the Utility Manager service properly. CC ID 05035	System hardening through configuration management	Configuration
Configure the secondary logon service properly. CC ID 05036	System hardening through configuration management	Configuration
Configure the Windows Management Instrumentation service properly. CC ID 05037	System hardening through configuration management	Configuration
Configure the Workstation service properly. CC ID 05038	System hardening through configuration management	Configuration
Configure the Windows Installer service properly. CC ID 05039	System hardening through configuration management	Configuration
Configure the Windows System Resource Manager service properly. CC ID 05040	System hardening through configuration management	Configuration
Configure the WinHTTP Web Proxy Auto-Discovery Service properly. CC ID 05041	System hardening through configuration management	Configuration
Configure the Services for Unix Client for NFS service properly. CC ID 05042	System hardening through configuration management	Configuration
Configure the Services for Unix Server for PCNFS service properly. CC ID 05043	System hardening through configuration management	Configuration
Configure the Services for Unix Perl Socket service properly. CC ID 05044	System hardening through configuration management	Configuration
Configure the Services for Unix User Name Mapping service properly. CC ID 05045	System hardening through configuration management	Configuration
Configure the Services for Unix Windows Cron service properly. CC ID 05046	System hardening through configuration management	Configuration
Configure the Windows Media Services service properly. CC ID 05047	System hardening through configuration management	Configuration
Configure the Services for Netware Service Advertising Protocol (SAP) Agent properly. CC ID 05048	System hardening through configuration management	Configuration
Configure the Web Element Manager service properly. CC ID 05049	System hardening through configuration management	Configuration
Configure the Remote Installation Services Single Instance Storage (SIS) Groveler service properly. CC ID 05050	System hardening through configuration management	Configuration
Configure the Terminal Services Licensing service properly. CC ID 05051	System hardening through configuration management	Configuration
Configure the COM+ Event System service properly. CC ID 05052	System hardening through configuration management	Configuration
Configure the Event Log service properly. CC ID 05053	System hardening through configuration management	Configuration
Configure the Infrared Monitor service properly. CC ID 05054	System hardening through configuration management	Configuration
Configure the Services for Unix Server for NFS service properly. CC ID 05055	System hardening through configuration management	Configuration
Configure the System Event Notification Service properly. CC ID 05056	System hardening through configuration management	Configuration
Configure the NTLM Security Support Provider service properly. CC ID 05057	System hardening through configuration management	Configuration
Configure the Performance Logs and Alerts service properly. CC ID 05058	System hardening through configuration management	Configuration
Configure the Protected Storage service properly. CC ID 05059	System hardening through configuration management	Configuration
Configure the QoS Admission Control (RSVP) service properly. CC ID 05060	System hardening through configuration management	Configuration
Configure the Remote Procedure Call service properly. CC ID 05061	System hardening through configuration management	Configuration
Configure the Removable Storage service properly. CC ID 05062	System hardening through configuration management	Configuration
Configure the Server service properly. CC ID 05063	System hardening through configuration management	Configuration
Configure the Security Accounts Manager service properly. CC ID 05064	System hardening through configuration management	Configuration
Configure the “Network Connections” service to organizational standards. CC ID 05065	System hardening through configuration management	Configuration
Configure the Logical Disk Manager service properly. CC ID 05066	System hardening through configuration management	Configuration
Configure the Logical Disk Manager Administrative Service properly. CC ID 05067	System hardening through configuration management	Configuration
Configure the File Replication service properly. CC ID 05068	System hardening through configuration management	Configuration
Configure the Kerberos Key Distribution Center service properly. CC ID 05069	System hardening through configuration management	Configuration
Configure the Intersite Messaging service properly. CC ID 05070	System hardening through configuration management	Configuration
Configure the Remote Procedure Call locator service properly. CC ID 05071	System hardening through configuration management	Configuration
Configure the Distributed File System service properly. CC ID 05072	System hardening through configuration management	Configuration
Configure the Windows Internet Name Service service properly. CC ID 05073	System hardening through configuration management	Configuration
Configure the FTP Publishing Service properly. CC ID 05074	System hardening through configuration management	Configuration
Configure the Windows Search service properly. CC ID 05075	System hardening through configuration management	Configuration
Configure the Microsoft Peer-to-Peer Networking Services service properly. CC ID 05076	System hardening through configuration management	Configuration
Configure the Remote Shell service properly. CC ID 05077	System hardening through configuration management	Configuration
Configure Simple TCP/IP services to organizational standards. CC ID 05078	System hardening through configuration management	Configuration
Configure the Print Services for Unix service properly. CC ID 05079	System hardening through configuration management	Configuration
Configure the File Shares service to organizational standards. CC ID 05080	System hardening through configuration management	Configuration
Configure the NetMeeting service properly. CC ID 05081	System hardening through configuration management	Configuration
Configure the Application Layer Gateway service properly. CC ID 05082	System hardening through configuration management	Configuration
Configure the Cryptographic Services service properly. CC ID 05083	System hardening through configuration management	Configuration
Configure the Help and Support Service properly. CC ID 05084	System hardening through configuration management	Configuration
Configure the Human Interface Device Access service properly. CC ID 05085	System hardening through configuration management	Configuration
Configure the IMAPI CD-Burning COM service properly. CC ID 05086	System hardening through configuration management	Configuration
Configure the MS Software Shadow Copy Provider service properly. CC ID 05087	System hardening through configuration management	Configuration
Configure the Network Location Awareness service properly. CC ID 05088	System hardening through configuration management	Configuration
