NIEF Minimal Set of Security Controls for Systems with a MODERATE-MODERATE-MODERATE Risk Profile, v1.0
Minimal profile of security controls from NIST Special Publication 800-53 r4 for systems that need to operate at a MODERATE-MODERATE-MODERATE impact level, as recommended by NIEF. Pertains to systems that operate at MODERATE confidentiality, MODERATE integrity, and MODERATE availability. Includes only those applicable security controls from NIST SP 800-53 r4 that have been marked by NIST as Priority P1. Incorporates security control downgrading guidance, as appropriate, based on recommendations on page 35 of NIST SP 800-53 r4.
| Identifier | https://trustmark.nief.org/tpat/tips/nief-minimal-set-of-security-controls-for-systems-with-a-moderate-moderate-moderate-risk-profile/1.0/ | ||||
| Publication Date | 2021-08-27 | ||||
| Issuing Organization |
NIEF (https://nief.org/)
View Contact
|
||||
| Keywords | 800-53, MODERATE-MODERATE-MODERATE, Minimal, NIST, NIEF, Security | ||||
| Legal Notice | This document and the information contained herein is provided on an "AS IS" basis, and NIEF disclaims all warranties, express or implied, including but not limited to any warranty that the use of the information herein will not infringe any rights or any implied warranties or merchantability or fitness for a particular purpose. In addition, NIEF disclaims legal liability for any loss incurred as a result of the use or reliance on the document or the information contained herein. |
Loading...
Trust Expression:
TIP_ref1 and TIP_ref2 and TIP_ref3 and TIP_ref4 and TIP_ref5 and TIP_ref6 and TIP_ref7 and TIP_ref8 and TIP_ref9 and TIP_ref10 and TIP_ref11 and TIP_ref12 and TIP_ref13 and TIP_ref14 and TIP_ref15 and TIP_ref16 and TIP_ref17 and TIP_ref18 and TIP_ref19 and TIP_ref20 and TIP_ref21 and TIP_ref22 and TIP_ref23 and TIP_ref24 and TIP_ref25 and TIP_ref26 and TIP_ref27 and TIP_ref28 and TIP_ref29 and TIP_ref30 and TIP_ref31 and TIP_ref32 and TIP_ref33 and TIP_ref34 and TIP_ref35 and TIP_ref36 and TIP_ref37 and TIP_ref38 and TIP_ref39 and TIP_ref40 and TIP_ref41 and TIP_ref42 and TIP_ref43 and TIP_ref44 and TIP_ref45 and TIP_ref46 and TIP_ref47 and TIP_ref48 and TIP_ref49 and TIP_ref50 and TIP_ref51 and TIP_ref52 and TIP_ref53 and TIP_ref54 and TIP_ref55 and TIP_ref56 and TIP_ref57 and TIP_ref58 and TIP_ref59 and TIP_ref60 and TIP_ref61 and TIP_ref62 and TIP_ref63 and TIP_ref64 and TIP_ref65 and TIP_ref66 and TIP_ref67 and TIP_ref68 and TIP_ref69 and TIP_ref70 and TIP_ref71 and TIP_ref72 and TIP_ref73 and TIP_ref74 and TIP_ref75 and TIP_ref76 and TIP_ref77 and TIP_ref78 and TIP_ref79 and TIP_ref80 and TIP_ref81 and TIP_ref82 and TIP_ref83 and TIP_ref84 and TIP_ref85 and TIP_ref86 and TIP_ref87 and TIP_ref88 and TIP_ref89 and TIP_ref90 and TIP_ref91 and TIP_ref92 and TIP_ref93 and TIP_ref94 and TIP_ref95 and TIP_ref96 and TIP_ref97 and TIP_ref98 and TIP_ref99 and TIP_ref100 and TIP_ref101 and TIP_ref102 and TIP_ref103 and TIP_ref104 and TIP_ref105 and TIP_ref106 and TIP_ref107 and TIP_ref108 and TIP_ref109 and TIP_ref110 and TIP_ref111 and TIP_ref112 and TIP_ref113 and TIP_ref114 and TIP_ref115 and TIP_ref116 and TIP_ref117
References (117)
| TIP NIST SP 800-53 r4 Security Control AC-1: Access Control Policy and Procedures, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-1: Access Control Policy and Procedures. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref1 |
| TIP NIST SP 800-53 r4 Security Control AC-2: Account Management, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-2: Account Management. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref2 |
| TIP NIST SP 800-53 r4 Security Control AC-3: Access Enforcement, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-3: Access Enforcement. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref3 |
| TIP NIST SP 800-53 r4 Security Control AC-4: Information Flow Enforcement, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-4: Information Flow Enforcement. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref4 |
| TIP NIST SP 800-53 r4 Security Control AC-5: Separation of Duties, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-5: Separation of Duties. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref5 |
| TIP NIST SP 800-53 r4 Security Control AC-6: Least Privilege, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-6: Least Privilege. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref6 |
| TIP NIST SP 800-53 r4 Security Control AC-8: System Use Notification, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-8: System Use Notification. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref7 |
| TIP NIST SP 800-53 r4 Security Control AC-17: Remote Access, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-17: Remote Access. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref8 |
| TIP NIST SP 800-53 r4 Security Control AC-18: Wireless Access, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-18: Wireless Access. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref9 |
| TIP NIST SP 800-53 r4 Security Control AC-19: Access Control for Mobile Devices, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-19: Access Control for Mobile Devices. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref10 |
| TIP NIST SP 800-53 r4 Security Control AC-20: Use of External Information Systems, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AC-20: Use of External Information Systems. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref11 |
| TIP NIST SP 800-53 r4 Security Control AT-1: Security Awareness and Training Policy and Procedures, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AT-1: Security Awareness and Training Policy and Procedures. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref12 |
| TIP NIST SP 800-53 r4 Security Control AT-2: Security Awareness Training, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AT-2: Security Awareness Training. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref13 |
| TIP NIST SP 800-53 r4 Security Control AT-3: Role-Based Security Training, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AT-3: Role-Based Security Training. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref14 |
