NIEF Minimal Set of Security Controls for Systems with a LOW-MODERATE-LOW Risk Profile, v1.0

Minimal profile of security controls from NIST Special Publication 800-53 r4 for systems that need to operate at a LOW-MODERATE-LOW impact level, as recommended by NIEF. Pertains to systems that operate at LOW confidentiality, MODERATE integrity, and LOW availability. Includes only those applicable security controls from NIST SP 800-53 r4 that have been marked by NIST as Priority P1. Incorporates security control downgrading guidance, as appropriate, based on recommendations on page 35 of NIST SP 800-53 r4.
Identifier https://trustmark.nief.org/tpat/tips/nief-minimal-set-of-security-controls-for-systems-with-a-low-moderate-low-risk-profile/1.0/
Publication Date 2021-08-27
Issuing Organization
NIEF Support help@nief.org No telephone No Mailing Address
Keywords 800-53, LOW-MODERATE-LOW, Minimal, NIST, NIEF, Security
Legal Notice This document and the information contained herein is provided on an "AS IS" basis, and NIEF disclaims all warranties, express or implied, including but not limited to any warranty that the use of the information herein will not infringe any rights or any implied warranties or merchantability or fitness for a particular purpose. In addition, NIEF disclaims legal liability for any loss incurred as a result of the use or reliance on the document or the information contained herein.
Loading...

Trust Expression:

TIP_ref1 and TIP_ref2 and TIP_ref3 and TIP_ref4 and TIP_ref5 and TIP_ref6 and TIP_ref7 and TIP_ref8 and TIP_ref9 and TIP_ref10 and TIP_ref11 and TIP_ref12 and TIP_ref13 and TIP_ref14 and TIP_ref15 and TIP_ref16 and TIP_ref17 and TIP_ref18 and TIP_ref19 and TIP_ref20 and TIP_ref21 and TIP_ref22 and TIP_ref23 and TIP_ref24 and TIP_ref25 and TIP_ref26 and TIP_ref27 and TIP_ref28 and TIP_ref29 and TIP_ref30 and TIP_ref31 and TIP_ref32 and TIP_ref33 and TIP_ref34 and TIP_ref35 and TIP_ref36 and TIP_ref37 and TIP_ref38 and TIP_ref39 and TIP_ref40 and TIP_ref41 and TIP_ref42 and TIP_ref43 and TIP_ref44 and TIP_ref45 and TIP_ref46 and TIP_ref47 and TIP_ref48 and TIP_ref49 and TIP_ref50 and TIP_ref51 and TIP_ref52 and TIP_ref53 and TIP_ref54 and TIP_ref55 and TIP_ref56 and TIP_ref57 and TIP_ref58 and TIP_ref59 and TIP_ref60 and TIP_ref61 and TIP_ref62 and TIP_ref63 and TIP_ref64 and TIP_ref65 and TIP_ref66 and TIP_ref67 and TIP_ref68 and TIP_ref69 and TIP_ref70 and TIP_ref71 and TIP_ref72 and TIP_ref73 and TIP_ref74 and TIP_ref75 and TIP_ref76 and TIP_ref77 and TIP_ref78 and TIP_ref79 and TIP_ref80 and TIP_ref81 and TIP_ref82 and TIP_ref83 and TIP_ref84 and TIP_ref85 and TIP_ref86 and TIP_ref87 and TIP_ref88 and TIP_ref89 and TIP_ref90 and TIP_ref91 and TIP_ref92 and TIP_ref93 and TIP_ref94 and TIP_ref95 and TIP_ref96 and TIP_ref97 and TIP_ref98 and TIP_ref99 and TIP_ref100 and TIP_ref101 and TIP_ref102 and TIP_ref103 and TIP_ref104 and TIP_ref105 and TIP_ref106

References (106)