Configure the Portable Media Serial Number Service service properly. CC ID 05089	System hardening through configuration management	Configuration
Configure the System Restore Service service properly. CC ID 05090	System hardening through configuration management	Configuration
Configure the Themes service properly. CC ID 05091	System hardening through configuration management	Configuration
Configure the Uninterruptible Power Supply service properly. CC ID 05092	System hardening through configuration management	Configuration
Configure the Upload Manager service properly. CC ID 05093	System hardening through configuration management	Configuration
Configure the Volume Shadow Copy Service properly. CC ID 05094	System hardening through configuration management	Configuration
Configure the WebClient service properly. CC ID 05095	System hardening through configuration management	Configuration
Configure the Windows Audio service properly. CC ID 05096	System hardening through configuration management	Configuration
Configure the Windows Image Acquisition service properly. CC ID 05097	System hardening through configuration management	Configuration
Configure the WMI Performance Adapter service properly. CC ID 05098	System hardening through configuration management	Configuration
Enable file uploads via vsftpd service, as appropriate. CC ID 05100	System hardening through configuration management	Configuration
Disable or remove sadmind unless use of sadmind is absolutely necessary. CC ID 06885	System hardening through configuration management	Configuration
Configure the "SNMP version 1" setting to organizational standards. CC ID 08976	System hardening through configuration management	Configuration
Configure the "xdmcp service" setting to organizational standards. CC ID 08985	System hardening through configuration management	Configuration
Disable the automatic display of remote images in HTML-formatted e-mail. CC ID 04494	System hardening through configuration management	Configuration
Disable Remote Apply Events unless Remote Apply Events are absolutely necessary. CC ID 04495	System hardening through configuration management	Configuration
Disable Xgrid unless Xgrid is absolutely necessary. CC ID 04496	System hardening through configuration management	Configuration
Configure the "Do Not Show First Use Dialog Boxes" setting for Windows Media Player properly. CC ID 05136	System hardening through configuration management	Configuration
Disable Core dumps unless absolutely necessary. CC ID 01507	System hardening through configuration management	Configuration
Set hard core dump size limits, as appropriate. CC ID 05990	System hardening through configuration management	Configuration
Configure the "Prevent Desktop Shortcut Creation" setting for Windows Media Player properly. CC ID 05137	System hardening through configuration management	Configuration
Set the Squid EUID and Squid GUID to an appropriate user and group. CC ID 05138	System hardening through configuration management	Configuration
Verify groups referenced in /etc/passwd are included in /etc/group, as appropriate. CC ID 05139	System hardening through configuration management	Configuration
Use of the cron.allow file should be enabled or disabled as appropriate. CC ID 06014	System hardening through configuration management	Configuration
Use of the at.allow file should be enabled or disabled as appropriate. CC ID 06015	System hardening through configuration management	Configuration
Enable or disable the Dynamic DNS feature of the DHCP Server as appropriate. CC ID 06039	System hardening through configuration management	Configuration
Enable or disable each user's Screen saver software, as necessary. CC ID 06050 [Conceal, via the device lock, information previously visible on the display with a publicly viewable image. 03.01.10 c.]	System hardening through configuration management	Configuration
Disable any unnecessary scripting languages, as necessary. CC ID 12137	System hardening through configuration management	Configuration
Enable logon authentication management techniques. CC ID 00553	System hardening through configuration management	Configuration
Configure devices and users to re-authenticate, as necessary. CC ID 10609 [Re-authenticate users when [Assignment: organization-defined circumstances or situations requiring re-authentication]. 03.05.01 b.]	System hardening through configuration management	Configuration
Establish, implement, and maintain authenticators. CC ID 15305	System hardening through configuration management	Technical Security
Establish, implement, and maintain an authenticator standard. CC ID 01702	System hardening through configuration management	Establish/Maintain Documentation
Establish, implement, and maintain an authenticator management system. CC ID 12031	System hardening through configuration management	Establish/Maintain Documentation
Establish, implement, and maintain authenticator procedures. CC ID 12002 [{lost authenticators} {compromised authenticators} Establish and implement administrative procedures for initial authenticator distribution; for lost, compromised, or damaged authenticators; and for revoking authenticators. 03.05.12 c. {lost authenticators} {compromised authenticators} Establish and implement administrative procedures for initial authenticator distribution; for lost, compromised, or damaged authenticators; and for revoking authenticators. 03.05.12 c.]	System hardening through configuration management	Establish/Maintain Documentation
Restrict access to authentication files to authorized personnel, as necessary. CC ID 12127	System hardening through configuration management	Technical Security
Configure authenticator activation codes in accordance with organizational standards. CC ID 17032	System hardening through configuration management	Configuration
Configure authenticators to comply with organizational standards. CC ID 06412 [Establish initial authenticator content for any authenticators issued by the organization. 03.05.12 b.]	System hardening through configuration management	Configuration
Configure the system to require new users to change their authenticator on first use. CC ID 05268 [Select a new password upon first use after account recovery. 03.05.07 e.]	System hardening through configuration management	Configuration
Configure authenticators so that group authenticators or shared authenticators are prohibited. CC ID 00519	System hardening through configuration management	Configuration
Configure the system to prevent unencrypted authenticator use. CC ID 04457	System hardening through configuration management	Configuration
Disable store passwords using reversible encryption. CC ID 01708	System hardening through configuration management	Configuration
Configure the system to encrypt authenticators. CC ID 06735 [{encrypted format} Store passwords in a cryptographically protected form. 03.05.07 d.]	System hardening through configuration management	Configuration
Configure the system to mask authenticators. CC ID 02037 [Obscure feedback of authentication information during the authentication process. 03.05.11 ¶ 1]	System hardening through configuration management	Configuration