| TIP NIST SP 800-53 r4 Security Control AU-1: Audit and Accountability Policy and Procedures, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AU-1: Audit and Accountability Policy and Procedures. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref15 |
| TIP NIST SP 800-53 r4 Security Control AU-2: Audit Events, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AU-2: Audit Events. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref16 |
| TIP NIST SP 800-53 r4 Security Control AU-3: Content of Audit Records, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AU-3: Content of Audit Records. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref17 |
| TIP NIST SP 800-53 r4 Security Control AU-4: Audit Storage Capacity, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AU-4: Audit Storage Capacity. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref18 |
| TIP NIST SP 800-53 r4 Security Control AU-5: Response to Audit Processing Failures, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AU-5: Response to Audit Processing Failures. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref19 |
| TIP NIST SP 800-53 r4 Security Control AU-6: Audit Review, Analysis, and Reporting, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AU-6: Audit Review, Analysis, and Reporting. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref20 |
| TIP NIST SP 800-53 r4 Security Control AU-8: Time Stamps, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AU-8: Time Stamps. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref21 |
| TIP NIST SP 800-53 r4 Security Control AU-9: Protection of Audit Information, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AU-9: Protection of Audit Information. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref22 |
| TIP NIST SP 800-53 r4 Security Control AU-12: Audit Generation, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control AU-12: Audit Generation. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref23 |
| TIP NIST SP 800-53 r4 Security Control CA-1: Security Assessment and Authorization Policy and Procedures, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CA-1: Security Assessment and Authorization Policy and Procedures. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref24 |
| TIP NIST SP 800-53 r4 Security Control CA-3: System Interconnections, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CA-3: System Interconnections. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref25 |
| TIP NIST SP 800-53 r4 Security Control CM-1: Configuration Management Policy and Procedures, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-1: Configuration Management Policy and Procedures. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref26 |
| TIP NIST SP 800-53 r4 Security Control CM-2: Baseline Configuration, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-2: Baseline Configuration. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref27 |
| TIP NIST SP 800-53 r4 Security Control CM-3: Configuration Change Control, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-3: Configuration Change Control. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref28 |
| TIP NIST SP 800-53 r4 Security Control CM-5: Access Restrictions for Change, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-5: Access Restrictions for Change. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref29 |
| TIP NIST SP 800-53 r4 Security Control CM-6: Configuration Settings, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-6: Configuration Settings. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref30 |
| TIP NIST SP 800-53 r4 Security Control CM-7: Least Functionality, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-7: Least Functionality. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref31 |
| TIP NIST SP 800-53 r4 Security Control CM-8: Information System Component Inventory, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-8: Information System Component Inventory. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref32 |
| TIP NIST SP 800-53 r4 Security Control CM-9: Configuration Management Plan, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-9: Configuration Management Plan. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref33 |
| TIP NIST SP 800-53 r4 Security Control CM-11: User-Installed Software, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-11: User-Installed Software. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref34 |
| TIP NIST SP 800-53 r4 Security Control CP-1: Contingency Planning Policy and Procedures, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CP-1: Contingency Planning Policy and Procedures. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref35 |
| TIP NIST SP 800-53 r4 Security Control CP-2: Contingency Plan, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CP-2: Contingency Plan. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref36 |
| TIP NIST SP 800-53 r4 Security Control CP-6: Alternate Storage Site, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CP-6: Alternate Storage Site. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref37 |
| TIP NIST SP 800-53 r4 Security Control CP-7: Alternate Processing Site, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CP-7: Alternate Processing Site. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref38 |
| TIP NIST SP 800-53 r4 Security Control CP-8: Telecommunications Services, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CP-8: Telecommunications Services. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref39 |
| TIP NIST SP 800-53 r4 Security Control CP-9: Information System Backup, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CP-9: Information System Backup. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref40 |
| TIP NIST SP 800-53 r4 Security Control CP-10: Information System Recovery and Reconstitution, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CP-10: Information System Recovery and Reconstitution. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref41 |
