NIEF Ideal Set of Security Controls for Systems with a HIGH-HIGH-LOW Risk Profile, v1.0
Ideal profile of security controls from NIST Special Publication 800-53 r4 for systems that need to operate at a HIGH-HIGH-LOW impact level, as recommended by NIEF. Pertains to systems that operate at HIGH confidentiality, HIGH integrity, and LOW availability. Includes all applicable security controls from NIST SP 800-53 r4, regardless of Priority level. Incorporates security control downgrading guidance, as appropriate, based on recommendations on page 35 of NIST SP 800-53 r4.
Identifier | https://trustmark.nief.org/tpat/tips/nief-ideal-set-of-security-controls-for-systems-with-a-high-high-low-risk-profile/1.0/ | ||||
Publication Date | 2021-08-27 | ||||
Issuing Organization |
NIEF (https://nief.org/)
View Contact
|
||||
Keywords | 800-53, HIGH-HIGH-LOW, Ideal, NIST, NIEF, Security | ||||
Legal Notice | This document and the information contained herein is provided on an "AS IS" basis, and NIEF disclaims all warranties, express or implied, including but not limited to any warranty that the use of the information herein will not infringe any rights or any implied warranties or merchantability or fitness for a particular purpose. In addition, NIEF disclaims legal liability for any loss incurred as a result of the use or reliance on the document or the information contained herein. |
Loading...
Trust Expression:
TIP_NIEFMinimalSetofSecurityControlsforSystemswithaHIGHHIGHLOWRiskProfile and TIP_ref1 and TIP_ref2 and TIP_ref3 and TIP_ref4 and TIP_ref5 and TIP_ref6 and TIP_ref7 and TIP_ref8 and TIP_ref9 and TIP_ref10 and TIP_ref11 and TIP_ref12 and TIP_ref13 and TIP_ref14 and TIP_ref15 and TIP_ref16 and TIP_ref17 and TIP_ref18 and TIP_ref19 and TIP_ref20 and TIP_ref21 and TIP_ref22 and TIP_ref23 and TIP_ref24 and TIP_ref25 and TIP_ref26 and TIP_ref27 and TIP_ref28 and TIP_ref29 and TIP_ref30 and TIP_ref31 and TIP_ref32 and TIP_ref33 and TIP_ref34 and TIP_ref35 and TIP_ref36 and TIP_ref37 and TIP_ref38 and TIP_ref39 and TIP_ref40 and TIP_ref41 and TIP_ref42 and TIP_ref43 and TIP_ref44 and TIP_ref45 and TIP_ref46 and TIP_ref47 and TIP_ref48 and TIP_ref49 and TIP_ref50 and TIP_ref51 and TIP_ref52 and TIP_ref53 and TIP_ref54 and TIP_ref55 and TIP_ref56 and TIP_ref57 and TIP_ref58 and TIP_ref59 and TIP_ref60 and TIP_ref61 and TIP_ref62 and TIP_ref63 and TIP_ref64 and TIP_ref65 and TIP_ref66 and TIP_ref67 and TIP_ref68 and TIP_ref69 and TIP_ref70 and TIP_ref71 and TIP_ref72 and TIP_ref73 and TIP_ref74 and TIP_ref75 and TIP_ref76 and TIP_ref77 and TIP_ref78 and TIP_ref79 and TIP_ref80 and TIP_ref81 and TIP_ref82 and TIP_ref83 and TIP_ref84 and TIP_ref85 and TIP_ref86 and TIP_ref87 and TIP_ref88 and TIP_ref89 and TIP_ref90 and TIP_ref91 and TIP_ref92 and TIP_ref93 and TIP_ref94 and TIP_ref95 and TIP_ref96 and TIP_ref97 and TIP_ref98 and TIP_ref99 and TIP_ref100 and TIP_ref101 and TIP_ref102 and TIP_ref103 and TIP_ref104 and TIP_ref105 and TIP_ref106 and TIP_ref107 and TIP_ref108 and TIP_ref109 and TIP_ref110 and TIP_ref111 and TIP_ref112 and TIP_ref113 and TIP_ref114 and TIP_ref115 and TIP_ref116 and TIP_ref117 and TIP_ref118 and TIP_ref119 and TIP_ref120 and TIP_ref121 and TIP_ref122 and TIP_ref123 and TIP_ref124 and TIP_ref125 and TIP_ref126 and TIP_ref127 and TIP_ref128 and TIP_ref129 and TIP_ref130 and TIP_ref131 and TIP_ref132 and TIP_ref133 and TIP_ref134 and TIP_ref135 and TIP_ref136 and TIP_ref137 and TIP_ref138 and TIP_ref139 and TIP_ref140 and TIP_ref141 and TIP_ref142 and TIP_ref143 and TIP_ref144 and TIP_ref145 and TIP_ref146 and TIP_ref147 and TIP_ref148 and TIP_ref149 and TIP_ref150 and TIP_ref151 and TIP_ref152 and TIP_ref153 and TIP_ref154 and TIP_ref155 and TIP_ref156 and TIP_ref157 and TIP_ref158 and TIP_ref159 and TIP_ref160 and TIP_ref161 and TIP_ref162 and TIP_ref163 and TIP_ref164 and TIP_ref165 and TIP_ref166 and TIP_ref167 and TIP_ref168 and TIP_ref169 and TIP_ref170 and TIP_ref171 and TIP_ref172 and TIP_ref173 and TIP_ref174 and TIP_ref175 and TIP_ref176 and TIP_ref177 and TIP_ref178 and TIP_ref179 and TIP_ref180 and TIP_ref181 and TIP_ref182 and TIP_ref183 and TIP_ref184 and TIP_ref185 and TIP_ref186 and TIP_ref187 and TIP_ref188 and TIP_ref189
References (190)
TIP NIEF Minimal Set of Security Controls for Systems with a HIGH-HIGH-LOW Risk Profile, v1.0 | |
---|---|
Description | Minimal profile of security controls from NIST Special Publication 800-53 r4 for systems that need to operate at a HIGH-HIGH-LOW impact level, as recommended by NIEF. Pertains to systems that operate at HIGH confidentiality, HIGH integrity, and LOW availability. Includes only those applicable security controls from NIST SP 800-53 r4 that have been marked by NIST as Priority P1. Incorporates security control downgrading guidance, as appropriate, based on recommendations on page 35 of NIST SP 800-53 r4. |
ID | TIP_NIEFMinimalSetofSecurityControlsforSystemswithaHIGHHIGHLOWRiskProfile |
TIP NIST SP 800-53 r4 Security Control AC-2 (1): Automated System Account Management, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-2 (1): Automated System Account Management. Applicable to MODERATE impact and HIGH impact systems. |
ID | TIP_ref1 |
TIP NIST SP 800-53 r4 Security Control AC-2 (2): Removal of Temporary / Emergency Accounts, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-2 (2): Removal of Temporary / Emergency Accounts. Applicable to MODERATE impact and HIGH impact systems. |
ID | TIP_ref2 |
TIP NIST SP 800-53 r4 Security Control AC-2 (3): Disable Inactive Accounts, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-2 (3): Disable Inactive Accounts. Applicable to MODERATE impact and HIGH impact systems. |
ID | TIP_ref3 |
TIP NIST SP 800-53 r4 Security Control AC-2 (4): Automated Audit Actions, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-2 (4): Automated Audit Actions. Applicable to MODERATE impact and HIGH impact systems. |
ID | TIP_ref4 |
TIP NIST SP 800-53 r4 Security Control AC-2 (5): Inactivity Logout, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-2 (5): Inactivity Logout. Applicable to HIGH impact systems. |
ID | TIP_ref5 |
TIP NIST SP 800-53 r4 Security Control AC-2 (11): Usage Conditions, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-2 (11): Usage Conditions. Applicable to HIGH impact systems. |
ID | TIP_ref6 |