Configure the authenticator policy to ban the use of usernames or user identifiers in authenticators. CC ID 05992	System hardening through configuration management	Configuration
Configure the "minimum number of digits required for new passwords" setting to organizational standards. CC ID 08717	System hardening through configuration management	Establish/Maintain Documentation
Configure the "minimum number of upper case characters required for new passwords" setting to organizational standards. CC ID 08718	System hardening through configuration management	Establish/Maintain Documentation
Configure the system to refrain from specifying the type of information used as password hints. CC ID 13783	System hardening through configuration management	Configuration
Configure the "minimum number of lower case characters required for new passwords" setting to organizational standards. CC ID 08719	System hardening through configuration management	Establish/Maintain Documentation
Disable machine account password changes. CC ID 01737	System hardening through configuration management	Configuration
Configure the "minimum number of special characters required for new passwords" setting to organizational standards. CC ID 08720	System hardening through configuration management	Establish/Maintain Documentation
Configure the "require new passwords to differ from old ones by the appropriate minimum number of characters" setting to organizational standards. CC ID 08722	System hardening through configuration management	Establish/Maintain Documentation
Configure the "password reuse" setting to organizational standards. CC ID 08724	System hardening through configuration management	Establish/Maintain Documentation
Configure the "Disable Remember Password" setting. CC ID 05270	System hardening through configuration management	Configuration
Configure the "Minimum password age" to organizational standards. CC ID 01703	System hardening through configuration management	Configuration
Configure the LILO/GRUB password. CC ID 01576	System hardening through configuration management	Configuration
Configure the system to use Apple's Keychain Access to store passwords and certificates. CC ID 04481	System hardening through configuration management	Configuration
Change the default password to Apple's Keychain. CC ID 04482	System hardening through configuration management	Configuration
Configure Apple's Keychain items to ask for the Keychain password. CC ID 04483	System hardening through configuration management	Configuration
Configure the Syskey Encryption Key and associated password. CC ID 05978	System hardening through configuration management	Configuration
Configure the "Accounts: Limit local account use of blank passwords to console logon only" setting. CC ID 04505	System hardening through configuration management	Configuration
Configure the "System cryptography: Force strong key protection for user keys stored in the computer" setting. CC ID 04534	System hardening through configuration management	Configuration
Configure interactive logon for accounts that do not have assigned authenticators in accordance with organizational standards. CC ID 05267	System hardening through configuration management	Configuration
Enable or disable remote connections from accounts with empty authenticators, as appropriate. CC ID 05269	System hardening through configuration management	Configuration
Configure the "Send LanMan compatible password" setting. CC ID 05271	System hardening through configuration management	Configuration
Configure the authenticator policy to ban or allow authenticators as words found in dictionaries, as appropriate. CC ID 05993	System hardening through configuration management	Configuration
Configure the authenticator policy to ban or allow authenticators as proper names, as necessary. CC ID 17030	System hardening through configuration management	Configuration
Set the most number of characters required for the BitLocker Startup PIN correctly. CC ID 06054	System hardening through configuration management	Configuration
Set the default folder for BitLocker recovery passwords correctly. CC ID 06055	System hardening through configuration management	Configuration
Notify affected parties to keep authenticators confidential. CC ID 06787	System hardening through configuration management	Behavior
Discourage affected parties from recording authenticators. CC ID 06788	System hardening through configuration management	Behavior
Configure the "shadow password for all accounts in /etc/passwd" setting to organizational standards. CC ID 08721	System hardening through configuration management	Establish/Maintain Documentation
Configure the "password hashing algorithm" setting to organizational standards. CC ID 08723	System hardening through configuration management	Establish/Maintain Documentation
Configure the "Disable password strength validation for Peer Grouping" setting to organizational standards. CC ID 10866	System hardening through configuration management	Configuration
Configure the "Set the interval between synchronization retries for Password Synchronization" setting to organizational standards. CC ID 11185	System hardening through configuration management	Configuration
Configure the "Set the number of synchronization retries for servers running Password Synchronization" setting to organizational standards. CC ID 11187	System hardening through configuration management	Configuration
Configure the "Turn off password security in Input Panel" setting to organizational standards. CC ID 11296	System hardening through configuration management	Configuration
Configure the "Turn on the Windows to NIS password synchronization for users that have been migrated to Active Directory" setting to organizational standards. CC ID 11355	System hardening through configuration management	Configuration
Configure the authenticator display screen to organizational standards. CC ID 13794	System hardening through configuration management	Configuration
Configure the authenticator field to disallow memorized secrets found in the memorized secret list. CC ID 13808 [{commonly used passwords} Maintain a list of commonly-used, expected, or compromised passwords, and update the list [Assignment: organization-defined frequency] and when organizational passwords are suspected to have been compromised. 03.05.07 a.]	System hardening through configuration management	Configuration
Protect authenticators or authentication factors from unauthorized modification and disclosure. CC ID 15317 [{unauthorized modification} Protect authenticator content from unauthorized disclosure and modification. 03.05.12 f.]	System hardening through configuration management	Technical Security
Change authenticators, as necessary. CC ID 15315 [Change or refresh authenticators [Assignment: organization-defined frequency] or when the following events occur: [Assignment: organization-defined events]. 03.05.12 e.]	System hardening through configuration management	Configuration
Change all default authenticators. CC ID 15309 [Change default authenticators at first use. 03.05.12 d.]	System hardening through configuration management	Configuration
