NIEF Ideal Set of Security Controls for Systems with a MODERATE-MODERATE-MODERATE Risk Profile, v1.0
Ideal profile of security controls from NIST Special Publication 800-53 r4 for systems that need to operate at a MODERATE-MODERATE-MODERATE impact level, as recommended by NIEF. Pertains to systems that operate at MODERATE confidentiality, MODERATE integrity, and MODERATE availability. Includes all applicable security controls from NIST SP 800-53 r4, regardless of Priority level. Incorporates security control downgrading guidance, as appropriate, based on recommendations on page 35 of NIST SP 800-53 r4.
| Identifier | https://trustmark.nief.org/tpat/tips/nief-ideal-set-of-security-controls-for-systems-with-a-moderate-moderate-moderate-risk-profile/1.0/ | ||||
| Publication Date | 2021-08-27 | ||||
| Issuing Organization |
NIEF (https://nief.org/)
View Contact
|
||||
| Keywords | 800-53, Ideal, MODERATE-MODERATE-MODERATE, NIST, NIEF, Security | ||||
| Legal Notice | This document and the information contained herein is provided on an "AS IS" basis, and NIEF disclaims all warranties, express or implied, including but not limited to any warranty that the use of the information herein will not infringe any rights or any implied warranties or merchantability or fitness for a particular purpose. In addition, NIEF disclaims legal liability for any loss incurred as a result of the use or reliance on the document or the information contained herein. |
Loading...
Trust Expression:
TIP_NIEFMinimalSetofSecurityControlsforSystemswithaMODERATEMODERATEMODERATERiskProfile and TIP_ref1 and TIP_ref2 and TIP_ref3 and TIP_ref4 and TIP_ref5 and TIP_ref6 and TIP_ref7 and TIP_ref8 and TIP_ref9 and TIP_ref10 and TIP_ref11 and TIP_ref12 and TIP_ref13 and TIP_ref14 and TIP_ref15 and TIP_ref16 and TIP_ref17 and TIP_ref18 and TIP_ref19 and TIP_ref20 and TIP_ref21 and TIP_ref22 and TIP_ref23 and TIP_ref24 and TIP_ref25 and TIP_ref26 and TIP_ref27 and TIP_ref28 and TIP_ref29 and TIP_ref30 and TIP_ref31 and TIP_ref32 and TIP_ref33 and TIP_ref34 and TIP_ref35 and TIP_ref36 and TIP_ref37 and TIP_ref38 and TIP_ref39 and TIP_ref40 and TIP_ref41 and TIP_ref42 and TIP_ref43 and TIP_ref44 and TIP_ref45 and TIP_ref46 and TIP_ref47 and TIP_ref48 and TIP_ref49 and TIP_ref50 and TIP_ref51 and TIP_ref52 and TIP_ref53 and TIP_ref54 and TIP_ref55 and TIP_ref56 and TIP_ref57 and TIP_ref58 and TIP_ref59 and TIP_ref60 and TIP_ref61 and TIP_ref62 and TIP_ref63 and TIP_ref64 and TIP_ref65 and TIP_ref66 and TIP_ref67 and TIP_ref68 and TIP_ref69 and TIP_ref70 and TIP_ref71 and TIP_ref72 and TIP_ref73 and TIP_ref74 and TIP_ref75 and TIP_ref76 and TIP_ref77 and TIP_ref78 and TIP_ref79 and TIP_ref80 and TIP_ref81 and TIP_ref82 and TIP_ref83 and TIP_ref84 and TIP_ref85 and TIP_ref86 and TIP_ref87 and TIP_ref88 and TIP_ref89 and TIP_ref90 and TIP_ref91 and TIP_ref92 and TIP_ref93 and TIP_ref94 and TIP_ref95 and TIP_ref96 and TIP_ref97 and TIP_ref98 and TIP_ref99 and TIP_ref100 and TIP_ref101 and TIP_ref102 and TIP_ref103 and TIP_ref104 and TIP_ref105 and TIP_ref106 and TIP_ref107 and TIP_ref108 and TIP_ref109 and TIP_ref110 and TIP_ref111 and TIP_ref112 and TIP_ref113 and TIP_ref114 and TIP_ref115 and TIP_ref116 and TIP_ref117 and TIP_ref118 and TIP_ref119 and TIP_ref120 and TIP_ref121 and TIP_ref122 and TIP_ref123 and TIP_ref124 and TIP_ref125 and TIP_ref126 and TIP_ref127 and TIP_ref128 and TIP_ref129 and TIP_ref130 and TIP_ref131 and TIP_ref132 and TIP_ref133 and TIP_ref134 and TIP_ref135 and TIP_ref136 and TIP_ref137 and TIP_ref138 and TIP_ref139 and TIP_ref140 and TIP_ref141 and TIP_ref142 and TIP_ref143 and TIP_ref144
References (145)
| TIP NIEF Minimal Set of Security Controls for Systems with a MODERATE-MODERATE-MODERATE Risk Profile, v1.0 | |
|---|---|
| Description | Minimal profile of security controls from NIST Special Publication 800-53 r4 for systems that need to operate at a MODERATE-MODERATE-MODERATE impact level, as recommended by NIEF. Pertains to systems that operate at MODERATE confidentiality, MODERATE integrity, and MODERATE availability. Includes only those applicable security controls from NIST SP 800-53 r4 that have been marked by NIST as Priority P1. Incorporates security control downgrading guidance, as appropriate, based on recommendations on page 35 of NIST SP 800-53 r4. |
| ID | TIP_NIEFMinimalSetofSecurityControlsforSystemswithaMODERATEMODERATEMODERATERiskProfile |
| TIP NIST SP 800-53 r4 Security Control AC-2 (1): Automated System Account Management, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-2 (1): Automated System Account Management. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref1 |
| TIP NIST SP 800-53 r4 Security Control AC-2 (2): Removal of Temporary / Emergency Accounts, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-2 (2): Removal of Temporary / Emergency Accounts. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref2 |
| TIP NIST SP 800-53 r4 Security Control AC-2 (3): Disable Inactive Accounts, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-2 (3): Disable Inactive Accounts. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref3 |
| TIP NIST SP 800-53 r4 Security Control AC-2 (4): Automated Audit Actions, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-2 (4): Automated Audit Actions. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref4 |
| TIP NIST SP 800-53 r4 Security Control AC-6 (1): Authorize Access to Security Functions, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-6 (1): Authorize Access to Security Functions. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref5 |