 TIP  NIST SP 800-53 r4 Security Control AC-1: Access Control Policy and Procedures, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-1: Access Control Policy and Procedures. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_ref1
 TIP  NIST SP 800-53 r4 Security Control AC-2: Account Management, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-2: Account Management. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_ref2
 TIP  NIST SP 800-53 r4 Security Control AC-3: Access Enforcement, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-3: Access Enforcement. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_ref3
 TIP  NIST SP 800-53 r4 Security Control AC-4: Information Flow Enforcement, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-4: Information Flow Enforcement. Applicable to MODERATE impact and HIGH impact systems.
ID TIP_ref4
 TIP  NIST SP 800-53 r4 Security Control AC-5: Separation of Duties, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-5: Separation of Duties. Applicable to MODERATE impact and HIGH impact systems.
ID TIP_ref5
 TIP  NIST SP 800-53 r4 Security Control AC-6: Least Privilege, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-6: Least Privilege. Applicable to MODERATE impact and HIGH impact systems.
ID TIP_ref6
 TIP  NIST SP 800-53 r4 Security Control AC-8: System Use Notification, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-8: System Use Notification. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_ref7
 TIP  NIST SP 800-53 r4 Security Control AC-17: Remote Access, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-17: Remote Access. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_ref8
 TIP  NIST SP 800-53 r4 Security Control AC-18: Wireless Access, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-18: Wireless Access. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_ref9
 TIP  NIST SP 800-53 r4 Security Control AC-19: Access Control for Mobile Devices, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-19: Access Control for Mobile Devices. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_ref10
 TIP  NIST SP 800-53 r4 Security Control AC-20: Use of External Information Systems, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-20: Use of External Information Systems. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_ref11
 TIP  NIST SP 800-53 r4 Security Control AT-1: Security Awareness and Training Policy and Procedures, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AT-1: Security Awareness and Training Policy and Procedures. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_ref12
 TIP  NIST SP 800-53 r4 Security Control AT-2: Security Awareness Training, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AT-2: Security Awareness Training. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_ref13
 TIP  NIST SP 800-53 r4 Security Control AT-3: Role-Based Security Training, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AT-3: Role-Based Security Training. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_ref14
 TIP  NIST SP 800-53 r4 Security Control AU-1: Audit and Accountability Policy and Procedures, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AU-1: Audit and Accountability Policy and Procedures. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_ref15
 TIP  NIST SP 800-53 r4 Security Control AU-2: Audit Events, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AU-2: Audit Events. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_ref16
 TIP  NIST SP 800-53 r4 Security Control AU-3: Content of Audit Records, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AU-3: Content of Audit Records. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_ref17
 TIP  NIST SP 800-53 r4 Security Control AU-4: Audit Storage Capacity, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AU-4: Audit Storage Capacity. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_ref18
 TIP  NIST SP 800-53 r4 Security Control AU-5: Response to Audit Processing Failures, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AU-5: Response to Audit Processing Failures. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_ref19
 TIP  NIST SP 800-53 r4 Security Control AU-6: Audit Review, Analysis, and Reporting, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AU-6: Audit Review, Analysis, and Reporting. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_ref20
 TIP  NIST SP 800-53 r4 Security Control AU-8: Time Stamps, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AU-8: Time Stamps. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_ref21
 TIP  NIST SP 800-53 r4 Security Control AU-9: Protection of Audit Information, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AU-9: Protection of Audit Information. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_ref22
 TIP  NIST SP 800-53 r4 Security Control AU-12: Audit Generation, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AU-12: Audit Generation. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_ref23
 TIP  NIST SP 800-53 r4 Security Control CA-1: Security Assessment and Authorization Policy and Procedures, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CA-1: Security Assessment and Authorization Policy and Procedures. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_ref24
 TIP  NIST SP 800-53 r4 Security Control CA-3: System Interconnections, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CA-3: System Interconnections. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_ref25
 TIP  NIST SP 800-53 r4 Security Control CM-1: Configuration Management Policy and Procedures, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-1: Configuration Management Policy and Procedures. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_ref26
 TIP  NIST SP 800-53 r4 Security Control CM-2: Baseline Configuration, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-2: Baseline Configuration. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_ref27
 TIP  NIST SP 800-53 r4 Security Control CM-3: Configuration Change Control, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-3: Configuration Change Control. Applicable to MODERATE impact and HIGH impact systems.
ID TIP_ref28