| TIP NIST SP 800-53 r4 Security Control IA-1: Identification and Authentication Policy and Procedures, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control IA-1: Identification and Authentication Policy and Procedures. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref42 |
| TIP NIST SP 800-53 r4 Security Control IA-2: Identification and Authentication (Organizational Users), v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control IA-2: Identification and Authentication (Organizational Users). Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref43 |
| TIP NIST SP 800-53 r4 Security Control IA-3: Device Identification and Authentication, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control IA-3: Device Identification and Authentication. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref44 |
| TIP NIST SP 800-53 r4 Security Control IA-4: Identifier Management, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control IA-4: Identifier Management. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref45 |
| TIP NIST SP 800-53 r4 Security Control IA-5: Authenticator Management, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control IA-5: Authenticator Management. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref46 |
| TIP NIST SP 800-53 r4 Security Control IA-7: Cryptographic Module Authentication, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control IA-7: Cryptographic Module Authentication. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref47 |
| TIP NIST SP 800-53 r4 Security Control IA-8: Identification and Authentication (Non-Organizational Users), v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control IA-8: Identification and Authentication (Non-Organizational Users). Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref48 |
| TIP NIST SP 800-53 r4 Security Control IR-1: Incident Response Policy and Procedures, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control IR-1: Incident Response Policy and Procedures. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref49 |
| TIP NIST SP 800-53 r4 Security Control IR-4: Incident Handling, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control IR-4: Incident Handling. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref50 |
| TIP NIST SP 800-53 r4 Security Control IR-5: Incident Monitoring, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control IR-5: Incident Monitoring. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref51 |
| TIP NIST SP 800-53 r4 Security Control IR-6: Incident Reporting, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control IR-6: Incident Reporting. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref52 |
| TIP NIST SP 800-53 r4 Security Control IR-8: Incident Response Plan, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control IR-8: Incident Response Plan. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref53 |
| TIP NIST SP 800-53 r4 Security Control MA-1: System Maintenance Policy and Procedures, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control MA-1: System Maintenance Policy and Procedures. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref54 |
| TIP NIST SP 800-53 r4 Security Control MP-1: Media Protection Policy and Procedures, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control MP-1: Media Protection Policy and Procedures. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref55 |
| TIP NIST SP 800-53 r4 Security Control MP-2: Media Access, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control MP-2: Media Access. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref56 |
| TIP NIST SP 800-53 r4 Security Control MP-4: Media Storage, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control MP-4: Media Storage. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref57 |
| TIP NIST SP 800-53 r4 Security Control MP-5: Media Transport, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control MP-5: Media Transport. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref58 |
| TIP NIST SP 800-53 r4 Security Control MP-6: Media Sanitization, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control MP-6: Media Sanitization. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref59 |
| TIP NIST SP 800-53 r4 Security Control MP-7: Media Use, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control MP-7: Media Use. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref60 |
| TIP NIST SP 800-53 r4 Security Control PE-1: Physical and Environmental Protection Policy and Procedures, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control PE-1: Physical and Environmental Protection Policy and Procedures. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref61 |
| TIP NIST SP 800-53 r4 Security Control PE-2: Physical Access Authorizations, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control PE-2: Physical Access Authorizations. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref62 |
| TIP NIST SP 800-53 r4 Security Control PE-3: Physical Access Control, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control PE-3: Physical Access Control. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref63 |
| TIP NIST SP 800-53 r4 Security Control PE-4: Access Control for Transmission Medium, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control PE-4: Access Control for Transmission Medium. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref64 |
| TIP NIST SP 800-53 r4 Security Control PE-6: Monitoring Physical Access, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control PE-6: Monitoring Physical Access. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref65 |
| TIP NIST SP 800-53 r4 Security Control PE-9: Power Equipment and Cabling, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control PE-9: Power Equipment and Cabling. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref66 |
| TIP NIST SP 800-53 r4 Security Control PE-10: Emergency Shutoff, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control PE-10: Emergency Shutoff. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref67 |