TIP NIST SP 800-53 r4 Security Control AC-2 (12): Account Monitoring / Atypical Usage, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-2 (12): Account Monitoring / Atypical Usage. Applicable to HIGH impact systems. |
ID | TIP_ref7 |
TIP NIST SP 800-53 r4 Security Control AC-2 (13): Disable Accounts for High-Risk Individuals, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-2 (13): Disable Accounts for High-Risk Individuals. Applicable to HIGH impact systems. |
ID | TIP_ref8 |
TIP NIST SP 800-53 r4 Security Control AC-6 (1): Authorize Access to Security Functions, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-6 (1): Authorize Access to Security Functions. Applicable to MODERATE impact and HIGH impact systems. |
ID | TIP_ref9 |
TIP NIST SP 800-53 r4 Security Control AC-6 (2): Non-Privileged Access for Nonsecurity Functions, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-6 (2): Non-Privileged Access for Nonsecurity Functions. Applicable to MODERATE impact and HIGH impact systems. |
ID | TIP_ref10 |
TIP NIST SP 800-53 r4 Security Control AC-6 (3): Network Access to Privileged Commands, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-6 (3): Network Access to Privileged Commands. Applicable to HIGH impact systems. |
ID | TIP_ref11 |
TIP NIST SP 800-53 r4 Security Control AC-6 (5): Privileged Accounts, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-6 (5): Privileged Accounts. Applicable to MODERATE impact and HIGH impact systems. |
ID | TIP_ref12 |
TIP NIST SP 800-53 r4 Security Control AC-6 (9): Auditing Use of Privileged Functions, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-6 (9): Auditing Use of Privileged Functions. Applicable to MODERATE impact and HIGH impact systems. |
ID | TIP_ref13 |
TIP NIST SP 800-53 r4 Security Control AC-6 (10): Prohibit Non-Privileged Users from Executing Privileged Functions, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-6 (10): Prohibit Non-Privileged Users from Executing Privileged Functions. Applicable to MODERATE impact and HIGH impact systems. |
ID | TIP_ref14 |
TIP NIST SP 800-53 r4 Security Control AC-7: Unsuccessful Logon Attempts, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-7: Unsuccessful Logon Attempts. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
ID | TIP_ref15 |
TIP NIST SP 800-53 r4 Security Control AC-10: Concurrent Session Control, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-10: Concurrent Session Control. Applicable to HIGH impact systems. |
ID | TIP_ref16 |
TIP NIST SP 800-53 r4 Security Control AC-11: Session Lock, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-11: Session Lock. Applicable to MODERATE impact and HIGH impact systems. |
ID | TIP_ref17 |
TIP NIST SP 800-53 r4 Security Control AC-11 (1): Pattern-Hiding Displays, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-11 (1): Pattern-Hiding Displays. Applicable to MODERATE impact and HIGH impact systems. |
ID | TIP_ref18 |
TIP NIST SP 800-53 r4 Security Control AC-12: Session Termination, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-12: Session Termination. Applicable to MODERATE impact and HIGH impact systems. |
ID | TIP_ref19 |
TIP NIST SP 800-53 r4 Security Control AC-14: Permitted Actions Without Identification or Authentication, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-14: Permitted Actions Without Identification or Authentication. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
ID | TIP_ref20 |
TIP NIST SP 800-53 r4 Security Control AC-17 (1): Automated Monitoring / Control, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-17 (1): Automated Monitoring / Control. Applicable to MODERATE impact and HIGH impact systems. |
ID | TIP_ref21 |
TIP NIST SP 800-53 r4 Security Control AC-17 (2): Protection of Confidentiality / Integrity Using Encryption, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-17 (2): Protection of Confidentiality / Integrity Using Encryption. Applicable to MODERATE impact and HIGH impact systems. |
ID | TIP_ref22 |
TIP NIST SP 800-53 r4 Security Control AC-17 (3): Managed Access Control Points, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-17 (3): Managed Access Control Points. Applicable to MODERATE impact and HIGH impact systems. |
ID | TIP_ref23 |
TIP NIST SP 800-53 r4 Security Control AC-17 (4): Privileged Commands / Access, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-17 (4): Privileged Commands / Access. Applicable to MODERATE impact and HIGH impact systems. |
ID | TIP_ref24 |
TIP NIST SP 800-53 r4 Security Control AC-18 (1): Authentication and Encryption, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-18 (1): Authentication and Encryption. Applicable to MODERATE impact and HIGH impact systems. |
ID | TIP_ref25 |
TIP NIST SP 800-53 r4 Security Control AC-18 (4): Restrict Configurations by Users, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-18 (4): Restrict Configurations by Users. Applicable to HIGH impact systems. |
ID | TIP_ref26 |
TIP NIST SP 800-53 r4 Security Control AC-18 (5): Antennas / Transmission Power Levels, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-18 (5): Antennas / Transmission Power Levels. Applicable to HIGH impact systems. |
ID | TIP_ref27 |
TIP NIST SP 800-53 r4 Security Control AC-19 (5): Full Device / Container-Based Encryption, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-19 (5): Full Device / Container-Based Encryption. Applicable to MODERATE impact and HIGH impact systems. |
ID | TIP_ref28 |
TIP NIST SP 800-53 r4 Security Control AC-20 (1): Limits on Authorized Use, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-20 (1): Limits on Authorized Use. Applicable to MODERATE impact and HIGH impact systems. |
ID | TIP_ref29 |
TIP NIST SP 800-53 r4 Security Control AC-20 (2): Portable Storage Devices, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-20 (2): Portable Storage Devices. Applicable to MODERATE impact and HIGH impact systems. |
ID | TIP_ref30 |
TIP NIST SP 800-53 r4 Security Control AC-21: Information Sharing, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-21: Information Sharing. Applicable to MODERATE impact and HIGH impact systems. |
ID | TIP_ref31 |
TIP NIST SP 800-53 r4 Security Control AC-22: Publicly Accessible Content, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-22: Publicly Accessible Content. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
ID | TIP_ref32 |
TIP NIST SP 800-53 r4 Security Control AT-2 (2): Insider Threat, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AT-2 (2): Insider Threat. Applicable to MODERATE impact and HIGH impact systems. |