 TIP  NIST SP 800-53 r4 Security Control CM-5: Access Restrictions for Change, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-5: Access Restrictions for Change. Applicable to MODERATE impact and HIGH impact systems.
ID TIP_ref29
 TIP  NIST SP 800-53 r4 Security Control CM-6: Configuration Settings, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-6: Configuration Settings. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_ref30
 TIP  NIST SP 800-53 r4 Security Control CM-7: Least Functionality, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-7: Least Functionality. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_ref31
 TIP  NIST SP 800-53 r4 Security Control CM-8: Information System Component Inventory, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-8: Information System Component Inventory. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_ref32
 TIP  NIST SP 800-53 r4 Security Control CM-9: Configuration Management Plan, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-9: Configuration Management Plan. Applicable to MODERATE impact and HIGH impact systems.
ID TIP_ref33
 TIP  NIST SP 800-53 r4 Security Control CM-11: User-Installed Software, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-11: User-Installed Software. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_ref34
 TIP  NIST SP 800-53 r4 Security Control CP-1: Contingency Planning Policy and Procedures, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CP-1: Contingency Planning Policy and Procedures. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_ref35
 TIP  NIST SP 800-53 r4 Security Control CP-2: Contingency Plan, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CP-2: Contingency Plan. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_ref36
 TIP  NIST SP 800-53 r4 Security Control CP-9: Information System Backup, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CP-9: Information System Backup. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_ref37
 TIP  NIST SP 800-53 r4 Security Control CP-10: Information System Recovery and Reconstitution, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CP-10: Information System Recovery and Reconstitution. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_ref38
 TIP  NIST SP 800-53 r4 Security Control IA-1: Identification and Authentication Policy and Procedures, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control IA-1: Identification and Authentication Policy and Procedures. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_ref39
 TIP  NIST SP 800-53 r4 Security Control IA-2: Identification and Authentication (Organizational Users), v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control IA-2: Identification and Authentication (Organizational Users). Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_ref40
 TIP  NIST SP 800-53 r4 Security Control IA-3: Device Identification and Authentication, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control IA-3: Device Identification and Authentication. Applicable to MODERATE impact and HIGH impact systems.
ID TIP_ref41
 TIP  NIST SP 800-53 r4 Security Control IA-4: Identifier Management, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control IA-4: Identifier Management. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_ref42
 TIP  NIST SP 800-53 r4 Security Control IA-5: Authenticator Management, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control IA-5: Authenticator Management. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_ref43
 TIP  NIST SP 800-53 r4 Security Control IA-7: Cryptographic Module Authentication, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control IA-7: Cryptographic Module Authentication. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_ref44
 TIP  NIST SP 800-53 r4 Security Control IA-8: Identification and Authentication (Non-Organizational Users), v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control IA-8: Identification and Authentication (Non-Organizational Users). Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_ref45
 TIP  NIST SP 800-53 r4 Security Control IR-1: Incident Response Policy and Procedures, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control IR-1: Incident Response Policy and Procedures. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_ref46
 TIP  NIST SP 800-53 r4 Security Control IR-4: Incident Handling, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control IR-4: Incident Handling. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_ref47
 TIP  NIST SP 800-53 r4 Security Control IR-5: Incident Monitoring, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control IR-5: Incident Monitoring. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_ref48
 TIP  NIST SP 800-53 r4 Security Control IR-6: Incident Reporting, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control IR-6: Incident Reporting. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_ref49
 TIP  NIST SP 800-53 r4 Security Control IR-8: Incident Response Plan, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control IR-8: Incident Response Plan. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_ref50
 TIP  NIST SP 800-53 r4 Security Control MA-1: System Maintenance Policy and Procedures, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control MA-1: System Maintenance Policy and Procedures. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_ref51
 TIP  NIST SP 800-53 r4 Security Control MP-1: Media Protection Policy and Procedures, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control MP-1: Media Protection Policy and Procedures. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_ref52
 TIP  NIST SP 800-53 r4 Security Control MP-2: Media Access, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control MP-2: Media Access. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_ref53
 TIP  NIST SP 800-53 r4 Security Control MP-6: Media Sanitization, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control MP-6: Media Sanitization. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_ref54
 TIP  NIST SP 800-53 r4 Security Control MP-7: Media Use, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control MP-7: Media Use. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_ref55