| TIP NIST SP 800-53 r4 Security Control PE-11: Emergency Power, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control PE-11: Emergency Power. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref68 |
| TIP NIST SP 800-53 r4 Security Control PE-12: Emergency Lighting, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control PE-12: Emergency Lighting. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref69 |
| TIP NIST SP 800-53 r4 Security Control PE-13: Fire Protection, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control PE-13: Fire Protection. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref70 |
| TIP NIST SP 800-53 r4 Security Control PE-14: Temperature and Humidity Controls, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control PE-14: Temperature and Humidity Controls. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref71 |
| TIP NIST SP 800-53 r4 Security Control PE-15: Water Damage Protection, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control PE-15: Water Damage Protection. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref72 |
| TIP NIST SP 800-53 r4 Security Control PL-1: Security Planning Policy and Procedures, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control PL-1: Security Planning Policy and Procedures. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref73 |
| TIP NIST SP 800-53 r4 Security Control PL-2: System Security Plan, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control PL-2: System Security Plan. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref74 |
| TIP NIST SP 800-53 r4 Security Control PL-8: Information Security Architecture, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control PL-8: Information Security Architecture. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref75 |
| TIP NIST SP 800-53 r4 Security Control PS-1: Personnel Security Policy and Procedures, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control PS-1: Personnel Security Policy and Procedures. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref76 |
| TIP NIST SP 800-53 r4 Security Control PS-2: Position Risk Designation, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control PS-2: Position Risk Designation. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref77 |
| TIP NIST SP 800-53 r4 Security Control PS-3: Personnel Screening, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control PS-3: Personnel Screening. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref78 |
| TIP NIST SP 800-53 r4 Security Control PS-4: Personnel Termination, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control PS-4: Personnel Termination. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref79 |
| TIP NIST SP 800-53 r4 Security Control PS-7: Third-Party Personnel Security, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control PS-7: Third-Party Personnel Security. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref80 |
| TIP NIST SP 800-53 r4 Security Control RA-1: Risk Assessment Policy and Procedures, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control RA-1: Risk Assessment Policy and Procedures. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref81 |
| TIP NIST SP 800-53 r4 Security Control RA-2: Security Categorization, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control RA-2: Security Categorization. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref82 |
| TIP NIST SP 800-53 r4 Security Control RA-3: Risk Assessment, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control RA-3: Risk Assessment. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref83 |
| TIP NIST SP 800-53 r4 Security Control RA-5: Vulnerability Scanning, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control RA-5: Vulnerability Scanning. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref84 |
| TIP NIST SP 800-53 r4 Security Control SA-1: System and Services Acquisition Policy and Procedures, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SA-1: System and Services Acquisition Policy and Procedures. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref85 |
| TIP NIST SP 800-53 r4 Security Control SA-2: Allocation of Resources, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SA-2: Allocation of Resources. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref86 |
| TIP NIST SP 800-53 r4 Security Control SA-3: System Development Life Cycle, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SA-3: System Development Life Cycle. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref87 |
| TIP NIST SP 800-53 r4 Security Control SA-4: Acquisition Process, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SA-4: Acquisition Process. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref88 |
| TIP NIST SP 800-53 r4 Security Control SA-8: Security Engineering Principles, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SA-8: Security Engineering Principles. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref89 |
| TIP NIST SP 800-53 r4 Security Control SA-9: External Information System Services, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SA-9: External Information System Services. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref90 |
| TIP NIST SP 800-53 r4 Security Control SA-10: Developer Configuration Management, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SA-10: Developer Configuration Management. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref91 |
| TIP NIST SP 800-53 r4 Security Control SA-11: Developer Security Testing and Evaluation, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SA-11: Developer Security Testing and Evaluation. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref92 |
| TIP NIST SP 800-53 r4 Security Control SC-1: System and Communications Protection Policy and Procedures, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SC-1: System and Communications Protection Policy and Procedures. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref93 |