ID | TIP_ref33 |
TIP NIST SP 800-53 r4 Security Control AT-4: Security Training Records, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AT-4: Security Training Records. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
ID | TIP_ref34 |
TIP NIST SP 800-53 r4 Security Control AU-2 (3): Reviews and Updates, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AU-2 (3): Reviews and Updates. Applicable to MODERATE impact and HIGH impact systems. |
ID | TIP_ref35 |
TIP NIST SP 800-53 r4 Security Control AU-3 (1): Additional Audit Information, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AU-3 (1): Additional Audit Information. Applicable to MODERATE impact and HIGH impact systems. |
ID | TIP_ref36 |
TIP NIST SP 800-53 r4 Security Control AU-3 (2): Centralized Management of Planned Audit Record Content, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AU-3 (2): Centralized Management of Planned Audit Record Content. Applicable to HIGH impact systems. |
ID | TIP_ref37 |
TIP NIST SP 800-53 r4 Security Control AU-5 (1): Audit Storage Capacity, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AU-5 (1): Audit Storage Capacity. Applicable to HIGH impact systems. |
ID | TIP_ref38 |
TIP NIST SP 800-53 r4 Security Control AU-5 (2): Real-Time Alerts, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AU-5 (2): Real-Time Alerts. Applicable to HIGH impact systems. |
ID | TIP_ref39 |
TIP NIST SP 800-53 r4 Security Control AU-6 (1): Process Integration, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AU-6 (1): Process Integration. Applicable to MODERATE impact and HIGH impact systems. |
ID | TIP_ref40 |
TIP NIST SP 800-53 r4 Security Control AU-6 (3): Correlate Audit Repositories, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AU-6 (3): Correlate Audit Repositories. Applicable to MODERATE impact and HIGH impact systems. |
ID | TIP_ref41 |
TIP NIST SP 800-53 r4 Security Control AU-6 (5): Integration / Scanning and Monitoring Capabilities, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AU-6 (5): Integration / Scanning and Monitoring Capabilities. Applicable to HIGH impact systems. |
ID | TIP_ref42 |
TIP NIST SP 800-53 r4 Security Control AU-6 (6): Correlation with Physical Monitoring, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AU-6 (6): Correlation with Physical Monitoring. Applicable to HIGH impact systems. |
ID | TIP_ref43 |
TIP NIST SP 800-53 r4 Security Control AU-7: Audit Reduction and Report Generation, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AU-7: Audit Reduction and Report Generation. Applicable to MODERATE impact and HIGH impact systems. |
ID | TIP_ref44 |
TIP NIST SP 800-53 r4 Security Control AU-7 (1): Automatic Processing, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AU-7 (1): Automatic Processing. Applicable to MODERATE impact and HIGH impact systems. |
ID | TIP_ref45 |
TIP NIST SP 800-53 r4 Security Control AU-8 (1): Synchronization with Authoritative Time Source, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AU-8 (1): Synchronization with Authoritative Time Source. Applicable to MODERATE impact and HIGH impact systems. |
ID | TIP_ref46 |
TIP NIST SP 800-53 r4 Security Control AU-9 (2): Audit Backup on Separate Physical Systems / Components, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AU-9 (2): Audit Backup on Separate Physical Systems / Components. Applicable to HIGH impact systems. |
ID | TIP_ref47 |
TIP NIST SP 800-53 r4 Security Control AU-9 (3): Cryptographic Protection, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AU-9 (3): Cryptographic Protection. Applicable to HIGH impact systems. |
ID | TIP_ref48 |
TIP NIST SP 800-53 r4 Security Control AU-9 (4): Access by Subset of Privileged Users, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AU-9 (4): Access by Subset of Privileged Users. Applicable to MODERATE impact and HIGH impact systems. |
ID | TIP_ref49 |
TIP NIST SP 800-53 r4 Security Control AU-10: Non-Repudiation, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AU-10: Non-Repudiation. Applicable to HIGH impact systems. |
ID | TIP_ref50 |
TIP NIST SP 800-53 r4 Security Control AU-11: Audit Record Retention, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AU-11: Audit Record Retention. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
ID | TIP_ref51 |
TIP NIST SP 800-53 r4 Security Control AU-12 (1): System-Wide / Time-Correlated Audit Trail, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AU-12 (1): System-Wide / Time-Correlated Audit Trail. Applicable to HIGH impact systems. |
ID | TIP_ref52 |
TIP NIST SP 800-53 r4 Security Control AU-12 (3): Changes by Authorized Individuals, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AU-12 (3): Changes by Authorized Individuals. Applicable to HIGH impact systems. |
ID | TIP_ref53 |
TIP NIST SP 800-53 r4 Security Control CA-2: Security Assessments, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CA-2: Security Assessments. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
ID | TIP_ref54 |
TIP NIST SP 800-53 r4 Security Control CA-2 (1): Independent Assessors, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CA-2 (1): Independent Assessors. Applicable to MODERATE impact and HIGH impact systems. |
ID | TIP_ref55 |
TIP NIST SP 800-53 r4 Security Control CA-2 (2): Specialized Assessments, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CA-2 (2): Specialized Assessments. Applicable to HIGH impact systems. |
ID | TIP_ref56 |
TIP NIST SP 800-53 r4 Security Control CA-3 (5): Restrictions on External System Connections, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CA-3 (5): Restrictions on External System Connections. Applicable to MODERATE impact and HIGH impact systems. |
ID | TIP_ref57 |
TIP NIST SP 800-53 r4 Security Control CA-5: Plan of Action and Milestones, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CA-5: Plan of Action and Milestones. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
ID | TIP_ref58 |
TIP NIST SP 800-53 r4 Security Control CA-6: Security Authorization, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CA-6: Security Authorization. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
ID | TIP_ref59 |
TIP NIST SP 800-53 r4 Security Control CA-7: Continuous Monitoring, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CA-7: Continuous Monitoring. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