| TIP NIST SP 800-53 r4 Security Control AC-6 (2): Non-Privileged Access for Nonsecurity Functions, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-6 (2): Non-Privileged Access for Nonsecurity Functions. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref6 |
| TIP NIST SP 800-53 r4 Security Control AC-6 (5): Privileged Accounts, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-6 (5): Privileged Accounts. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref7 |
| TIP NIST SP 800-53 r4 Security Control AC-6 (9): Auditing Use of Privileged Functions, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-6 (9): Auditing Use of Privileged Functions. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref8 |
| TIP NIST SP 800-53 r4 Security Control AC-6 (10): Prohibit Non-Privileged Users from Executing Privileged Functions, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-6 (10): Prohibit Non-Privileged Users from Executing Privileged Functions. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref9 |
| TIP NIST SP 800-53 r4 Security Control AC-7: Unsuccessful Logon Attempts, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-7: Unsuccessful Logon Attempts. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref10 |
| TIP NIST SP 800-53 r4 Security Control AC-11: Session Lock, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-11: Session Lock. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref11 |
| TIP NIST SP 800-53 r4 Security Control AC-11 (1): Pattern-Hiding Displays, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-11 (1): Pattern-Hiding Displays. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref12 |
| TIP NIST SP 800-53 r4 Security Control AC-12: Session Termination, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-12: Session Termination. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref13 |
| TIP NIST SP 800-53 r4 Security Control AC-14: Permitted Actions Without Identification or Authentication, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-14: Permitted Actions Without Identification or Authentication. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref14 |
| TIP NIST SP 800-53 r4 Security Control AC-17 (1): Automated Monitoring / Control, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-17 (1): Automated Monitoring / Control. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref15 |
| TIP NIST SP 800-53 r4 Security Control AC-17 (2): Protection of Confidentiality / Integrity Using Encryption, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-17 (2): Protection of Confidentiality / Integrity Using Encryption. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref16 |
| TIP NIST SP 800-53 r4 Security Control AC-17 (3): Managed Access Control Points, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-17 (3): Managed Access Control Points. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref17 |
| TIP NIST SP 800-53 r4 Security Control AC-17 (4): Privileged Commands / Access, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-17 (4): Privileged Commands / Access. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref18 |
| TIP NIST SP 800-53 r4 Security Control AC-18 (1): Authentication and Encryption, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-18 (1): Authentication and Encryption. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref19 |
| TIP NIST SP 800-53 r4 Security Control AC-19 (5): Full Device / Container-Based Encryption, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-19 (5): Full Device / Container-Based Encryption. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref20 |
| TIP NIST SP 800-53 r4 Security Control AC-20 (1): Limits on Authorized Use, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-20 (1): Limits on Authorized Use. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref21 |
| TIP NIST SP 800-53 r4 Security Control AC-20 (2): Portable Storage Devices, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-20 (2): Portable Storage Devices. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref22 |
| TIP NIST SP 800-53 r4 Security Control AC-21: Information Sharing, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-21: Information Sharing. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref23 |
| TIP NIST SP 800-53 r4 Security Control AC-22: Publicly Accessible Content, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-22: Publicly Accessible Content. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref24 |
| TIP NIST SP 800-53 r4 Security Control AT-2 (2): Insider Threat, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AT-2 (2): Insider Threat. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref25 |
| TIP NIST SP 800-53 r4 Security Control AT-4: Security Training Records, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AT-4: Security Training Records. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref26 |
| TIP NIST SP 800-53 r4 Security Control AU-2 (3): Reviews and Updates, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AU-2 (3): Reviews and Updates. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref27 |
| TIP NIST SP 800-53 r4 Security Control AU-3 (1): Additional Audit Information, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AU-3 (1): Additional Audit Information. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref28 |