| TIP NIST SP 800-53 r4 Security Control SC-2: Application Partitioning, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SC-2: Application Partitioning. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref94 |
| TIP NIST SP 800-53 r4 Security Control SC-4: Information in Shared Resources, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SC-4: Information in Shared Resources. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref95 |
| TIP NIST SP 800-53 r4 Security Control SC-5: Denial of Service Protection, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SC-5: Denial of Service Protection. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref96 |
| TIP NIST SP 800-53 r4 Security Control SC-7: Boundary Protection, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SC-7: Boundary Protection. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref97 |
| TIP NIST SP 800-53 r4 Security Control SC-8: Transmission Confidentiality and Integrity, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SC-8: Transmission Confidentiality and Integrity. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref98 |
| TIP NIST SP 800-53 r4 Security Control SC-12: Cryptographic Key Establishment and Management, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SC-12: Cryptographic Key Establishment and Management. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref99 |
| TIP NIST SP 800-53 r4 Security Control SC-13: Cryptographic Protection, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SC-13: Cryptographic Protection. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref100 |
| TIP NIST SP 800-53 r4 Security Control SC-15: Collaborative Computing Devices, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SC-15: Collaborative Computing Devices. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref101 |
| TIP NIST SP 800-53 r4 Security Control SC-17: Public Key Infrastructure Certificates, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SC-17: Public Key Infrastructure Certificates. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref102 |
| TIP NIST SP 800-53 r4 Security Control SC-19: Voice Over Internet Protocol, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SC-19: Voice Over Internet Protocol. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref103 |
| TIP NIST SP 800-53 r4 Security Control SC-20: Secure Name / Address Resolution Service (Authoritative Source), v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SC-20: Secure Name / Address Resolution Service (Authoritative Source). Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref104 |
| TIP NIST SP 800-53 r4 Security Control SC-21: Secure Name / Address Resolution Service (Recursive or Caching Resolver), v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SC-21: Secure Name / Address Resolution Service (Recursive or Caching Resolver). Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref105 |
| TIP NIST SP 800-53 r4 Security Control SC-22: Architecture and Provisioning for Name / Address Resolution Service, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SC-22: Architecture and Provisioning for Name / Address Resolution Service. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref106 |
| TIP NIST SP 800-53 r4 Security Control SC-23: Session Authenticity, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SC-23: Session Authenticity. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref107 |
| TIP NIST SP 800-53 r4 Security Control SC-28: Protection of Information at Rest, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SC-28: Protection of Information at Rest. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref108 |
| TIP NIST SP 800-53 r4 Security Control SC-39: Process Isolation, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SC-39: Process Isolation. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref109 |
| TIP NIST SP 800-53 r4 Security Control SI-1: System and Information Integrity Policy and Procedures, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SI-1: System and Information Integrity Policy and Procedures. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref110 |
| TIP NIST SP 800-53 r4 Security Control SI-2: Flaw Remediation, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SI-2: Flaw Remediation. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref111 |
| TIP NIST SP 800-53 r4 Security Control SI-3: Malicious Code Protection, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SI-3: Malicious Code Protection. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref112 |
| TIP NIST SP 800-53 r4 Security Control SI-4: Information System Monitoring, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SI-4: Information System Monitoring. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref113 |
| TIP NIST SP 800-53 r4 Security Control SI-5: Security Alerts, Advisories, and Directives, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SI-5: Security Alerts, Advisories, and Directives. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_ref114 |
| TIP NIST SP 800-53 r4 Security Control SI-7: Software, Firmware, and Information Integrity, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SI-7: Software, Firmware, and Information Integrity. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref115 |
| TIP NIST SP 800-53 r4 Security Control SI-10: Information Input Validation, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SI-10: Information Input Validation. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref116 |
| TIP NIST SP 800-53 r4 Security Control SI-16: Memory Protection, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SI-16: Memory Protection. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_ref117 |
Sources (1)
| SP800-53R4 | NIST Special Publication 800-53 Revision 4, Security and Privacy Controls for Federal Information Systems and Organizations, National Institute of Standards and Technology, April 2013 (Includes updates as of 01-15-2014). Available at http://dx.doi.org/10.6028/NIST.SP.800-53r4. |
Terms (1)
| Term Name | Abbreviations | Definition |
|---|---|---|
| Null Term | Null | Just a spreadsheet test. |