ID | TIP_ref60 |
TIP NIST SP 800-53 r4 Security Control CA-7 (1): Independent Assessment, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CA-7 (1): Independent Assessment. Applicable to MODERATE impact and HIGH impact systems. |
ID | TIP_ref61 |
TIP NIST SP 800-53 r4 Security Control CA-8: Penetration Testing, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CA-8: Penetration Testing. Applicable to HIGH impact systems. |
ID | TIP_ref62 |
TIP NIST SP 800-53 r4 Security Control CA-9: Internal System Connections, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CA-9: Internal System Connections. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
ID | TIP_ref63 |
TIP NIST SP 800-53 r4 Security Control CM-2 (1): Reviews and Updates, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-2 (1): Reviews and Updates. Applicable to MODERATE impact and HIGH impact systems. |
ID | TIP_ref64 |
TIP NIST SP 800-53 r4 Security Control CM-2 (2): Automation Support for Accuracy / Currency, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-2 (2): Automation Support for Accuracy / Currency. Applicable to HIGH impact systems. |
ID | TIP_ref65 |
TIP NIST SP 800-53 r4 Security Control CM-2 (3): Retention of Previous Configurations, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-2 (3): Retention of Previous Configurations. Applicable to MODERATE impact and HIGH impact systems. |
ID | TIP_ref66 |
TIP NIST SP 800-53 r4 Security Control CM-2 (7): Configure Systems, Components, or Devices for High-Risk Areas, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-2 (7): Configure Systems, Components, or Devices for High-Risk Areas. Applicable to MODERATE impact and HIGH impact systems. |
ID | TIP_ref67 |
TIP NIST SP 800-53 r4 Security Control CM-3 (1): Automated Document / Notification / Prohibition of Changes, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-3 (1): Automated Document / Notification / Prohibition of Changes. Applicable to HIGH impact systems. |
ID | TIP_ref68 |
TIP NIST SP 800-53 r4 Security Control CM-3 (2): Test / Validate / Document Changes, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-3 (2): Test / Validate / Document Changes. Applicable to MODERATE impact and HIGH impact systems. |
ID | TIP_ref69 |
TIP NIST SP 800-53 r4 Security Control CM-4: Security Impact Analysis, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-4: Security Impact Analysis. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
ID | TIP_ref70 |
TIP NIST SP 800-53 r4 Security Control CM-4 (1): Separate Test Environments, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-4 (1): Separate Test Environments. Applicable to HIGH impact systems. |
ID | TIP_ref71 |
TIP NIST SP 800-53 r4 Security Control CM-5 (1): Automated Access Enforcement / Auditing, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-5 (1): Automated Access Enforcement / Auditing. Applicable to HIGH impact systems. |
ID | TIP_ref72 |
TIP NIST SP 800-53 r4 Security Control CM-5 (2): Review System Changes, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-5 (2): Review System Changes. Applicable to HIGH impact systems. |
ID | TIP_ref73 |
TIP NIST SP 800-53 r4 Security Control CM-5 (3): Signed Components, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-5 (3): Signed Components. Applicable to HIGH impact systems. |
ID | TIP_ref74 |
TIP NIST SP 800-53 r4 Security Control CM-6 (1): Automated Central Management / Application / Verification, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-6 (1): Automated Central Management / Application / Verification. Applicable to HIGH impact systems. |
ID | TIP_ref75 |
TIP NIST SP 800-53 r4 Security Control CM-6 (2): Respond to Unauthorized Changes, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-6 (2): Respond to Unauthorized Changes. Applicable to HIGH impact systems. |
ID | TIP_ref76 |
TIP NIST SP 800-53 r4 Security Control CM-7 (1): Periodic Review, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-7 (1): Periodic Review. Applicable to MODERATE impact and HIGH impact systems. |
ID | TIP_ref77 |
TIP NIST SP 800-53 r4 Security Control CM-7 (2): Prevent Program Execution, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-7 (2): Prevent Program Execution. Applicable to MODERATE impact and HIGH impact systems. |
ID | TIP_ref78 |
TIP NIST SP 800-53 r4 Security Control CM-7 (5): Authorized Software / Whitelisting, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-7 (5): Authorized Software / Whitelisting. Applicable to HIGH impact systems. |
ID | TIP_ref79 |
TIP NIST SP 800-53 r4 Security Control CM-8 (1): Updates During Installations / Removals, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-8 (1): Updates During Installations / Removals. Applicable to MODERATE impact and HIGH impact systems. |
ID | TIP_ref80 |
TIP NIST SP 800-53 r4 Security Control CM-8 (2): Automated Maintenance, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-8 (2): Automated Maintenance. Applicable to HIGH impact systems. |
ID | TIP_ref81 |
TIP NIST SP 800-53 r4 Security Control CM-8 (3): Automated Unauthorized Component Detection, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-8 (3): Automated Unauthorized Component Detection. Applicable to MODERATE impact and HIGH impact systems. |
ID | TIP_ref82 |
TIP NIST SP 800-53 r4 Security Control CM-8 (4): Accountability Information, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-8 (4): Accountability Information. Applicable to HIGH impact systems. |
ID | TIP_ref83 |
TIP NIST SP 800-53 r4 Security Control CM-8 (5): No Duplicate Accounting of Components, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-8 (5): No Duplicate Accounting of Components. Applicable to MODERATE impact and HIGH impact systems. |
ID | TIP_ref84 |
TIP NIST SP 800-53 r4 Security Control CM-10: Software Usage Restrictions, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-10: Software Usage Restrictions. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
ID | TIP_ref85 |
TIP NIST SP 800-53 r4 Security Control CP-3: Contingency Training, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CP-3: Contingency Training. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
ID | TIP_ref86 |
TIP NIST SP 800-53 r4 Security Control CP-4: Contingency Plan Testing, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CP-4: Contingency Plan Testing. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