| TIP NIST SP 800-53 r4 Security Control AU-6 (1): Process Integration, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AU-6 (1): Process Integration. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref29 |
| TIP NIST SP 800-53 r4 Security Control AU-6 (3): Correlate Audit Repositories, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AU-6 (3): Correlate Audit Repositories. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref30 |
| TIP NIST SP 800-53 r4 Security Control AU-7: Audit Reduction and Report Generation, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AU-7: Audit Reduction and Report Generation. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref31 |
| TIP NIST SP 800-53 r4 Security Control AU-7 (1): Automatic Processing, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AU-7 (1): Automatic Processing. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref32 |
| TIP NIST SP 800-53 r4 Security Control AU-8 (1): Synchronization with Authoritative Time Source, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AU-8 (1): Synchronization with Authoritative Time Source. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref33 |
| TIP NIST SP 800-53 r4 Security Control AU-9 (4): Access by Subset of Privileged Users, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AU-9 (4): Access by Subset of Privileged Users. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref34 |
| TIP NIST SP 800-53 r4 Security Control AU-11: Audit Record Retention, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AU-11: Audit Record Retention. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref35 |
| TIP NIST SP 800-53 r4 Security Control CA-2: Security Assessments, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CA-2: Security Assessments. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref36 |
| TIP NIST SP 800-53 r4 Security Control CA-2 (1): Independent Assessors, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CA-2 (1): Independent Assessors. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref37 |
| TIP NIST SP 800-53 r4 Security Control CA-3 (5): Restrictions on External System Connections, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CA-3 (5): Restrictions on External System Connections. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref38 |
| TIP NIST SP 800-53 r4 Security Control CA-5: Plan of Action and Milestones, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CA-5: Plan of Action and Milestones. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref39 |
| TIP NIST SP 800-53 r4 Security Control CA-6: Security Authorization, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CA-6: Security Authorization. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref40 |
| TIP NIST SP 800-53 r4 Security Control CA-7: Continuous Monitoring, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CA-7: Continuous Monitoring. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref41 |
| TIP NIST SP 800-53 r4 Security Control CA-7 (1): Independent Assessment, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CA-7 (1): Independent Assessment. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref42 |
| TIP NIST SP 800-53 r4 Security Control CA-9: Internal System Connections, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CA-9: Internal System Connections. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref43 |
| TIP NIST SP 800-53 r4 Security Control CM-2 (1): Reviews and Updates, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-2 (1): Reviews and Updates. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref44 |
| TIP NIST SP 800-53 r4 Security Control CM-2 (3): Retention of Previous Configurations, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-2 (3): Retention of Previous Configurations. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref45 |
| TIP NIST SP 800-53 r4 Security Control CM-2 (7): Configure Systems, Components, or Devices for High-Risk Areas, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-2 (7): Configure Systems, Components, or Devices for High-Risk Areas. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref46 |
| TIP NIST SP 800-53 r4 Security Control CM-3 (2): Test / Validate / Document Changes, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-3 (2): Test / Validate / Document Changes. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref47 |
| TIP NIST SP 800-53 r4 Security Control CM-4: Security Impact Analysis, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-4: Security Impact Analysis. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref48 |
| TIP NIST SP 800-53 r4 Security Control CM-7 (1): Periodic Review, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-7 (1): Periodic Review. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref49 |
| TIP NIST SP 800-53 r4 Security Control CM-7 (2): Prevent Program Execution, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-7 (2): Prevent Program Execution. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref50 |
| TIP NIST SP 800-53 r4 Security Control CM-7 (4): Unauthorized Software / Blacklisting, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-7 (4): Unauthorized Software / Blacklisting. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref51 |
| TIP NIST SP 800-53 r4 Security Control CM-8 (1): Updates During Installations / Removals, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-8 (1): Updates During Installations / Removals. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref52 |