Configure the system security parameters to prevent system misuse or information misappropriation. CC ID 00881	System hardening through configuration management	Configuration
Configure the system to require a password before it unlocks the Screen saver software. CC ID 04443 [Retain the device lock until the user reestablishes access using established identification and authentication procedures. 03.01.10 b.]	System hardening through configuration management	Configuration
Configure the system account settings and the permission settings in accordance with the organizational standards. CC ID 01538	System hardening through configuration management	Configuration
Configure user accounts. CC ID 07036	System hardening through configuration management	Configuration
Configure accounts with administrative privilege. CC ID 07033	System hardening through configuration management	Configuration
Employ multifactor authentication for accounts with administrative privilege. CC ID 12496 [{privileged accounts} Implement multi-factor authentication for access to privileged and non-privileged accounts. 03.05.03 ¶ 1]	System hardening through configuration management	Technical Security
Establish, implement, and maintain network parameter modification procedures. CC ID 01517	System hardening through configuration management	Establish/Maintain Documentation
Configure wireless communication to be encrypted using strong cryptography. CC ID 06078 [Protect wireless access to the system using authentication and encryption. 03.01.16 d.]	System hardening through configuration management	Configuration
Configure Wireless Access Points in accordance with organizational standards. CC ID 12477	System hardening through configuration management	Configuration
Enable two-factor authentication for identifying and authenticating Wireless Local Area Network users. CC ID 04595 [Protect wireless access to the system using authentication and encryption. 03.01.16 d.]	System hardening through configuration management	Configuration
Enable or disable all wireless interfaces, as necessary. CC ID 05755 [Disable, when not intended for use, wireless networking capabilities prior to issuance and deployment. 03.01.16 c.]	System hardening through configuration management	Configuration
Configure mobile device settings in accordance with organizational standards. CC ID 04600 [Establish usage restrictions, configuration requirements, and connection requirements for mobile devices. 03.01.18 a.]	System hardening through configuration management	Configuration
Configure mobile devices to enable remote wipe. CC ID 12212	System hardening through configuration management	Configuration
Configure prohibiting the circumvention of security controls on mobile devices. CC ID 12335	System hardening through configuration management	Configuration
Configure Apple iOS to Organizational Standards. CC ID 09986	System hardening through configuration management	Establish/Maintain Documentation
Configure the "VPN" setting to organizational standards. CC ID 09987	System hardening through configuration management	Configuration
Configure the "Fraudulent Website Warning" setting to organizational standards. CC ID 09988	System hardening through configuration management	Configuration
Configure the "With Authentication" setting to organizational standards. CC ID 09989	System hardening through configuration management	Configuration
Configure the "Auto-Join" setting to organizational standards. CC ID 09990	System hardening through configuration management	Configuration
Configure the "AirDrop Discoverability" setting to organizational standards. CC ID 09991	System hardening through configuration management	Configuration
Configure the "Wi-Fi" setting to organizational standards. CC ID 09992	System hardening through configuration management	Configuration
Configure the "Personal Hotspot" setting to organizational standards. CC ID 09994	System hardening through configuration management	Configuration
Configure the "Notifications View" setting for "Access on Lock Screen" to organizational standards. CC ID 09995	System hardening through configuration management	Configuration
Configure the "Find My iPhone" setting to organizational standards. CC ID 09996	System hardening through configuration management	Configuration
Configure the "iPhone Unlock" setting to organizational standards. CC ID 09997	System hardening through configuration management	Configuration
Configure the "Access on Lock Screen" setting to organizational standards. CC ID 09998	System hardening through configuration management	Configuration
Configure the "Forget this Network" setting to organizational standards. CC ID 09999	System hardening through configuration management	Configuration
Configure the "Ask to Join Networks" setting to organizational standards. CC ID 10000	System hardening through configuration management	Configuration
Configure the "Fraudulent Website Warning" setting to organizational standards. CC ID 10001	System hardening through configuration management	Configuration
Configure the "Credit Cards" setting to organizational standards. CC ID 10002	System hardening through configuration management	Configuration
Configure the "Saved Credit Card Information" setting to organizational standards. CC ID 10003	System hardening through configuration management	Configuration
Configure the "Do Not Track" setting to organizational standards. CC ID 10004	System hardening through configuration management	Configuration
Configure the "With Authentication" setting to organizational standards. CC ID 10005	System hardening through configuration management	Configuration
Configure the "Allow Move" setting to organizational standards. CC ID 10006	System hardening through configuration management	Configuration
Configure the "Use Only in Mail" setting to organizational standards. CC ID 10007	System hardening through configuration management	Configuration
Configure mobile devices to organizational standards. CC ID 04639	System hardening through configuration management	Configuration
Configure mobile devices to separate organizational data from personal data. CC ID 16463	System hardening through configuration management	Configuration
Configure the mobile device properties to organizational standards. CC ID 04640	System hardening through configuration management	Configuration
Configure the mobile device menu items to organizational standards. CC ID 04641	System hardening through configuration management	Configuration
Configure the BlackBerry handheld device driver settings. CC ID 04642	System hardening through configuration management	Configuration
Verify only BlackBerry Enterprise Server e-mail software and e-mail hardware is being used. CC ID 04601	System hardening through configuration management	Technical Security
Configure the BlackBerry Enterprise Server with either BlackBerry DMZ Solution or the BlackBerry firewall solution. CC ID 04602	System hardening through configuration management	Configuration
Configure automatic master key generation on the BlackBerry Enterprise Server. CC ID 04608	System hardening through configuration management	Configuration
Train BlackBerry handheld device users on the Bluetooth Smart Card Reader's proper usage. CC ID 04603	System hardening through configuration management	Behavior