ID | TIP_ref87 |
TIP NIST SP 800-53 r4 Security Control IA-2 (1): Network Access to Privileged Accounts, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control IA-2 (1): Network Access to Privileged Accounts. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
ID | TIP_ref88 |
TIP NIST SP 800-53 r4 Security Control IA-2 (2): Network Access to Non-Privileged Accounts, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control IA-2 (2): Network Access to Non-Privileged Accounts. Applicable to MODERATE impact and HIGH impact systems. |
ID | TIP_ref89 |
TIP NIST SP 800-53 r4 Security Control IA-2 (3): Local Access to Privileged Accounts, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control IA-2 (3): Local Access to Privileged Accounts. Applicable to MODERATE impact and HIGH impact systems. |
ID | TIP_ref90 |
TIP NIST SP 800-53 r4 Security Control IA-2 (4): Local Access to Non-Privileged Accounts, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control IA-2 (4): Local Access to Non-Privileged Accounts. Applicable to HIGH impact systems. |
ID | TIP_ref91 |
TIP NIST SP 800-53 r4 Security Control IA-2 (8): Network Access to Privileged Accounts - Replay Resistant, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control IA-2 (8): Network Access to Privileged Accounts - Replay Resistant. Applicable to MODERATE impact and HIGH impact systems. |
ID | TIP_ref92 |
TIP NIST SP 800-53 r4 Security Control IA-2 (9): Network Access to Non-Privileged Accounts - Replay Resistant, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control IA-2 (9): Network Access to Non-Privileged Accounts - Replay Resistant. Applicable to HIGH impact systems. |
ID | TIP_ref93 |
TIP NIST SP 800-53 r4 Security Control IA-2 (11): Remote Access - Separate Device, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control IA-2 (11): Remote Access - Separate Device. Applicable to MODERATE impact and HIGH impact systems. |
ID | TIP_ref94 |
TIP NIST SP 800-53 r4 Security Control IA-2 (12): Acceptance of PIV Credentials, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control IA-2 (12): Acceptance of PIV Credentials. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
ID | TIP_ref95 |
TIP NIST SP 800-53 r4 Security Control IA-5 (1): Password-Based Authentication, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control IA-5 (1): Password-Based Authentication. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
ID | TIP_ref96 |
TIP NIST SP 800-53 r4 Security Control IA-5 (2): PKI-Based Authentication, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control IA-5 (2): PKI-Based Authentication. Applicable to MODERATE impact and HIGH impact systems. |
ID | TIP_ref97 |
TIP NIST SP 800-53 r4 Security Control IA-5 (3): In-Person or Trusted Third-Party Registration, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control IA-5 (3): In-Person or Trusted Third-Party Registration. Applicable to MODERATE impact and HIGH impact systems. |
ID | TIP_ref98 |
TIP NIST SP 800-53 r4 Security Control IA-5 (11): Hardware Token-Based Authentication, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control IA-5 (11): Hardware Token-Based Authentication. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
ID | TIP_ref99 |
TIP NIST SP 800-53 r4 Security Control IA-6: Authenticator Feedback, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control IA-6: Authenticator Feedback. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
ID | TIP_ref100 |
TIP NIST SP 800-53 r4 Security Control IA-8 (1): Acceptance of PIV Credentials from Other Agencies, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control IA-8 (1): Acceptance of PIV Credentials from Other Agencies. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
ID | TIP_ref101 |
TIP NIST SP 800-53 r4 Security Control IA-8 (2): Acceptance of Third-Party Credentials, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control IA-8 (2): Acceptance of Third-Party Credentials. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
ID | TIP_ref102 |
TIP NIST SP 800-53 r4 Security Control IA-8 (3): Use of FICAM-Approved Products, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control IA-8 (3): Use of FICAM-Approved Products. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
ID | TIP_ref103 |
TIP NIST SP 800-53 r4 Security Control IA-8 (4): Use of FICAM-Issued Profiles, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control IA-8 (4): Use of FICAM-Issued Profiles. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
ID | TIP_ref104 |
TIP NIST SP 800-53 r4 Security Control IR-2: Incident Response Training, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control IR-2: Incident Response Training. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
ID | TIP_ref105 |
TIP NIST SP 800-53 r4 Security Control IR-2 (1): Simulated Events, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control IR-2 (1): Simulated Events. Applicable to HIGH impact systems. |
ID | TIP_ref106 |
TIP NIST SP 800-53 r4 Security Control IR-2 (2): Automated Training Environments, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control IR-2 (2): Automated Training Environments. Applicable to HIGH impact systems. |
ID | TIP_ref107 |
TIP NIST SP 800-53 r4 Security Control IR-3: Incident Response Testing, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control IR-3: Incident Response Testing. Applicable to MODERATE impact and HIGH impact systems. |
ID | TIP_ref108 |
TIP NIST SP 800-53 r4 Security Control IR-3 (2): Coordination with Related Plans, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control IR-3 (2): Coordination with Related Plans. Applicable to MODERATE impact and HIGH impact systems. |
ID | TIP_ref109 |
TIP NIST SP 800-53 r4 Security Control IR-4 (1): Automated Incident Handling Processes, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control IR-4 (1): Automated Incident Handling Processes. Applicable to MODERATE impact and HIGH impact systems. |
ID | TIP_ref110 |
TIP NIST SP 800-53 r4 Security Control IR-4 (4): Information Correlation, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control IR-4 (4): Information Correlation. Applicable to HIGH impact systems. |
ID | TIP_ref111 |
TIP NIST SP 800-53 r4 Security Control IR-5 (1): Automated Tracking / Data Collection / Analysis, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control IR-5 (1): Automated Tracking / Data Collection / Analysis. Applicable to HIGH impact systems. |