 TIP  NIST SP 800-53 r4 Security Control PE-1: Physical and Environmental Protection Policy and Procedures, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control PE-1: Physical and Environmental Protection Policy and Procedures. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_ref56
 TIP  NIST SP 800-53 r4 Security Control PE-2: Physical Access Authorizations, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control PE-2: Physical Access Authorizations. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_ref57
 TIP  NIST SP 800-53 r4 Security Control PE-3: Physical Access Control, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control PE-3: Physical Access Control. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_ref58
 TIP  NIST SP 800-53 r4 Security Control PE-6: Monitoring Physical Access, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control PE-6: Monitoring Physical Access. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_ref59
 TIP  NIST SP 800-53 r4 Security Control PE-12: Emergency Lighting, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control PE-12: Emergency Lighting. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_ref60
 TIP  NIST SP 800-53 r4 Security Control PE-13: Fire Protection, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control PE-13: Fire Protection. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_ref61
 TIP  NIST SP 800-53 r4 Security Control PE-14: Temperature and Humidity Controls, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control PE-14: Temperature and Humidity Controls. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_ref62
 TIP  NIST SP 800-53 r4 Security Control PE-15: Water Damage Protection, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control PE-15: Water Damage Protection. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_ref63
 TIP  NIST SP 800-53 r4 Security Control PL-1: Security Planning Policy and Procedures, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control PL-1: Security Planning Policy and Procedures. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_ref64
 TIP  NIST SP 800-53 r4 Security Control PL-2: System Security Plan, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control PL-2: System Security Plan. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_ref65
 TIP  NIST SP 800-53 r4 Security Control PL-8: Information Security Architecture, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control PL-8: Information Security Architecture. Applicable to MODERATE impact and HIGH impact systems.
ID TIP_ref66
 TIP  NIST SP 800-53 r4 Security Control PS-1: Personnel Security Policy and Procedures, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control PS-1: Personnel Security Policy and Procedures. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_ref67
 TIP  NIST SP 800-53 r4 Security Control PS-2: Position Risk Designation, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control PS-2: Position Risk Designation. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_ref68
 TIP  NIST SP 800-53 r4 Security Control PS-3: Personnel Screening, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control PS-3: Personnel Screening. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_ref69
 TIP  NIST SP 800-53 r4 Security Control PS-4: Personnel Termination, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control PS-4: Personnel Termination. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_ref70
 TIP  NIST SP 800-53 r4 Security Control PS-7: Third-Party Personnel Security, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control PS-7: Third-Party Personnel Security. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_ref71
 TIP  NIST SP 800-53 r4 Security Control RA-1: Risk Assessment Policy and Procedures, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control RA-1: Risk Assessment Policy and Procedures. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_ref72
 TIP  NIST SP 800-53 r4 Security Control RA-2: Security Categorization, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control RA-2: Security Categorization. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_ref73
 TIP  NIST SP 800-53 r4 Security Control RA-3: Risk Assessment, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control RA-3: Risk Assessment. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_ref74
 TIP  NIST SP 800-53 r4 Security Control RA-5: Vulnerability Scanning, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control RA-5: Vulnerability Scanning. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_ref75
 TIP  NIST SP 800-53 r4 Security Control SA-1: System and Services Acquisition Policy and Procedures, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SA-1: System and Services Acquisition Policy and Procedures. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_ref76
 TIP  NIST SP 800-53 r4 Security Control SA-2: Allocation of Resources, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SA-2: Allocation of Resources. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_ref77
 TIP  NIST SP 800-53 r4 Security Control SA-3: System Development Life Cycle, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SA-3: System Development Life Cycle. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_ref78
 TIP  NIST SP 800-53 r4 Security Control SA-4: Acquisition Process, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SA-4: Acquisition Process. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_ref79
 TIP  NIST SP 800-53 r4 Security Control SA-8: Security Engineering Principles, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SA-8: Security Engineering Principles. Applicable to MODERATE impact and HIGH impact systems.
ID TIP_ref80
 TIP  NIST SP 800-53 r4 Security Control SA-9: External Information System Services, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SA-9: External Information System Services. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_ref81
 TIP  NIST SP 800-53 r4 Security Control SA-10: Developer Configuration Management, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SA-10: Developer Configuration Management. Applicable to MODERATE impact and HIGH impact systems.
ID TIP_ref82