| TIP NIST SP 800-53 r4 Security Control CM-8 (3): Automated Unauthorized Component Detection, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-8 (3): Automated Unauthorized Component Detection. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref53 |
| TIP NIST SP 800-53 r4 Security Control CM-8 (5): No Duplicate Accounting of Components, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-8 (5): No Duplicate Accounting of Components. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref54 |
| TIP NIST SP 800-53 r4 Security Control CM-10: Software Usage Restrictions, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-10: Software Usage Restrictions. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref55 |
| TIP NIST SP 800-53 r4 Security Control CP-2 (1): Coordinate with Related Plans, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CP-2 (1): Coordinate with Related Plans. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref56 |
| TIP NIST SP 800-53 r4 Security Control CP-2 (3): Resume Essential Missions / Business Functions, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CP-2 (3): Resume Essential Missions / Business Functions. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref57 |
| TIP NIST SP 800-53 r4 Security Control CP-2 (8): Identify Critical Assets, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CP-2 (8): Identify Critical Assets. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref58 |
| TIP NIST SP 800-53 r4 Security Control CP-3: Contingency Training, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CP-3: Contingency Training. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref59 |
| TIP NIST SP 800-53 r4 Security Control CP-4: Contingency Plan Testing, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CP-4: Contingency Plan Testing. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref60 |
| TIP NIST SP 800-53 r4 Security Control CP-4 (1): Coordinate with Related Plans, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CP-4 (1): Coordinate with Related Plans. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref61 |
| TIP NIST SP 800-53 r4 Security Control CP-6 (1): Separation from Primary Site, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CP-6 (1): Separation from Primary Site. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref62 |
| TIP NIST SP 800-53 r4 Security Control CP-6 (3): Accessibility, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CP-6 (3): Accessibility. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref63 |
| TIP NIST SP 800-53 r4 Security Control CP-7 (1): Separation from Primary Site, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CP-7 (1): Separation from Primary Site. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref64 |
| TIP NIST SP 800-53 r4 Security Control CP-7 (2): Accessibility, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CP-7 (2): Accessibility. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref65 |
| TIP NIST SP 800-53 r4 Security Control CP-7 (3): Priority of Service, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CP-7 (3): Priority of Service. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref66 |
| TIP NIST SP 800-53 r4 Security Control CP-8 (1): Priority of Service Provisions, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CP-8 (1): Priority of Service Provisions. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref67 |
| TIP NIST SP 800-53 r4 Security Control CP-8 (2): Single Points of Failure, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CP-8 (2): Single Points of Failure. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref68 |
| TIP NIST SP 800-53 r4 Security Control CP-9 (1): Testing for Reliability / Integrity, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CP-9 (1): Testing for Reliability / Integrity. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref69 |
| TIP NIST SP 800-53 r4 Security Control CP-10 (2): Transaction Recovery, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CP-10 (2): Transaction Recovery. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref70 |
| TIP NIST SP 800-53 r4 Security Control IA-2 (1): Network Access to Privileged Accounts, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control IA-2 (1): Network Access to Privileged Accounts. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref71 |
| TIP NIST SP 800-53 r4 Security Control IA-2 (2): Network Access to Non-Privileged Accounts, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control IA-2 (2): Network Access to Non-Privileged Accounts. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref72 |
| TIP NIST SP 800-53 r4 Security Control IA-2 (3): Local Access to Privileged Accounts, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control IA-2 (3): Local Access to Privileged Accounts. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref73 |
| TIP NIST SP 800-53 r4 Security Control IA-2 (8): Network Access to Privileged Accounts - Replay Resistant, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control IA-2 (8): Network Access to Privileged Accounts - Replay Resistant. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref74 |
| TIP NIST SP 800-53 r4 Security Control IA-2 (11): Remote Access - Separate Device, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control IA-2 (11): Remote Access - Separate Device. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref75 |
| TIP NIST SP 800-53 r4 Security Control IA-2 (12): Acceptance of PIV Credentials, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control IA-2 (12): Acceptance of PIV Credentials. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref76 |