ID | TIP_ref112 |
TIP NIST SP 800-53 r4 Security Control IR-6 (1): Automated Reporting, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control IR-6 (1): Automated Reporting. Applicable to MODERATE impact and HIGH impact systems. |
ID | TIP_ref113 |
TIP NIST SP 800-53 r4 Security Control IR-7: Incident Response Assistance, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control IR-7: Incident Response Assistance. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
ID | TIP_ref114 |
TIP NIST SP 800-53 r4 Security Control IR-7 (1): Automation Support for Availability of Information / Support, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control IR-7 (1): Automation Support for Availability of Information / Support. Applicable to MODERATE impact and HIGH impact systems. |
ID | TIP_ref115 |
TIP NIST SP 800-53 r4 Security Control MA-2: Controlled Maintenance, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control MA-2: Controlled Maintenance. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
ID | TIP_ref116 |
TIP NIST SP 800-53 r4 Security Control MA-2 (2): Automated Maintenance Activities, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control MA-2 (2): Automated Maintenance Activities. Applicable to HIGH impact systems. |
ID | TIP_ref117 |
TIP NIST SP 800-53 r4 Security Control MA-3: Maintenance Tools, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control MA-3: Maintenance Tools. Applicable to MODERATE impact and HIGH impact systems. |
ID | TIP_ref118 |
TIP NIST SP 800-53 r4 Security Control MA-3 (1): Inspect Tools, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control MA-3 (1): Inspect Tools. Applicable to MODERATE impact and HIGH impact systems. |
ID | TIP_ref119 |
TIP NIST SP 800-53 r4 Security Control MA-3 (2): Inspect Media, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control MA-3 (2): Inspect Media. Applicable to MODERATE impact and HIGH impact systems. |
ID | TIP_ref120 |
TIP NIST SP 800-53 r4 Security Control MA-3 (3): Prevent Unauthorized Removal, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control MA-3 (3): Prevent Unauthorized Removal. Applicable to HIGH impact systems. |
ID | TIP_ref121 |
TIP NIST SP 800-53 r4 Security Control MA-4: Nonlocal Maintenance, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control MA-4: Nonlocal Maintenance. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
ID | TIP_ref122 |
TIP NIST SP 800-53 r4 Security Control MA-4 (2): Document Nonlocal Maintenance, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control MA-4 (2): Document Nonlocal Maintenance. Applicable to MODERATE impact and HIGH impact systems. |
ID | TIP_ref123 |
TIP NIST SP 800-53 r4 Security Control MA-4 (3): Comparable Security / Sanitization, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control MA-4 (3): Comparable Security / Sanitization. Applicable to HIGH impact systems. |
ID | TIP_ref124 |
TIP NIST SP 800-53 r4 Security Control MA-5: Maintenance Personnel, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control MA-5: Maintenance Personnel. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
ID | TIP_ref125 |
TIP NIST SP 800-53 r4 Security Control MA-5 (1): Individuals Without Appropriate Access, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control MA-5 (1): Individuals Without Appropriate Access. Applicable to HIGH impact systems. |
ID | TIP_ref126 |
TIP NIST SP 800-53 r4 Security Control MP-3: Media Marking, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control MP-3: Media Marking. Applicable to MODERATE impact and HIGH impact systems. |
ID | TIP_ref127 |
TIP NIST SP 800-53 r4 Security Control MP-5 (4): Cryptographic Protection, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control MP-5 (4): Cryptographic Protection. Applicable to MODERATE impact and HIGH impact systems. |
ID | TIP_ref128 |
TIP NIST SP 800-53 r4 Security Control MP-6 (1): Review / Approve / Track / Document / Verify, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control MP-6 (1): Review / Approve / Track / Document / Verify. Applicable to HIGH impact systems. |
ID | TIP_ref129 |
TIP NIST SP 800-53 r4 Security Control MP-6 (2): Equipment Testing, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control MP-6 (2): Equipment Testing. Applicable to HIGH impact systems. |
ID | TIP_ref130 |
TIP NIST SP 800-53 r4 Security Control MP-6 (3): Nondestructive Techniques, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control MP-6 (3): Nondestructive Techniques. Applicable to HIGH impact systems. |
ID | TIP_ref131 |
TIP NIST SP 800-53 r4 Security Control MP-7 (1): Prohibit Use Without Owner, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control MP-7 (1): Prohibit Use Without Owner. Applicable to MODERATE impact and HIGH impact systems. |
ID | TIP_ref132 |
TIP NIST SP 800-53 r4 Security Control PE-3 (1): Information System Access, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control PE-3 (1): Information System Access. Applicable to HIGH impact systems. |
ID | TIP_ref133 |
TIP NIST SP 800-53 r4 Security Control PE-5: Access Control for Output Devices, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control PE-5: Access Control for Output Devices. Applicable to MODERATE impact and HIGH impact systems. |
ID | TIP_ref134 |
TIP NIST SP 800-53 r4 Security Control PE-6 (1): Intrusion Alarms / Surveillance Equipment, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control PE-6 (1): Intrusion Alarms / Surveillance Equipment. Applicable to MODERATE impact and HIGH impact systems. |
ID | TIP_ref135 |
TIP NIST SP 800-53 r4 Security Control PE-6 (4): Monitoring Physical Access to Information Systems, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control PE-6 (4): Monitoring Physical Access to Information Systems. Applicable to HIGH impact systems. |
ID | TIP_ref136 |
TIP NIST SP 800-53 r4 Security Control PE-8: Visitor Access Records, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control PE-8: Visitor Access Records. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
ID | TIP_ref137 |
TIP NIST SP 800-53 r4 Security Control PE-8 (1): Automated Records Maintenance / Review, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control PE-8 (1): Automated Records Maintenance / Review. Applicable to HIGH impact systems. |
ID | TIP_ref138 |
