UCF STIG Viewer Logo

NIST SP 800-53 Full Control List

Num. Title Impact
AC-1 ACCESS CONTROL POLICY AND PROCEDURES LOW
AC-2 ACCOUNT MANAGEMENT LOW
AC-3 ACCESS ENFORCEMENT LOW
AC-4 INFORMATION FLOW ENFORCEMENT MODERATE
AC-5 SEPARATION OF DUTIES MODERATE
AC-6 LEAST PRIVILEGE MODERATE
AC-7 UNSUCCESSFUL LOGON ATTEMPTS LOW
AC-8 SYSTEM USE NOTIFICATION LOW
AC-9 PREVIOUS LOGON (ACCESS) NOTIFICATION
AC-10 CONCURRENT SESSION CONTROL HIGH
AC-11 SESSION LOCK MODERATE
AC-12 SESSION TERMINATION MODERATE
AC-13 SUPERVISION AND REVIEW � ACCESS CONTROL
AC-14 PERMITTED ACTIONS WITHOUT IDENTIFICATION OR AUTHENTICATION LOW
AC-15 AUTOMATED MARKING
AC-16 SECURITY ATTRIBUTES
AC-17 REMOTE ACCESS LOW
AC-18 WIRELESS ACCESS LOW
AC-19 ACCESS CONTROL FOR MOBILE DEVICES LOW
AC-20 USE OF EXTERNAL INFORMATION SYSTEMS LOW
AC-21 INFORMATION SHARING MODERATE
AC-22 PUBLICLY ACCESSIBLE CONTENT LOW
AC-23 DATA MINING PROTECTION
AC-24 ACCESS CONTROL DECISIONS
AC-25 REFERENCE MONITOR
AT-1 SECURITY AWARENESS AND TRAINING POLICY AND PROCEDURES LOW
AT-2 SECURITY AWARENESS TRAINING LOW
AT-3 ROLE-BASED SECURITY TRAINING LOW
AT-4 SECURITY TRAINING RECORDS LOW
AT-5 CONTACTS WITH SECURITY GROUPS AND ASSOCIATIONS
AU-1 AUDIT AND ACCOUNTABILITY POLICY AND PROCEDURES LOW
AU-2 AUDIT EVENTS LOW
AU-3 CONTENT OF AUDIT RECORDS LOW
AU-4 AUDIT STORAGE CAPACITY LOW
AU-5 RESPONSE TO AUDIT PROCESSING FAILURES LOW
AU-6 AUDIT REVIEW, ANALYSIS, AND REPORTING LOW
AU-7 AUDIT REDUCTION AND REPORT GENERATION MODERATE
AU-8 TIME STAMPS LOW
AU-9 PROTECTION OF AUDIT INFORMATION LOW
AU-10 NON-REPUDIATION HIGH
AU-11 AUDIT RECORD RETENTION LOW
AU-12 AUDIT GENERATION LOW
AU-13 MONITORING FOR INFORMATION DISCLOSURE
AU-14 SESSION AUDIT
AU-15 ALTERNATE AUDIT CAPABILITY
AU-16 CROSS-ORGANIZATIONAL AUDITING
CA-1 SECURITY ASSESSMENT AND AUTHORIZATION POLICY AND PROCEDURES LOW
CA-2 SECURITY ASSESSMENTS LOW
CA-3 SYSTEM INTERCONNECTIONS LOW
CA-4 SECURITY CERTIFICATION
CA-5 PLAN OF ACTION AND MILESTONES LOW
CA-6 SECURITY AUTHORIZATION LOW
CA-7 CONTINUOUS MONITORING LOW
CA-8 PENETRATION TESTING HIGH
CA-9 INTERNAL SYSTEM CONNECTIONS LOW
CM-1 CONFIGURATION MANAGEMENT POLICY AND PROCEDURES LOW
CM-2 BASELINE CONFIGURATION LOW
CM-3 CONFIGURATION CHANGE CONTROL MODERATE
CM-4 SECURITY IMPACT ANALYSIS LOW
CM-5 ACCESS RESTRICTIONS FOR CHANGE MODERATE
CM-6 CONFIGURATION SETTINGS LOW
CM-7 LEAST FUNCTIONALITY LOW
CM-8 INFORMATION SYSTEM COMPONENT INVENTORY LOW