| TIP NIST SP 800-53 r4 Security Control IA-5 (1): Password-Based Authentication, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control IA-5 (1): Password-Based Authentication. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref77 |
| TIP NIST SP 800-53 r4 Security Control IA-5 (2): PKI-Based Authentication, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control IA-5 (2): PKI-Based Authentication. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref78 |
| TIP NIST SP 800-53 r4 Security Control IA-5 (3): In-Person or Trusted Third-Party Registration, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control IA-5 (3): In-Person or Trusted Third-Party Registration. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref79 |
| TIP NIST SP 800-53 r4 Security Control IA-5 (11): Hardware Token-Based Authentication, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control IA-5 (11): Hardware Token-Based Authentication. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref80 |
| TIP NIST SP 800-53 r4 Security Control IA-6: Authenticator Feedback, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control IA-6: Authenticator Feedback. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref81 |
| TIP NIST SP 800-53 r4 Security Control IA-8 (1): Acceptance of PIV Credentials from Other Agencies, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control IA-8 (1): Acceptance of PIV Credentials from Other Agencies. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref82 |
| TIP NIST SP 800-53 r4 Security Control IA-8 (2): Acceptance of Third-Party Credentials, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control IA-8 (2): Acceptance of Third-Party Credentials. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref83 |
| TIP NIST SP 800-53 r4 Security Control IA-8 (3): Use of FICAM-Approved Products, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control IA-8 (3): Use of FICAM-Approved Products. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref84 |
| TIP NIST SP 800-53 r4 Security Control IA-8 (4): Use of FICAM-Issued Profiles, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control IA-8 (4): Use of FICAM-Issued Profiles. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref85 |
| TIP NIST SP 800-53 r4 Security Control IR-2: Incident Response Training, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control IR-2: Incident Response Training. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref86 |
| TIP NIST SP 800-53 r4 Security Control IR-3: Incident Response Testing, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control IR-3: Incident Response Testing. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref87 |
| TIP NIST SP 800-53 r4 Security Control IR-3 (2): Coordination with Related Plans, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control IR-3 (2): Coordination with Related Plans. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref88 |
| TIP NIST SP 800-53 r4 Security Control IR-4 (1): Automated Incident Handling Processes, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control IR-4 (1): Automated Incident Handling Processes. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref89 |
| TIP NIST SP 800-53 r4 Security Control IR-6 (1): Automated Reporting, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control IR-6 (1): Automated Reporting. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref90 |
| TIP NIST SP 800-53 r4 Security Control IR-7: Incident Response Assistance, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control IR-7: Incident Response Assistance. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref91 |
| TIP NIST SP 800-53 r4 Security Control IR-7 (1): Automation Support for Availability of Information / Support, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control IR-7 (1): Automation Support for Availability of Information / Support. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref92 |
| TIP NIST SP 800-53 r4 Security Control MA-2: Controlled Maintenance, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control MA-2: Controlled Maintenance. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref93 |
| TIP NIST SP 800-53 r4 Security Control MA-3: Maintenance Tools, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control MA-3: Maintenance Tools. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref94 |
| TIP NIST SP 800-53 r4 Security Control MA-3 (1): Inspect Tools, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control MA-3 (1): Inspect Tools. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref95 |
| TIP NIST SP 800-53 r4 Security Control MA-3 (2): Inspect Media, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control MA-3 (2): Inspect Media. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref96 |
| TIP NIST SP 800-53 r4 Security Control MA-4: Nonlocal Maintenance, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control MA-4: Nonlocal Maintenance. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref97 |
| TIP NIST SP 800-53 r4 Security Control MA-4 (2): Document Nonlocal Maintenance, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control MA-4 (2): Document Nonlocal Maintenance. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref98 |
| TIP NIST SP 800-53 r4 Security Control MA-5: Maintenance Personnel, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control MA-5: Maintenance Personnel. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref99 |