TIP NIST SP 800-53 r4 Security Control PE-16: Delivery and Removal, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control PE-16: Delivery and Removal. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
ID | TIP_ref139 |
TIP NIST SP 800-53 r4 Security Control PE-17: Alternate Work Site, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control PE-17: Alternate Work Site. Applicable to MODERATE impact and HIGH impact systems. |
ID | TIP_ref140 |
TIP NIST SP 800-53 r4 Security Control PE-18: Location of Information System Components, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control PE-18: Location of Information System Components. Applicable to HIGH impact systems. |
ID | TIP_ref141 |
TIP NIST SP 800-53 r4 Security Control PL-2 (3): Plan / Coordinate with Other Organizational Entities, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control PL-2 (3): Plan / Coordinate with Other Organizational Entities. Applicable to MODERATE impact and HIGH impact systems. |
ID | TIP_ref142 |
TIP NIST SP 800-53 r4 Security Control PL-4: Rules of Behavior, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control PL-4: Rules of Behavior. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
ID | TIP_ref143 |
TIP NIST SP 800-53 r4 Security Control PL-4 (1): Social Media and Networking Restrictions, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control PL-4 (1): Social Media and Networking Restrictions. Applicable to MODERATE impact and HIGH impact systems. |
ID | TIP_ref144 |
TIP NIST SP 800-53 r4 Security Control PS-4 (2): Automated Notification, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control PS-4 (2): Automated Notification. Applicable to HIGH impact systems. |
ID | TIP_ref145 |
TIP NIST SP 800-53 r4 Security Control PS-5: Personnel Transfer, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control PS-5: Personnel Transfer. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
ID | TIP_ref146 |
TIP NIST SP 800-53 r4 Security Control PS-6: Access Agreements, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control PS-6: Access Agreements. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
ID | TIP_ref147 |
TIP NIST SP 800-53 r4 Security Control PS-8: Personnel Sanctions, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control PS-8: Personnel Sanctions. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
ID | TIP_ref148 |
TIP NIST SP 800-53 r4 Security Control RA-5 (1): Update Tool Capability, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control RA-5 (1): Update Tool Capability. Applicable to MODERATE impact and HIGH impact systems. |
ID | TIP_ref149 |
TIP NIST SP 800-53 r4 Security Control RA-5 (2): Update by Frequency / Prior to New Scan / When Identified, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control RA-5 (2): Update by Frequency / Prior to New Scan / When Identified. Applicable to MODERATE impact and HIGH impact systems. |
ID | TIP_ref150 |
TIP NIST SP 800-53 r4 Security Control RA-5 (4): Discoverable Information, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control RA-5 (4): Discoverable Information. Applicable to HIGH impact systems. |
ID | TIP_ref151 |
TIP NIST SP 800-53 r4 Security Control RA-5 (5): Privileged Access, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control RA-5 (5): Privileged Access. Applicable to MODERATE impact and HIGH impact systems. |
ID | TIP_ref152 |
TIP NIST SP 800-53 r4 Security Control SA-4 (1): Functional Properties of Security Controls, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SA-4 (1): Functional Properties of Security Controls. Applicable to MODERATE impact and HIGH impact systems. |
ID | TIP_ref153 |
TIP NIST SP 800-53 r4 Security Control SA-4 (2): Design / Implementation Information for Security Controls, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SA-4 (2): Design / Implementation Information for Security Controls. Applicable to MODERATE impact and HIGH impact systems. |
ID | TIP_ref154 |
TIP NIST SP 800-53 r4 Security Control SA-4 (9): Functions / Ports / Protocols / Services in Use, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SA-4 (9): Functions / Ports / Protocols / Services in Use. Applicable to MODERATE impact and HIGH impact systems. |
ID | TIP_ref155 |
TIP NIST SP 800-53 r4 Security Control SA-4 (10): Use of Approved PIV Products, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SA-4 (10): Use of Approved PIV Products. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
ID | TIP_ref156 |
TIP NIST SP 800-53 r4 Security Control SA-5: Information System Documentation, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SA-5: Information System Documentation. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
ID | TIP_ref157 |
TIP NIST SP 800-53 r4 Security Control SA-9 (2): Identification of Functions / Ports / Protocols / Services, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SA-9 (2): Identification of Functions / Ports / Protocols / Services. Applicable to MODERATE impact and HIGH impact systems. |
ID | TIP_ref158 |
TIP NIST SP 800-53 r4 Security Control SA-15: Development Process, Standards, and Tools, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SA-15: Development Process, Standards, and Tools. Applicable to HIGH impact systems. |
ID | TIP_ref159 |
TIP NIST SP 800-53 r4 Security Control SA-16: Developer-Provided Training, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SA-16: Developer-Provided Training. Applicable to HIGH impact systems. |
ID | TIP_ref160 |
TIP NIST SP 800-53 r4 Security Control SC-7 (3): Access Points, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SC-7 (3): Access Points. Applicable to MODERATE impact and HIGH impact systems. |
ID | TIP_ref161 |
TIP NIST SP 800-53 r4 Security Control SC-7 (4): External Telecommunications Services, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SC-7 (4): External Telecommunications Services. Applicable to MODERATE impact and HIGH impact systems. |
ID | TIP_ref162 |
TIP NIST SP 800-53 r4 Security Control SC-7 (5): Deny by Default / Allow by Exception, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SC-7 (5): Deny by Default / Allow by Exception. Applicable to MODERATE impact and HIGH impact systems. |
ID | TIP_ref163 |
TIP NIST SP 800-53 r4 Security Control SC-7 (7): Prevent Split Tunneling for Remote Devices, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SC-7 (7): Prevent Split Tunneling for Remote Devices. Applicable to MODERATE impact and HIGH impact systems. |