Verify metamessage software is not installed on BlackBerry handheld devices. CC ID 04604	System hardening through configuration management	Technical Security
Configure e-mail messages to not display a signature line stating the message was sent from a Portable Electronic Device. CC ID 04605	System hardening through configuration management	Configuration
Verify only the specific mobile device web browser software is installed. CC ID 04606	System hardening through configuration management	Configuration
Update the software and master keys for mobile Personal Electronic Devices every 30 days. CC ID 04607	System hardening through configuration management	Configuration
Enable content protection on mobile devices. CC ID 04609	System hardening through configuration management	Configuration
Configure the application policy groups for each mobile Personal Electronic Device. CC ID 04610	System hardening through configuration management	Configuration
Configure the BlackBerry Messenger policy group settings. CC ID 04611	System hardening through configuration management	Configuration
Configure the Camera policy group settings. CC ID 04614	System hardening through configuration management	Configuration
Configure the Bluetooth policy group settings. CC ID 04612	System hardening through configuration management	Configuration
Configure the Bluetooth Smart Card Reader policy group settings. CC ID 04613	System hardening through configuration management	Configuration
Configure the Browser policy group settings. CC ID 04615	System hardening through configuration management	Configuration
Configure the Certificate Sync policy group settings. CC ID 04616	System hardening through configuration management	Configuration
Configure the CMIME policy group settings. CC ID 04617	System hardening through configuration management	Configuration
Configure the Common policy group settings. CC ID 04618	System hardening through configuration management	Configuration
Configure the Desktop-only policy group settings. CC ID 04619	System hardening through configuration management	Configuration
Configure the IOT Application policy group settings. CC ID 04620	System hardening through configuration management	Configuration
Configure the Device-only policy group settings. CC ID 04621	System hardening through configuration management	Configuration
Configure the Desktop policy group settings. CC ID 04622	System hardening through configuration management	Configuration
Configure the Global items policy group settings. CC ID 04623	System hardening through configuration management	Configuration
Configure the Location Based Services policy group settings. CC ID 04624	System hardening through configuration management	Configuration
Configure the MDS policy group settings. CC ID 04625	System hardening through configuration management	Configuration
Configure the On-Device Help policy group settings. CC ID 04626	System hardening through configuration management	Configuration
Configure the Password policy group settings. CC ID 04627	System hardening through configuration management	Configuration
Configure the PIM Sync policy group settings. CC ID 04628	System hardening through configuration management	Configuration
Configure the Secure E-mail policy group settings. CC ID 04629	System hardening through configuration management	Configuration
Configure the Memory Cleaner policy group settings. CC ID 04630	System hardening through configuration management	Configuration
Configure the Security policy group settings. CC ID 04631	System hardening through configuration management	Configuration
Configure the Service Exclusivity policy group settings. CC ID 04632	System hardening through configuration management	Configuration
Configure the SIM Application Toolkit policy group settings. CC ID 04633	System hardening through configuration management	Configuration
Configure the Smart Dialing policy group settings. CC ID 04634	System hardening through configuration management	Configuration
Configure the S/MIME policy group settings. CC ID 04635	System hardening through configuration management	Configuration
Configure the TCP policy group settings. CC ID 04636	System hardening through configuration management	Configuration
Configure the WTLS (Application) policy group settings. CC ID 04638	System hardening through configuration management	Configuration
Configure emergency and critical e-mail notifications so that they are digitally signed. CC ID 04841	System hardening through configuration management	Configuration
Enable data-at-rest encryption on mobile devices. CC ID 04842	System hardening through configuration management	Configuration
Disable the capability to automatically execute code on mobile devices absent user direction. CC ID 08705	System hardening through configuration management	Configuration
Configure environmental sensors on mobile devices. CC ID 10667	System hardening through configuration management	Configuration
Prohibit the remote activation of environmental sensors on mobile devices. CC ID 10666	System hardening through configuration management	Configuration
Configure the mobile device to explicitly show when an environmental sensor is in use. CC ID 10668	System hardening through configuration management	Configuration
Configure the environmental sensor to report collected data to designated personnel only. CC ID 10669	System hardening through configuration management	Configuration
Configure Account settings in accordance with organizational standards. CC ID 07603	System hardening through configuration management	Configuration
Configure the "Account lockout duration" to organizational standards. CC ID 07771 [Automatically [Selection (one or more): lock the account or node for an [Assignment: organization-defined time period]; lock the account or node until released by an administrator; delay next logon prompt; notify system administrator; take other action] when the maximum number of unsuccessful attempts is exceeded. 03.01.08 b.]	System hardening through configuration management	Configuration
Configure Logging settings in accordance with organizational standards. CC ID 07611	System hardening through configuration management	Configuration
Configure the detailed data elements to be captured for all logs so that events are identified by type, location, subject, user, what data was accessed, etc. CC ID 06331 [{place} Include the following content in audit records: Where the event occurred 03.03.02 a.3. Provide additional information for audit records as needed. 03.03.02 b.]	System hardening through configuration management	Configuration
Configure the log to capture the user's identification. CC ID 01334 [Include the following content in audit records: Identity of the individuals, subjects, objects, or entities associated with the event 03.03.02 a.6.]	System hardening through configuration management	Configuration
