OpenControls Logo

STIG Viewer

DOD Instruction 8500.2 Full Control List

Click on a control to view detailed information.

Low Impact
Medium Impact
High Impact
NumberTitleImpactSubject AreaActions
COAS-1Alternate Site DesignationMediumContinuity
COAS-2Alternate Site DesignationHighContinuity
COBR-1Protection of Backup and Restoration AssetsHighContinuity
CODB-1Data Backup ProceduresLowContinuity
CODB-2Data Backup ProceduresMediumContinuity
CODB-3Data Backup ProceduresMediumContinuity
CODP-1Disaster and Recovery PlanningLowContinuity
CODP-2Disaster and Recovery PlanningMediumContinuity
CODP-3Disaster and Recovery PlanningMediumContinuity
COEB-1Enclave Boundary DefenseMediumContinuity
COEB-2Enclave Boundary DefenseHighContinuity
COED-1Scheduled Exercises and DrillsLowContinuity
COED-2Scheduled Exercises and DrillsMediumContinuity
COEF-1Identification of Essential FunctionsLowContinuity
COEF-2Identification of Essential FunctionsMediumContinuity
COMS-1Maintenance SupportLowContinuity
COMS-2Maintenance SupportMediumContinuity
COPS-1Power SupplyLowContinuity
COPS-2Power SupplyMediumContinuity
COPS-3Power SupplyMediumContinuity
COSP-1Spares and PartsLowContinuity
COSP-2Spares and PartsMediumContinuity
COSW-1Backup Copies of Critical SWHighContinuity
COTR-1Trusted RecoveryHighContinuity
DCAR-1Procedural ReviewMediumSecurity Design and Configuration
DCAS-1Acquisition StandardsHighSecurity Design and Configuration
DCBP-1Best Security PracticesMediumSecurity Design and Configuration
DCCB-1Control BoardLowSecurity Design and Configuration
DCCB-2Control BoardMediumSecurity Design and Configuration
DCCS-1Configuration SpecificationsHighSecurity Design and Configuration
DCCS-2Configuration SpecificationsHighSecurity Design and Configuration
DCCT-1Compliance TestingMediumSecurity Design and Configuration
DCDS-1Dedicated IA ServicesMediumSecurity Design and Configuration
DCFA-1Functional Architecture for AIS ApplicationsMediumSecurity Design and Configuration
DCHW-1HW BaselineHighSecurity Design and Configuration
DCID-1Interconnection DocumentationHighSecurity Design and Configuration
DCII-1IA Impact AssessmentMediumSecurity Design and Configuration
DCIT-1IA for IT ServicesHighSecurity Design and Configuration
DCMC-1Mobile CodeMediumSecurity Design and Configuration
DCNR-1Non-repudiationMediumSecurity Design and Configuration
DCPA-1Partitioning the ApplicationLowSecurity Design and Configuration
DCPB-1IA Program and BudgetHighSecurity Design and Configuration
DCPD-1Public Domain Software ControlsMediumSecurity Design and Configuration
DCPP-1Ports, Protocols, and ServicesMediumSecurity Design and Configuration
DCPR-1CM ProcessHighSecurity Design and Configuration
DCSD-1IA DocumentationHighSecurity Design and Configuration
DCSL-1System Library Management ControlsMediumSecurity Design and Configuration
DCSP-1Security Support Structure PartitioningMediumSecurity Design and Configuration
DCSQ-1Software QualityMediumSecurity Design and Configuration
DCSR-1Specified Robustness - BasicHighSecurity Design and Configuration
DCSR-2Specified Robustness - MediumHighSecurity Design and Configuration
DCSR-3Specified Robustness – HighHighSecurity Design and Configuration
DCSS-1System State ChangesHighSecurity Design and Configuration
DCSS-2System State ChangesHighSecurity Design and Configuration
DCSW-1SW BaselineHighSecurity Design and Configuration
EBBD-1Boundary DefenseLowEnclave Boundary Defense
EBBD-2Boundary DefenseMediumEnclave Boundary Defense
EBBD-3Boundary DefenseHighEnclave Boundary Defense
EBCR-1Connection RulesMediumEnclave Boundary Defense
EBPW-1Public WAN ConnectionHighEnclave Boundary Defense
EBRP-1Remote Access for Privileged FunctionsHighEnclave Boundary Defense
EBRU-1Remote Access for User FunctionsHighEnclave Boundary Defense
EBVC-1VPN ControlsMediumEnclave Boundary Defense
ECAD-1Affiliation DisplayMediumEnclave Computing Environment
ECAN-1Access for Need-to-KnowHighEnclave Computing Environment
ECAR-1Audit Record Content – Public SystemsLowEnclave Computing Environment
ECAR-2Audit Record Content – Sensitive SystemsMediumEnclave Computing Environment
ECAR-3Audit Record Content – Classified SystemsHighEnclave Computing Environment
ECAT-1Audit Trail, Monitoring, Analysis and ReportingLowEnclave Computing Environment
ECAT-2Audit Trail, Monitoring, Analysis and ReportingMediumEnclave Computing Environment
ECCD-1Changes to DataMediumEnclave Computing Environment
ECCD-2Changes to DataHighEnclave Computing Environment
ECCM-1COMSECHighEnclave Computing Environment
ECCR-1Encryption for Confidentiality (Data at Rest)LowEnclave Computing Environment
ECCR-2Encryption for Confidentiality (Data at Rest)MediumEnclave Computing Environment
ECCR-3Encryption for Confidentiality (Data at Rest)HighEnclave Computing Environment
ECCT-1Encryption for Confidentiality (Data at Transmit)MediumEnclave Computing Environment
ECCT-2Encryption for Confidentiality (Data at Transmit)HighEnclave Computing Environment