ID | TIP_ref164 |
TIP NIST SP 800-53 r4 Security Control SC-7 (8): Route Traffic to Authenticated Proxy Servers, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SC-7 (8): Route Traffic to Authenticated Proxy Servers. Applicable to HIGH impact systems. |
ID | TIP_ref165 |
TIP NIST SP 800-53 r4 Security Control SC-7 (18): Fail Secure, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SC-7 (18): Fail Secure. Applicable to HIGH impact systems. |
ID | TIP_ref166 |
TIP NIST SP 800-53 r4 Security Control SC-7 (21): Isolation of Information System Components, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SC-7 (21): Isolation of Information System Components. Applicable to HIGH impact systems. |
ID | TIP_ref167 |
TIP NIST SP 800-53 r4 Security Control SC-8 (1): Cryptographic or Alternate Physical Protection, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SC-8 (1): Cryptographic or Alternate Physical Protection. Applicable to MODERATE impact and HIGH impact systems. |
ID | TIP_ref168 |
TIP NIST SP 800-53 r4 Security Control SC-10: Network Disconnect, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SC-10: Network Disconnect. Applicable to MODERATE impact and HIGH impact systems. |
ID | TIP_ref169 |
TIP NIST SP 800-53 r4 Security Control SC-12 (1): Availability, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SC-12 (1): Availability. Applicable to HIGH impact systems. |
ID | TIP_ref170 |
TIP NIST SP 800-53 r4 Security Control SC-18: Mobile Code, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SC-18: Mobile Code. Applicable to MODERATE impact and HIGH impact systems. |
ID | TIP_ref171 |
TIP NIST SP 800-53 r4 Security Control SI-2 (1): Central Management, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SI-2 (1): Central Management. Applicable to HIGH impact systems. |
ID | TIP_ref172 |
TIP NIST SP 800-53 r4 Security Control SI-2 (2): Automated Flaw Remediation Status, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SI-2 (2): Automated Flaw Remediation Status. Applicable to MODERATE impact and HIGH impact systems. |
ID | TIP_ref173 |
TIP NIST SP 800-53 r4 Security Control SI-3 (1): Central Management, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SI-3 (1): Central Management. Applicable to MODERATE impact and HIGH impact systems. |
ID | TIP_ref174 |
TIP NIST SP 800-53 r4 Security Control SI-3 (2): Automatic Updates, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SI-3 (2): Automatic Updates. Applicable to MODERATE impact and HIGH impact systems. |
ID | TIP_ref175 |
TIP NIST SP 800-53 r4 Security Control SI-4 (2): Automated Tools for Real-Time Analysis, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SI-4 (2): Automated Tools for Real-Time Analysis. Applicable to MODERATE impact and HIGH impact systems. |
ID | TIP_ref176 |
TIP NIST SP 800-53 r4 Security Control SI-4 (4): Inbound and Outbound Communications Traffic, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SI-4 (4): Inbound and Outbound Communications Traffic. Applicable to MODERATE impact and HIGH impact systems. |
ID | TIP_ref177 |
TIP NIST SP 800-53 r4 Security Control SI-4 (5): System-Generated Alerts, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SI-4 (5): System-Generated Alerts. Applicable to MODERATE impact and HIGH impact systems. |
ID | TIP_ref178 |
TIP NIST SP 800-53 r4 Security Control SI-5 (1): Automated Alerts and Advisories, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SI-5 (1): Automated Alerts and Advisories. Applicable to HIGH impact systems. |
ID | TIP_ref179 |
TIP NIST SP 800-53 r4 Security Control SI-7 (1): Integrity Checks, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SI-7 (1): Integrity Checks. Applicable to MODERATE impact and HIGH impact systems. |
ID | TIP_ref180 |
TIP NIST SP 800-53 r4 Security Control SI-7 (2): Automated Notifications of Integrity Violations, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SI-7 (2): Automated Notifications of Integrity Violations. Applicable to HIGH impact systems. |
ID | TIP_ref181 |
TIP NIST SP 800-53 r4 Security Control SI-7 (5): Automated Response to Integrity Violations, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SI-7 (5): Automated Response to Integrity Violations. Applicable to HIGH impact systems. |
ID | TIP_ref182 |
TIP NIST SP 800-53 r4 Security Control SI-7 (7): Integration of Detection and Response, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SI-7 (7): Integration of Detection and Response. Applicable to MODERATE impact and HIGH impact systems. |
ID | TIP_ref183 |
TIP NIST SP 800-53 r4 Security Control SI-7 (14): Binary or Machine Executable Code, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SI-7 (14): Binary or Machine Executable Code. Applicable to HIGH impact systems. |
ID | TIP_ref184 |
TIP NIST SP 800-53 r4 Security Control SI-8: Spam Protection, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SI-8: Spam Protection. Applicable to MODERATE impact and HIGH impact systems. |
ID | TIP_ref185 |
TIP NIST SP 800-53 r4 Security Control SI-8 (1): Central Management, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SI-8 (1): Central Management. Applicable to MODERATE impact and HIGH impact systems. |
ID | TIP_ref186 |
TIP NIST SP 800-53 r4 Security Control SI-8 (2): Automatic Updates, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SI-8 (2): Automatic Updates. Applicable to MODERATE impact and HIGH impact systems. |
ID | TIP_ref187 |
TIP NIST SP 800-53 r4 Security Control SI-11: Error Handling, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SI-11: Error Handling. Applicable to MODERATE impact and HIGH impact systems. |
ID | TIP_ref188 |
TIP NIST SP 800-53 r4 Security Control SI-12: Information Handling and Retention, v4 | |
---|---|
Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SI-12: Information Handling and Retention. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
ID | TIP_ref189 |
Sources (1)
SP800-53R4 | NIST Special Publication 800-53 Revision 4, Security and Privacy Controls for Federal Information Systems and Organizations, National Institute of Standards and Technology, April 2013 (Includes updates as of 01-15-2014). Available at http://dx.doi.org/10.6028/NIST.SP.800-53r4. |
Terms (1)
Term Name | Abbreviations | Definition |
---|---|---|
Null Term | Null | Just a spreadsheet test. |