CM-9 CONFIGURATION MANAGEMENT PLAN MODERATE
CM-10 SOFTWARE USAGE RESTRICTIONS LOW
CM-11 USER-INSTALLED SOFTWARE LOW
CP-1 CONTINGENCY PLANNING POLICY AND PROCEDURES LOW
CP-2 CONTINGENCY PLAN LOW
CP-3 CONTINGENCY TRAINING LOW
CP-4 CONTINGENCY PLAN TESTING LOW
CP-5 CONTINGENCY PLAN UPDATE
CP-6 ALTERNATE STORAGE SITE MODERATE
CP-7 ALTERNATE PROCESSING SITE MODERATE
CP-8 TELECOMMUNICATIONS SERVICES MODERATE
CP-9 INFORMATION SYSTEM BACKUP LOW
CP-10 INFORMATION SYSTEM RECOVERY AND RECONSTITUTION LOW
CP-11 ALTERNATE COMMUNICATIONS PROTOCOLS
CP-12 SAFE MODE
CP-13 ALTERNATIVE SECURITY MECHANISMS
IA-1 IDENTIFICATION AND AUTHENTICATION POLICY AND PROCEDURES LOW
IA-2 IDENTIFICATION AND AUTHENTICATION (ORGANIZATIONAL USERS) LOW
IA-3 DEVICE IDENTIFICATION AND AUTHENTICATION MODERATE
IA-4 IDENTIFIER MANAGEMENT LOW
IA-5 AUTHENTICATOR MANAGEMENT LOW
IA-6 AUTHENTICATOR FEEDBACK LOW
IA-7 CRYPTOGRAPHIC MODULE AUTHENTICATION LOW
IA-8 IDENTIFICATION AND AUTHENTICATION (NON-ORGANIZATIONAL USERS) LOW
IA-9 SERVICE IDENTIFICATION AND AUTHENTICATION
IA-10 ADAPTIVE IDENTIFICATION AND AUTHENTICATION
IA-11 RE-AUTHENTICATION
IR-1 INCIDENT RESPONSE POLICY AND PROCEDURES LOW
IR-2 INCIDENT RESPONSE TRAINING LOW
IR-3 INCIDENT RESPONSE TESTING MODERATE
IR-4 INCIDENT HANDLING LOW
IR-5 INCIDENT MONITORING LOW
IR-6 INCIDENT REPORTING LOW
IR-7 INCIDENT RESPONSE ASSISTANCE LOW
IR-8 INCIDENT RESPONSE PLAN LOW
IR-9 INFORMATION SPILLAGE RESPONSE
IR-10 INTEGRATED INFORMATION SECURITY ANALYSIS TEAM
MA-1 SYSTEM MAINTENANCE POLICY AND PROCEDURES LOW
MA-2 CONTROLLED MAINTENANCE LOW
MA-3 MAINTENANCE TOOLS MODERATE
MA-4 NONLOCAL MAINTENANCE LOW
MA-5 MAINTENANCE PERSONNEL LOW
MA-6 TIMELY MAINTENANCE MODERATE
MP-1 MEDIA PROTECTION POLICY AND PROCEDURES LOW
MP-2 MEDIA ACCESS LOW
MP-3 MEDIA MARKING MODERATE
MP-4 MEDIA STORAGE MODERATE
MP-5 MEDIA TRANSPORT MODERATE
MP-6 MEDIA SANITIZATION LOW
MP-7 MEDIA USE LOW
MP-8 MEDIA DOWNGRADING
PE-1 PHYSICAL AND ENVIRONMENTAL PROTECTION POLICY AND PROCEDURES LOW
PE-2 PHYSICAL ACCESS AUTHORIZATIONS LOW
PE-3 PHYSICAL ACCESS CONTROL LOW
PE-4 ACCESS CONTROL FOR TRANSMISSION MEDIUM MODERATE
PE-5 ACCESS CONTROL FOR OUTPUT DEVICES MODERATE
PE-6 MONITORING PHYSICAL ACCESS LOW
PE-7 VISITOR CONTROL
PE-8 VISITOR ACCESS RECORDS LOW
PE-9 POWER EQUIPMENT AND CABLING MODERATE
PE-10 EMERGENCY SHUTOFF MODERATE
PE-11 EMERGENCY POWER MODERATE
PE-12 EMERGENCY LIGHTING LOW
PE-13 FIRE PROTECTION LOW
PE-14 TEMPERATURE AND HUMIDITY CONTROLS LOW