Configure the log to capture a date and time stamp. CC ID 01336 [{time} Include the following content in audit records: When the event occurred 03.03.02 a.2. Record time stamps for audit records that meet [Assignment: organization-defined granularity of time measurement] and that use Coordinated Universal Time (UTC), have a fixed local time offset from UTC, or include the local time offset as part of the time stamp. 03.03.07 b.]	System hardening through configuration management	Configuration
Configure the log to uniquely identify each asset. CC ID 01339 [Include the following content in audit records: Identity of the individuals, subjects, objects, or entities associated with the event 03.03.02 a.6.]	System hardening through configuration management	Configuration
Configure the log to capture the type of each event. CC ID 06423 [Include the following content in audit records: What type of event occurred 03.03.02 a.1.]	System hardening through configuration management	Configuration
Configure the log to capture the details of electronic signature transactions. CC ID 16910	System hardening through configuration management	Log Management
Configure the log to uniquely identify each accessed record. CC ID 16909	System hardening through configuration management	Log Management
Configure the log to capture each event's success or failure indication. CC ID 06424 [Include the following content in audit records: Outcome of the event 03.03.02 a.5.]	System hardening through configuration management	Configuration
Configure all logs to capture auditable events or actionable events. CC ID 06332	System hardening through configuration management	Configuration
Configure the event log settings for specific Operating System functions. CC ID 06337	System hardening through configuration management	Configuration
Generate an alert when an audit log failure occurs. CC ID 06737 [Alert organizational personnel or roles within [Assignment: organization-defined time period] in the event of an audit logging process failure. 03.03.04 a.]	System hardening through configuration management	Configuration
Configure Key, Certificate, Password, Authentication and Identity Management settings in accordance with organizational standards. CC ID 07621	System hardening through configuration management	Configuration
Configure the "Password must meet complexity requirements" to organizational standards. CC ID 07743 [Enforce the following composition and complexity rules for passwords: [Assignment: organization-defined composition and complexity rules]. 03.05.07 f.]	System hardening through configuration management	Configuration
Configure the "Enforce password history" to organizational standards. CC ID 07877 [Prevent the reuse of identifiers for [Assignment: organization-defined time period]. 03.05.05 c.]	System hardening through configuration management	Configuration
Configure security and protection software according to Organizational Standards. CC ID 11917	System hardening through configuration management	Configuration
Configure security and protection software to check e-mail attachments. CC ID 11860 [Configure malicious code protection mechanisms to: Perform scans of the system [Assignment: organization-defined frequency] and real-time scans of files from external sources at endpoints or system entry and exit points as the files are downloaded, opened, or executed; and 03.14.02 c.1.]	System hardening through configuration management	Configuration
Establish, implement, and maintain a Configuration Baseline Documentation Record. CC ID 02130 [Review and update the baseline configuration of the system [Assignment: organization-defined frequency] and when system components are installed or modified. 03.04.01 b.]	System hardening through configuration management	Establish/Maintain Documentation
Document and approve any changes to the Configuration Baseline Documentation Record. CC ID 12104	System hardening through configuration management	Establish/Maintain Documentation
Create a hardened image of the baseline configuration to be used for building new systems. CC ID 07063	System hardening through configuration management	Configuration
Store master images on securely configured servers. CC ID 12089	System hardening through configuration management	Technical Security
Establish, implement, and maintain records management policies. CC ID 00903	Records management	Establish/Maintain Documentation
Determine how long to keep records and logs before disposing them. CC ID 11661	Records management	Process or Activity
Retain records in accordance with applicable requirements. CC ID 00968 [Retain audit records for a time period consistent with the records retention policy. 03.03.03 b. Manage and retain CUI within the system and CUI output from the system in accordance with applicable laws, Executive Orders, directives, regulations, policies, standards, guidelines, and operational requirements. 03.14.08 ¶ 1]	Records management	Records Management
Establish, implement, and maintain storage media disposition and destruction procedures. CC ID 11657	Records management	Establish/Maintain Documentation
Sanitize electronic storage media in accordance with organizational standards. CC ID 16464	Records management	Data and Information Management
Sanitize all electronic storage media before disposing a system or redeploying a system. CC ID 01643 [Sanitize system media that contain CUI prior to disposal, release out of organizational control, or release for reuse. 03.08.03 ¶ 1]	Records management	Data and Information Management
Establish, implement, and maintain records management procedures. CC ID 11619	Records management	Establish/Maintain Documentation
Establish, implement, and maintain electronic storage media management procedures. CC ID 00931	Records management	Establish/Maintain Documentation
Establish, implement, and maintain security label procedures. CC ID 06747 [Mark system media that contain CUI to indicate distribution limitations, handling caveats, and applicable CUI markings. 03.08.04 ¶ 1]	Records management	Establish/Maintain Documentation
Label restricted storage media appropriately. CC ID 00966	Records management	Data and Information Management
Establish, implement, and maintain restricted material identification procedures. CC ID 01889	Records management	Establish/Maintain Documentation
Conspicuously locate the restricted record's overall classification. CC ID 01890	Records management	Establish/Maintain Documentation
Mark a restricted record's displayed pages or printed pages with the appropriate classification. CC ID 01891	Records management	Establish/Maintain Documentation
Mark a restricted record's components (appendices, annexes) with the appropriate classification. CC ID 01892	Records management	Establish/Maintain Documentation
Mark a restricted record's portions (paragraphs, sections) with the appropriate classification. CC ID 01893	Records management	Establish/Maintain Documentation
Mark a restricted record's subject line or title with the appropriate classification. CC ID 01894	Records management	Establish/Maintain Documentation
Mark all forms of electronic messages that contain restricted data or restricted information with the appropriate classification. CC ID 01896	Records management	Data and Information Management
Establish, implement, and maintain online storage controls. CC ID 00942	Records management	Technical Security