 TIP  NIST SP 800-53 r4 Security Control SA-11: Developer Security Testing and Evaluation, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SA-11: Developer Security Testing and Evaluation. Applicable to MODERATE impact and HIGH impact systems.
ID TIP_ref83
 TIP  NIST SP 800-53 r4 Security Control SC-1: System and Communications Protection Policy and Procedures, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SC-1: System and Communications Protection Policy and Procedures. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_ref84
 TIP  NIST SP 800-53 r4 Security Control SC-2: Application Partitioning, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SC-2: Application Partitioning. Applicable to MODERATE impact and HIGH impact systems.
ID TIP_ref85
 TIP  NIST SP 800-53 r4 Security Control SC-5: Denial of Service Protection, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SC-5: Denial of Service Protection. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_ref86
 TIP  NIST SP 800-53 r4 Security Control SC-7: Boundary Protection, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SC-7: Boundary Protection. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_ref87
 TIP  NIST SP 800-53 r4 Security Control SC-12: Cryptographic Key Establishment and Management, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SC-12: Cryptographic Key Establishment and Management. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_ref88
 TIP  NIST SP 800-53 r4 Security Control SC-13: Cryptographic Protection, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SC-13: Cryptographic Protection. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_ref89
 TIP  NIST SP 800-53 r4 Security Control SC-15: Collaborative Computing Devices, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SC-15: Collaborative Computing Devices. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_ref90
 TIP  NIST SP 800-53 r4 Security Control SC-17: Public Key Infrastructure Certificates, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SC-17: Public Key Infrastructure Certificates. Applicable to MODERATE impact and HIGH impact systems.
ID TIP_ref91
 TIP  NIST SP 800-53 r4 Security Control SC-19: Voice Over Internet Protocol, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SC-19: Voice Over Internet Protocol. Applicable to MODERATE impact and HIGH impact systems.
ID TIP_ref92
 TIP  NIST SP 800-53 r4 Security Control SC-20: Secure Name / Address Resolution Service (Authoritative Source), v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SC-20: Secure Name / Address Resolution Service (Authoritative Source). Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_ref93
 TIP  NIST SP 800-53 r4 Security Control SC-21: Secure Name / Address Resolution Service (Recursive or Caching Resolver), v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SC-21: Secure Name / Address Resolution Service (Recursive or Caching Resolver). Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_ref94
 TIP  NIST SP 800-53 r4 Security Control SC-22: Architecture and Provisioning for Name / Address Resolution Service, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SC-22: Architecture and Provisioning for Name / Address Resolution Service. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_ref95
 TIP  NIST SP 800-53 r4 Security Control SC-23: Session Authenticity, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SC-23: Session Authenticity. Applicable to MODERATE impact and HIGH impact systems.
ID TIP_ref96
 TIP  NIST SP 800-53 r4 Security Control SC-28: Protection of Information at Rest, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SC-28: Protection of Information at Rest. Applicable to MODERATE impact and HIGH impact systems.
ID TIP_ref97
 TIP  NIST SP 800-53 r4 Security Control SC-39: Process Isolation, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SC-39: Process Isolation. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_ref98
 TIP  NIST SP 800-53 r4 Security Control SI-1: System and Information Integrity Policy and Procedures, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SI-1: System and Information Integrity Policy and Procedures. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_ref99
 TIP  NIST SP 800-53 r4 Security Control SI-2: Flaw Remediation, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SI-2: Flaw Remediation. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_ref100
 TIP  NIST SP 800-53 r4 Security Control SI-3: Malicious Code Protection, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SI-3: Malicious Code Protection. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_ref101
 TIP  NIST SP 800-53 r4 Security Control SI-4: Information System Monitoring, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SI-4: Information System Monitoring. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_ref102
 TIP  NIST SP 800-53 r4 Security Control SI-5: Security Alerts, Advisories, and Directives, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SI-5: Security Alerts, Advisories, and Directives. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.
ID TIP_ref103
 TIP  NIST SP 800-53 r4 Security Control SI-7: Software, Firmware, and Information Integrity, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SI-7: Software, Firmware, and Information Integrity. Applicable to MODERATE impact and HIGH impact systems.
ID TIP_ref104
 TIP  NIST SP 800-53 r4 Security Control SI-10: Information Input Validation, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SI-10: Information Input Validation. Applicable to MODERATE impact and HIGH impact systems.
ID TIP_ref105
 TIP  NIST SP 800-53 r4 Security Control SI-16: Memory Protection, v4
Description Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SI-16: Memory Protection. Applicable to MODERATE impact and HIGH impact systems.
ID TIP_ref106

Sources (1)

SP800-53R4 NIST Special Publication 800-53 Revision 4, Security and Privacy Controls for Federal Information Systems and Organizations, National Institute of Standards and Technology, April 2013 (Includes updates as of 01-15-2014). Available at http://dx.doi.org/10.6028/NIST.SP.800-53r4.

Terms (1)

Term Name Abbreviations Definition
Null Term Null Just a spreadsheet test.
Also available as XML or JSON