| TIP NIST SP 800-53 r4 Security Control MA-6: Timely Maintenance, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control MA-6: Timely Maintenance. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref100 |
| TIP NIST SP 800-53 r4 Security Control MP-3: Media Marking, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control MP-3: Media Marking. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref101 |
| TIP NIST SP 800-53 r4 Security Control MP-5 (4): Cryptographic Protection, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control MP-5 (4): Cryptographic Protection. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref102 |
| TIP NIST SP 800-53 r4 Security Control MP-7 (1): Prohibit Use Without Owner, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control MP-7 (1): Prohibit Use Without Owner. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref103 |
| TIP NIST SP 800-53 r4 Security Control PE-5: Access Control for Output Devices, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control PE-5: Access Control for Output Devices. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref104 |
| TIP NIST SP 800-53 r4 Security Control PE-6 (1): Intrusion Alarms / Surveillance Equipment, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control PE-6 (1): Intrusion Alarms / Surveillance Equipment. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref105 |
| TIP NIST SP 800-53 r4 Security Control PE-8: Visitor Access Records, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control PE-8: Visitor Access Records. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref106 |
| TIP NIST SP 800-53 r4 Security Control PE-13 (3): Automatic Fire Suppression, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control PE-13 (3): Automatic Fire Suppression. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref107 |
| TIP NIST SP 800-53 r4 Security Control PE-16: Delivery and Removal, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control PE-16: Delivery and Removal. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref108 |
| TIP NIST SP 800-53 r4 Security Control PE-17: Alternate Work Site, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control PE-17: Alternate Work Site. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref109 |
| TIP NIST SP 800-53 r4 Security Control PL-2 (3): Plan / Coordinate with Other Organizational Entities, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control PL-2 (3): Plan / Coordinate with Other Organizational Entities. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref110 |
| TIP NIST SP 800-53 r4 Security Control PL-4: Rules of Behavior, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control PL-4: Rules of Behavior. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref111 |
| TIP NIST SP 800-53 r4 Security Control PL-4 (1): Social Media and Networking Restrictions, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control PL-4 (1): Social Media and Networking Restrictions. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref112 |
| TIP NIST SP 800-53 r4 Security Control PS-5: Personnel Transfer, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control PS-5: Personnel Transfer. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref113 |
| TIP NIST SP 800-53 r4 Security Control PS-6: Access Agreements, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control PS-6: Access Agreements. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref114 |
| TIP NIST SP 800-53 r4 Security Control PS-8: Personnel Sanctions, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control PS-8: Personnel Sanctions. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref115 |
| TIP NIST SP 800-53 r4 Security Control RA-5 (1): Update Tool Capability, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control RA-5 (1): Update Tool Capability. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref116 |
| TIP NIST SP 800-53 r4 Security Control RA-5 (2): Update by Frequency / Prior to New Scan / When Identified, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control RA-5 (2): Update by Frequency / Prior to New Scan / When Identified. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref117 |
| TIP NIST SP 800-53 r4 Security Control RA-5 (5): Privileged Access, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control RA-5 (5): Privileged Access. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref118 |
| TIP NIST SP 800-53 r4 Security Control SA-4 (1): Functional Properties of Security Controls, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SA-4 (1): Functional Properties of Security Controls. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref119 |
| TIP NIST SP 800-53 r4 Security Control SA-4 (2): Design / Implementation Information for Security Controls, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SA-4 (2): Design / Implementation Information for Security Controls. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref120 |
| TIP NIST SP 800-53 r4 Security Control SA-4 (9): Functions / Ports / Protocols / Services in Use, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SA-4 (9): Functions / Ports / Protocols / Services in Use. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref121 |
| TIP NIST SP 800-53 r4 Security Control SA-4 (10): Use of Approved PIV Products, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SA-4 (10): Use of Approved PIV Products. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref122 |