Establish, implement, and maintain security controls appropriate to the record types and electronic storage media. CC ID 00943	Records management	Records Management
Provide encryption for different types of electronic storage media. CC ID 00945 [Implement cryptographic mechanisms to prevent the unauthorized disclosure of CUI during transmission and while in storage. 03.13.08 ¶ 1]	Records management	Technical Security
Establish, implement, and maintain electronic storage media security controls. CC ID 13204 [Protect the confidentiality of backup information. 03.08.09 a.]	Records management	Technical Security
Initiate the System Development Life Cycle planning phase. CC ID 06266	Systems design, build, and implementation	Systems Design, Build, and Implementation
Establish, implement, and maintain system design principles and system design guidelines. CC ID 01057	Systems design, build, and implementation	Establish/Maintain Documentation
Establish, implement, and maintain security design principles. CC ID 14718 [Apply the following systems security engineering principles to the development or modification of the system and system components: [Assignment: organization-defined systems security engineering principles]. 03.16.01 ¶ 1]	Systems design, build, and implementation	Systems Design, Build, and Implementation
Include reduced complexity of systems or system components in the security design principles. CC ID 14753	Systems design, build, and implementation	Systems Design, Build, and Implementation
Include self-reliant trustworthiness of systems or system components in the security design principles. CC ID 14752	Systems design, build, and implementation	Systems Design, Build, and Implementation
Include partially ordered dependencies of systems or system components in the security design principles. CC ID 14751	Systems design, build, and implementation	Systems Design, Build, and Implementation
Include modularity and layering of systems or system components in the security design principles. CC ID 14750	Systems design, build, and implementation	Systems Design, Build, and Implementation
Include secure evolvability of systems or system components in the security design principles. CC ID 14749	Systems design, build, and implementation	Systems Design, Build, and Implementation
Include continuous protection of systems or system components in the security design principles. CC ID 14748	Systems design, build, and implementation	Establish/Maintain Documentation
Include least common mechanisms between systems or system components in the security design principles. CC ID 14747	Systems design, build, and implementation	Systems Design, Build, and Implementation
Include secure system modification of systems or system components in the security design principles. CC ID 14746	Systems design, build, and implementation	Systems Design, Build, and Implementation
Include clear abstractions of systems or system components in the security design principles. CC ID 14745	Systems design, build, and implementation	Systems Design, Build, and Implementation
Include secure failure and recovery of systems or system components in the security design principles. CC ID 14744	Systems design, build, and implementation	Systems Design, Build, and Implementation
Include repeatable and documented procedures for systems or system components in the security design principles. CC ID 14743	Systems design, build, and implementation	Systems Design, Build, and Implementation
Include least privilege of systems or system components in the security design principles. CC ID 14742	Systems design, build, and implementation	Systems Design, Build, and Implementation
Include minimized sharing of systems or system components in the security design principles. CC ID 14741	Systems design, build, and implementation	Systems Design, Build, and Implementation
Include acceptable security of systems or system components in the security design principles. CC ID 14740	Systems design, build, and implementation	Systems Design, Build, and Implementation
Include minimized security elements in systems or system components in the security design principles. CC ID 14739	Systems design, build, and implementation	Systems Design, Build, and Implementation
Include hierarchical protection in systems or system components in the security design principles. CC ID 14738	Systems design, build, and implementation	Systems Design, Build, and Implementation
Include self-analysis of systems or system components in the security design principles. CC ID 14737	Systems design, build, and implementation	Systems Design, Build, and Implementation
Include inverse modification thresholds in systems or system components in the security design principles. CC ID 14736	Systems design, build, and implementation	Systems Design, Build, and Implementation
Include efficiently mediated access to systems or system components in the security design principles. CC ID 14735	Systems design, build, and implementation	Systems Design, Build, and Implementation
Include secure distributed composition of systems or system components in the security design principles. CC ID 14734	Systems design, build, and implementation	Systems Design, Build, and Implementation
Include minimization of systems or system components in the security design principles. CC ID 14733	Systems design, build, and implementation	Systems Design, Build, and Implementation
Include secure defaults in systems or system components in the security design principles. CC ID 14732	Systems design, build, and implementation	Systems Design, Build, and Implementation
Include trusted communications channels for systems or system components in the security design principles. CC ID 14731	Systems design, build, and implementation	Systems Design, Build, and Implementation
Include economic security in systems or system components in the security design principles. CC ID 14730	Systems design, build, and implementation	Systems Design, Build, and Implementation
Include trusted components of systems or system components in the security design principles. CC ID 14729	Systems design, build, and implementation	Systems Design, Build, and Implementation
Include procedural rigor in systems or system components in the security design principles. CC ID 14728	Systems design, build, and implementation	Systems Design, Build, and Implementation
Include accountability and traceability of systems or system components in the security design principles. CC ID 14727	Systems design, build, and implementation	Systems Design, Build, and Implementation
Include hierarchical trust in systems or system components in the security design principles. CC ID 14726	Systems design, build, and implementation	Systems Design, Build, and Implementation
Include sufficient documentation for systems or system components in the security design principles. CC ID 14725	Systems design, build, and implementation	Systems Design, Build, and Implementation
Include performance security of systems or system components in the security design principles. CC ID 14724	Systems design, build, and implementation	Systems Design, Build, and Implementation