ECDC-1Data Change ControlsMediumEnclave Computing Environment
ECIC-1Interconnections among DoD Systems and EnclavesMediumEnclave Computing Environment
ECID-1Host Based IDSMediumEnclave Computing Environment
ECIM-1Instant MessagingMediumEnclave Computing Environment
ECLC-1Audit of Security Label ChangesLowEnclave Computing Environment
ECLO-1LogonMediumEnclave Computing Environment
ECLO-2LogonMediumEnclave Computing Environment
ECLP-1Least PrivilegeHighEnclave Computing Environment
ECML-1Marking and LabelingHighEnclave Computing Environment
ECMT-1Conformance Monitoring and TestingLowEnclave Computing Environment
ECMT-2Conformance Monitoring and TestingMediumEnclave Computing Environment
ECND-1Network Device ControlsLowEnclave Computing Environment
ECND-2Network Device ControlsMediumEnclave Computing Environment
ECNK-1Encryption for Need-To-KnowMediumEnclave Computing Environment
ECNK-2Encryption for Need-To-KnowMediumEnclave Computing Environment
ECPA-1Privileged Account ControlHighEnclave Computing Environment
ECPC-1Production Code Change ControlsMediumEnclave Computing Environment
ECPC-2Production Code Change ControlsMediumEnclave Computing Environment
ECRC-1Resource ControlMediumEnclave Computing Environment
ECRG-1Audit Reduction and Report GenerationLowEnclave Computing Environment
ECRR-1Audit Record RetentionMediumEnclave Computing Environment
ECSC-1Security Configuration ComplianceHighEnclave Computing Environment
ECSD-1Software Development Change ControlsMediumEnclave Computing Environment
ECSD-2Software Development Change ControlsHighEnclave Computing Environment
ECTB-1Audit Trail BackupMediumEnclave Computing Environment
ECTC-1Tempest ControlsHighEnclave Computing Environment
ECTM-1Transmission Integrity ControlsMediumEnclave Computing Environment
ECTM-2Transmission Integrity ControlsMediumEnclave Computing Environment
ECTP-1Audit Trail ProtectionMediumEnclave Computing Environment
ECVI-1Voice-over-IP (VoIP) ProtectionMediumEnclave Computing Environment
ECVP-1Virus ProtectionHighEnclave Computing Environment
ECWM-1Warning MessageLowEnclave Computing Environment
ECWN-1Wireless Computing and NetworkHighEnclave Computing Environment
IAAC-1Account ControlHighIdentification and Authentication
IAGA-1Group AuthenticationMediumIdentification and Authentication
IAIA-1Individual Identification and AuthenticationHighIdentification and Authentication
IAIA-2Individual Identification and AuthenticationHighIdentification and Authentication
IAKM-1Key ManagementMediumIdentification and Authentication
IAKM-2Key ManagementMediumIdentification and Authentication
IAKM-3Key ManagementMediumIdentification and Authentication
IATS-1Token and Certificate StandardsMediumIdentification and Authentication
IATS-2Token and Certificate StandardsMediumIdentification and Authentication
PECF-1Access to Computing FacilitiesHighPhysical and Environmental
PECF-2Access to Computing FacilitiesHighPhysical and Environmental
PECS-1Clearing and SanitizingHighPhysical and Environmental
PECS-2Clearing and SanitizingHighPhysical and Environmental
PEDD-1DestructionHighPhysical and Environmental
PEDI-1Data InterceptionHighPhysical and Environmental
PEEL-1Emergency LightingLowPhysical and Environmental
PEEL-2Emergency LightingMediumPhysical and Environmental
PEFD-1Fire DetectionHighPhysical and Environmental
PEFD-2Fire DetectionHighPhysical and Environmental
PEFI-1Fire InspectionMediumPhysical and Environmental
PEFS-1Fire SuppressionMediumPhysical and Environmental
PEFS-2Fire SuppressionHighPhysical and Environmental
PEHC-1Humidity ControlsMediumPhysical and Environmental
PEHC-2Humidity ControlsMediumPhysical and Environmental
PEMS-1Master Power SwitchHighPhysical and Environmental
PEPF-1Physical Protection of FacilitiesHighPhysical and Environmental
PEPF-2Physical Protection of FacilitiesHighPhysical and Environmental
PEPS-1Physical Security TestingLowPhysical and Environmental
PESL-1Screen LockMediumPhysical and Environmental
PESP-1Workplace Security ProceduresMediumPhysical and Environmental
PESS-1StorageHighPhysical and Environmental
PETC-1Temperature ControlsLowPhysical and Environmental
PETC-2Temperature ControlsMediumPhysical and Environmental
PETN-1Environmental Control TrainingLowPhysical and Environmental
PEVC-1Visitor Control to Computing FacilitiesHighPhysical and Environmental
PEVR-1Voltage RegulatorsHighPhysical and Environmental
PRAS-1Access to InformationHighPersonnel
PRAS-2Access to InformationHighPersonnel
PRMP-1Maintenance PersonnelHighPersonnel
PRMP-2Maintenance PersonnelHighPersonnel
PRNK-1Access to Need-to-Know InformationHighPersonnel
PRRB-1Security Rules of Behavior or Acceptable Use PolicyHighPersonnel
PRTN-1Information Assurance TrainingHighPersonnel
VIIR-1Incident Response PlanningMediumVulnerability and Incident Management
VIIR-2Incident Response PlanningHighVulnerability and Incident Management
VIVM-1Vulnerability ManagementMediumVulnerability and Incident Management