PE-15 WATER DAMAGE PROTECTION LOW
PE-16 DELIVERY AND REMOVAL LOW
PE-17 ALTERNATE WORK SITE MODERATE
PE-18 LOCATION OF INFORMATION SYSTEM COMPONENTS HIGH
PE-19 INFORMATION LEAKAGE
PE-20 ASSET MONITORING AND TRACKING
PL-1 SECURITY PLANNING POLICY AND PROCEDURES LOW
PL-2 SYSTEM SECURITY PLAN LOW
PL-3 SYSTEM SECURITY PLAN UPDATE
PL-4 RULES OF BEHAVIOR LOW
PL-5 PRIVACY IMPACT ASSESSMENT
PL-6 SECURITY-RELATED ACTIVITY PLANNING
PL-7 SECURITY CONCEPT OF OPERATIONS
PL-8 INFORMATION SECURITY ARCHITECTURE MODERATE
PL-9 CENTRAL MANAGEMENT
PS-1 PERSONNEL SECURITY POLICY AND PROCEDURES LOW
PS-2 POSITION RISK DESIGNATION LOW
PS-3 PERSONNEL SCREENING LOW
PS-4 PERSONNEL TERMINATION LOW
PS-5 PERSONNEL TRANSFER LOW
PS-6 ACCESS AGREEMENTS LOW
PS-7 THIRD-PARTY PERSONNEL SECURITY LOW
PS-8 PERSONNEL SANCTIONS LOW
RA-1 RISK ASSESSMENT POLICY AND PROCEDURES LOW
RA-2 SECURITY CATEGORIZATION LOW
RA-3 RISK ASSESSMENT LOW
RA-4 RISK ASSESSMENT UPDATE
RA-5 VULNERABILITY SCANNING LOW
RA-6 TECHNICAL SURVEILLANCE COUNTERMEASURES SURVEY
SA-1 SYSTEM AND SERVICES ACQUISITION POLICY AND PROCEDURES LOW
SA-2 ALLOCATION OF RESOURCES LOW
SA-3 SYSTEM DEVELOPMENT LIFE CYCLE LOW
SA-4 ACQUISITION PROCESS LOW
SA-5 INFORMATION SYSTEM DOCUMENTATION LOW
SA-6 SOFTWARE USAGE RESTRICTIONS
SA-7 USER-INSTALLED SOFTWARE
SA-8 SECURITY ENGINEERING PRINCIPLES MODERATE
SA-9 EXTERNAL INFORMATION SYSTEM SERVICES LOW
SA-10 DEVELOPER CONFIGURATION MANAGEMENT MODERATE
SA-11 DEVELOPER SECURITY TESTING AND EVALUATION MODERATE
SA-12 SUPPLY CHAIN PROTECTION HIGH
SA-13 TRUSTWORTHINESS
SA-14 CRITICALITY ANALYSIS
SA-15 DEVELOPMENT PROCESS, STANDARDS, AND TOOLS HIGH
SA-16 DEVELOPER-PROVIDED TRAINING HIGH
SA-17 DEVELOPER SECURITY ARCHITECTURE AND DESIGN HIGH
SA-18 TAMPER RESISTANCE AND DETECTION
SA-19 COMPONENT AUTHENTICITY
SA-20 CUSTOMIZED DEVELOPMENT OF CRITICAL COMPONENTS
SA-21 DEVELOPER SCREENING
SA-22 UNSUPPORTED SYSTEM COMPONENTS
SC-1 SYSTEM AND COMMUNICATIONS PROTECTION POLICY AND PROCEDURES LOW
SC-2 APPLICATION PARTITIONING MODERATE
SC-3 SECURITY FUNCTION ISOLATION HIGH
SC-4 INFORMATION IN SHARED RESOURCES MODERATE
SC-5 DENIAL OF SERVICE PROTECTION LOW
SC-6 RESOURCE AVAILABILITY
SC-7 BOUNDARY PROTECTION LOW
SC-8 TRANSMISSION CONFIDENTIALITY AND INTEGRITY MODERATE
SC-9 TRANSMISSION CONFIDENTIALITY
SC-10 NETWORK DISCONNECT MODERATE
SC-11 TRUSTED PATH
SC-12 CRYPTOGRAPHIC KEY ESTABLISHMENT AND MANAGEMENT LOW
SC-13 CRYPTOGRAPHIC PROTECTION LOW