Include human factored security in systems or system components in the security design principles. CC ID 14723	Systems design, build, and implementation	Systems Design, Build, and Implementation
Include secure metadata management of systems or system components in the security design principles. CC ID 14722	Systems design, build, and implementation	Systems Design, Build, and Implementation
Include predicate permission of systems or system components in the security design principles. CC ID 14721	Systems design, build, and implementation	Systems Design, Build, and Implementation
Plan for acquiring facilities, technology, or services. CC ID 06892	Acquisition or sale of facilities, technology, and services	Acquisition/Sale of Assets or Services
Establish, implement, and maintain a product and services acquisition strategy. CC ID 01133 [Develop and implement acquisition strategies, contract tools, and procurement methods to identify, protect against, and mitigate supply chain risks. 03.17.02 ¶ 1]	Acquisition or sale of facilities, technology, and services	Establish/Maintain Documentation
Establish, implement, and maintain a supply chain management program. CC ID 11742	Third Party and supply chain oversight	Establish/Maintain Documentation
Establish, implement, and maintain information flow agreements with all third parties. CC ID 04543 [Permit authorized individuals to use external systems to access the organizational system or to process, store, or transmit CUI only after: Retaining approved system connection or processing agreements with the organizational entities hosting the external systems. 03.01.20 c.2. Approve and manage the exchange of CUI between the system and other systems using [Selection (one or more): interconnection security agreements; information exchange security agreements; memoranda of understanding or agreement; service-level agreements; user agreements; non-disclosure agreements; other types of agreements]. 03.12.05 a. Approve and manage the exchange of CUI between the system and other systems using [Selection (one or more): interconnection security agreements; information exchange security agreements; memoranda of understanding or agreement; service-level agreements; user agreements; non-disclosure agreements; other types of agreements]. 03.12.05 a.]	Third Party and supply chain oversight	Establish/Maintain Documentation
Include the purpose in the information flow agreement. CC ID 17016	Third Party and supply chain oversight	Establish/Maintain Documentation
Include the type of information being transmitted in the information flow agreement. CC ID 14245 [Document interface characteristics, security requirements, and responsibilities for each system as part of the exchange agreements. 03.12.05 b.]	Third Party and supply chain oversight	Establish/Maintain Documentation
Include the costs in the information flow agreement. CC ID 17018	Third Party and supply chain oversight	Establish/Maintain Documentation
Include the security requirements in the information flow agreement. CC ID 14244 [Document interface characteristics, security requirements, and responsibilities for each system as part of the exchange agreements. 03.12.05 b.]	Third Party and supply chain oversight	Establish/Maintain Documentation
Include the interface characteristics in the information flow agreement. CC ID 14240 [Document interface characteristics, security requirements, and responsibilities for each system as part of the exchange agreements. 03.12.05 b.]	Third Party and supply chain oversight	Establish/Maintain Documentation
Include a description of the data or information to be covered in third party contracts. CC ID 06510 [Approve and manage the exchange of CUI between the system and other systems using [Selection (one or more): interconnection security agreements; information exchange security agreements; memoranda of understanding or agreement; service-level agreements; user agreements; non-disclosure agreements; other types of agreements]. 03.12.05 a.]	Third Party and supply chain oversight	Establish/Maintain Documentation
Include text about access, use, disclosure, and transfer of data or information in third party contracts. CC ID 11610	Third Party and supply chain oversight	Business Processes
Include text about data ownership in third party contracts. CC ID 06502	Third Party and supply chain oversight	Establish/Maintain Documentation
Establish, implement, and maintain Service Level Agreements with the organization's supply chain. CC ID 00838 [Approve and manage the exchange of CUI between the system and other systems using [Selection (one or more): interconnection security agreements; information exchange security agreements; memoranda of understanding or agreement; service-level agreements; user agreements; non-disclosure agreements; other types of agreements]. 03.12.05 a.]	Third Party and supply chain oversight	Process or Activity
Include the responsible party for managing complaints in third party contracts. CC ID 10022	Third Party and supply chain oversight	Establish Roles
Include risk management procedures in the supply chain management policy. CC ID 08811 [Enforce the following security requirements to protect against supply chain risks to the system, system components, or system services and to limit the harm or consequences from supply chain-related events: [Assignment: organization-defined security requirements]. 03.17.03 b.]	Third Party and supply chain oversight	Establish/Maintain Documentation
Include a determination on the impact of services provided by third-party service providers in the supply chain risk assessment report. CC ID 17187	Third Party and supply chain oversight	Establish/Maintain Documentation
Include a determination of the complexity of the third party relationships in the supply chain risk assessment. CC ID 10024	Third Party and supply chain oversight	Business Processes
Include a determination of financial benefits over actual costs of third party relationships in the supply chain risk assessment report. CC ID 10025	Third Party and supply chain oversight	Establish/Maintain Documentation
Include a determination of how third party relationships affect strategic initiatives in the supply chain risk assessment report. CC ID 10026	Third Party and supply chain oversight	Establish/Maintain Documentation
Include a determination if the third party relationship will affect employees in the supply chain risk assessment report. CC ID 10027	Third Party and supply chain oversight	Business Processes
Include a determination of customer interactions with third parties in the supply chain risk assessment report. CC ID 10028	Third Party and supply chain oversight	Establish/Maintain Documentation
Include a determination on the risks third parties pose to Information Security in the supply chain risk assessment report. CC ID 10029	Third Party and supply chain oversight	Establish/Maintain Documentation
Conduct all parts of the supply chain due diligence process. CC ID 08854	Third Party and supply chain oversight	Business Processes
Include a requirement in outsourcing contracts that supply chain members must implement security controls to protect information. CC ID 13353	Third Party and supply chain oversight	Establish/Maintain Documentation