| TIP NIST SP 800-53 r4 Security Control SA-5: Information System Documentation, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SA-5: Information System Documentation. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref123 |
| TIP NIST SP 800-53 r4 Security Control SA-9 (2): Identification of Functions / Ports / Protocols / Services, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SA-9 (2): Identification of Functions / Ports / Protocols / Services. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref124 |
| TIP NIST SP 800-53 r4 Security Control SC-7 (3): Access Points, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SC-7 (3): Access Points. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref125 |
| TIP NIST SP 800-53 r4 Security Control SC-7 (4): External Telecommunications Services, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SC-7 (4): External Telecommunications Services. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref126 |
| TIP NIST SP 800-53 r4 Security Control SC-7 (5): Deny by Default / Allow by Exception, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SC-7 (5): Deny by Default / Allow by Exception. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref127 |
| TIP NIST SP 800-53 r4 Security Control SC-7 (7): Prevent Split Tunneling for Remote Devices, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SC-7 (7): Prevent Split Tunneling for Remote Devices. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref128 |
| TIP NIST SP 800-53 r4 Security Control SC-8 (1): Cryptographic or Alternate Physical Protection, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SC-8 (1): Cryptographic or Alternate Physical Protection. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref129 |
| TIP NIST SP 800-53 r4 Security Control SC-10: Network Disconnect, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SC-10: Network Disconnect. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref130 |
| TIP NIST SP 800-53 r4 Security Control SC-18: Mobile Code, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SC-18: Mobile Code. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref131 |
| TIP NIST SP 800-53 r4 Security Control SI-2 (2): Automated Flaw Remediation Status, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SI-2 (2): Automated Flaw Remediation Status. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref132 |
| TIP NIST SP 800-53 r4 Security Control SI-3 (1): Central Management, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SI-3 (1): Central Management. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref133 |
| TIP NIST SP 800-53 r4 Security Control SI-3 (2): Automatic Updates, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SI-3 (2): Automatic Updates. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref134 |
| TIP NIST SP 800-53 r4 Security Control SI-4 (2): Automated Tools for Real-Time Analysis, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SI-4 (2): Automated Tools for Real-Time Analysis. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref135 |
| TIP NIST SP 800-53 r4 Security Control SI-4 (4): Inbound and Outbound Communications Traffic, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SI-4 (4): Inbound and Outbound Communications Traffic. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref136 |
| TIP NIST SP 800-53 r4 Security Control SI-4 (5): System-Generated Alerts, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SI-4 (5): System-Generated Alerts. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref137 |
| TIP NIST SP 800-53 r4 Security Control SI-7 (1): Integrity Checks, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SI-7 (1): Integrity Checks. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref138 |
| TIP NIST SP 800-53 r4 Security Control SI-7 (7): Integration of Detection and Response, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SI-7 (7): Integration of Detection and Response. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref139 |
| TIP NIST SP 800-53 r4 Security Control SI-8: Spam Protection, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SI-8: Spam Protection. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref140 |
| TIP NIST SP 800-53 r4 Security Control SI-8 (1): Central Management, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SI-8 (1): Central Management. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref141 |
| TIP NIST SP 800-53 r4 Security Control SI-8 (2): Automatic Updates, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SI-8 (2): Automatic Updates. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref142 |
| TIP NIST SP 800-53 r4 Security Control SI-11: Error Handling, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SI-11: Error Handling. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref143 |
| TIP NIST SP 800-53 r4 Security Control SI-12: Information Handling and Retention, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SI-12: Information Handling and Retention. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref144 |
Sources (1)
| SP800-53R4 | NIST Special Publication 800-53 Revision 4, Security and Privacy Controls for Federal Information Systems and Organizations, National Institute of Standards and Technology, April 2013 (Includes updates as of 01-15-2014). Available at http://dx.doi.org/10.6028/NIST.SP.800-53r4. |
Terms (1)
| Term Name | Abbreviations | Definition |
|---|---|---|
| Null Term | Null | Just a spreadsheet test. |