SC-14 PUBLIC ACCESS PROTECTIONS
SC-15 COLLABORATIVE COMPUTING DEVICES LOW
SC-16 TRANSMISSION OF SECURITY ATTRIBUTES
SC-17 PUBLIC KEY INFRASTRUCTURE CERTIFICATES MODERATE
SC-18 MOBILE CODE MODERATE
SC-19 VOICE OVER INTERNET PROTOCOL MODERATE
SC-20 SECURE NAME / ADDRESS RESOLUTION SERVICE (AUTHORITATIVE SOURCE) LOW
SC-21 SECURE NAME / ADDRESS RESOLUTION SERVICE (RECURSIVE OR CACHING RESOLVER) LOW
SC-22 ARCHITECTURE AND PROVISIONING FOR NAME / ADDRESS RESOLUTION SERVICE LOW
SC-23 SESSION AUTHENTICITY MODERATE
SC-24 FAIL IN KNOWN STATE HIGH
SC-25 THIN NODES
SC-26 HONEYPOTS
SC-27 PLATFORM-INDEPENDENT APPLICATIONS
SC-28 PROTECTION OF INFORMATION AT REST MODERATE
SC-29 HETEROGENEITY
SC-30 CONCEALMENT AND MISDIRECTION
SC-31 COVERT CHANNEL ANALYSIS
SC-32 INFORMATION SYSTEM PARTITIONING
SC-33 TRANSMISSION PREPARATION INTEGRITY
SC-34 NON-MODIFIABLE EXECUTABLE PROGRAMS
SC-35 HONEYCLIENTS
SC-36 DISTRIBUTED PROCESSING AND STORAGE
SC-37 OUT-OF-BAND CHANNELS
SC-38 OPERATIONS SECURITY
SC-39 PROCESS ISOLATION LOW
SC-40 WIRELESS LINK PROTECTION
SC-41 PORT AND I/O DEVICE ACCESS
SC-42 SENSOR CAPABILITY AND DATA
SC-43 USAGE RESTRICTIONS
SC-44 DETONATION CHAMBERS
SI-1 SYSTEM AND INFORMATION INTEGRITY POLICY AND PROCEDURES LOW
SI-2 FLAW REMEDIATION LOW
SI-3 MALICIOUS CODE PROTECTION LOW
SI-4 INFORMATION SYSTEM MONITORING LOW
SI-5 SECURITY ALERTS, ADVISORIES, AND DIRECTIVES LOW
SI-6 SECURITY FUNCTION VERIFICATION HIGH
SI-7 SOFTWARE, FIRMWARE, AND INFORMATION INTEGRITY MODERATE
SI-8 SPAM PROTECTION MODERATE
SI-9 INFORMATION INPUT RESTRICTIONS
SI-10 INFORMATION INPUT VALIDATION MODERATE
SI-11 ERROR HANDLING MODERATE
SI-12 INFORMATION HANDLING AND RETENTION LOW
SI-13 PREDICTABLE FAILURE PREVENTION
SI-14 NON-PERSISTENCE
SI-15 INFORMATION OUTPUT FILTERING
SI-16 MEMORY PROTECTION MODERATE
SI-17 FAIL-SAFE PROCEDURES
PM-1 INFORMATION SECURITY PROGRAM PLAN
PM-2 SENIOR INFORMATION SECURITY OFFICER
PM-3 INFORMATION SECURITY RESOURCES
PM-4 PLAN OF ACTION AND MILESTONES PROCESS
PM-5 INFORMATION SYSTEM INVENTORY
PM-6 INFORMATION SECURITY MEASURES OF PERFORMANCE
PM-7 ENTERPRISE ARCHITECTURE
PM-8 CRITICAL INFRASTRUCTURE PLAN
PM-9 RISK MANAGEMENT STRATEGY
PM-10 SECURITY AUTHORIZATION PROCESS
PM-11 MISSION/BUSINESS PROCESS DEFINITION
PM-12 INSIDER THREAT PROGRAM
PM-13 INFORMATION SECURITY WORKFORCE
PM-14 TESTING, TRAINING, AND MONITORING
PM-15 CONTACTS WITH SECURITY GROUPS AND ASSOCIATIONS
PM-16 THREAT AWARENESS PROGRAM