Submit Search
Upload
NIST NVD REV 4 Security Controls Online Database Analysis
•
1 like
•
1,372 views
James W. De Rienzo
Follow
NIST SP 800-53 Revision 4 Security Controls Data Analysis
Read less
Read more
Data & Analytics
Report
Share
Report
Share
1 of 4
Download now
Download to read offline
Recommended
Map Critical Security Controls (CSC) v5.0 to NIST SP 800-53 Revision 4 (Summa...
Map Critical Security Controls (CSC) v5.0 to NIST SP 800-53 Revision 4 (Summa...
James W. De Rienzo
Rmf step-3-control-selection-nist-sp-800-53r4
Rmf step-3-control-selection-nist-sp-800-53r4
James W. De Rienzo
(1a) map csc 5 to nist sp 800 53 rev 4 (security control table portrait) 2014...
(1a) map csc 5 to nist sp 800 53 rev 4 (security control table portrait) 2014...
James W. De Rienzo
(2) map csc 5 to nist sp 800 53 rev 4 (controls & enhancements) 20140804
(2) map csc 5 to nist sp 800 53 rev 4 (controls & enhancements) 20140804
James W. De Rienzo
(1b) Map CSC v5.0 to NIST SP 800 53 Revision 4 (security control table landsc...
(1b) Map CSC v5.0 to NIST SP 800 53 Revision 4 (security control table landsc...
James W. De Rienzo
Critical Security Controls v4 1 Mapped to NIST SP 800-53 Rev.4-final r6a
Critical Security Controls v4 1 Mapped to NIST SP 800-53 Rev.4-final r6a
James W. De Rienzo
Tala Tek NIST_rev4-final
Tala Tek NIST_rev4-final
Baan
Risk Presentation (2)
Risk Presentation (2)
Kathy_67
Recommended
Map Critical Security Controls (CSC) v5.0 to NIST SP 800-53 Revision 4 (Summa...
Map Critical Security Controls (CSC) v5.0 to NIST SP 800-53 Revision 4 (Summa...
James W. De Rienzo
Rmf step-3-control-selection-nist-sp-800-53r4
Rmf step-3-control-selection-nist-sp-800-53r4
James W. De Rienzo
(1a) map csc 5 to nist sp 800 53 rev 4 (security control table portrait) 2014...
(1a) map csc 5 to nist sp 800 53 rev 4 (security control table portrait) 2014...
James W. De Rienzo
(2) map csc 5 to nist sp 800 53 rev 4 (controls & enhancements) 20140804
(2) map csc 5 to nist sp 800 53 rev 4 (controls & enhancements) 20140804
James W. De Rienzo
(1b) Map CSC v5.0 to NIST SP 800 53 Revision 4 (security control table landsc...
(1b) Map CSC v5.0 to NIST SP 800 53 Revision 4 (security control table landsc...
James W. De Rienzo
Critical Security Controls v4 1 Mapped to NIST SP 800-53 Rev.4-final r6a
Critical Security Controls v4 1 Mapped to NIST SP 800-53 Rev.4-final r6a
James W. De Rienzo
Tala Tek NIST_rev4-final
Tala Tek NIST_rev4-final
Baan
Risk Presentation (2)
Risk Presentation (2)
Kathy_67
When is a SIL Rating of a Valve Required?
When is a SIL Rating of a Valve Required?
ISA Interchange
35958867 safety-instrumented-systems
35958867 safety-instrumented-systems
Mowaten Masry
Edwards Signaling E-FSA64RD Installation Manual
Edwards Signaling E-FSA64RD Installation Manual
JMAC Supply
DefCon_2015_Slides_Krotofil_Larsen
DefCon_2015_Slides_Krotofil_Larsen
Marina Krotofil
55419663 burner-management-system
55419663 burner-management-system
Mowaten Masry
Scada Security & Penetration Testing
Scada Security & Penetration Testing
Ahmed Sherif
Sil 1 (1)1
Sil 1 (1)1
Affan Sadiq MIChemE CEng
"Man-in-the-SCADA": Anatomy of Data Integrity Attacks in Industrial Control S...
"Man-in-the-SCADA": Anatomy of Data Integrity Attacks in Industrial Control S...
Marina Krotofil
71364263 voting-logic-sil-calculation
71364263 voting-logic-sil-calculation
Mowaten Masry
Functional Safety (SIL) in the Subsea and Drilling Industry
Functional Safety (SIL) in the Subsea and Drilling Industry
Lloyd's Register Energy
Sil presentation
Sil presentation
Valeriano Barrilà
SCADA Presentation
SCADA Presentation
Eric Favetta
BTS Key Mgt
BTS Key Mgt
Mahmudul Hassan
SIL in de praktjk (functional Safety)
SIL in de praktjk (functional Safety)
ie-net ingenieursvereniging vzw
Industrial Sales Presentation
Industrial Sales Presentation
ExpertsLogicTechnolo
MKAD_black_V2
MKAD_black_V2
Marina Krotofil
Scada Industrial Control Systems Penetration Testing
Scada Industrial Control Systems Penetration Testing
Yehia Mamdouh
SIS “Final Element” Diagnostics Including The SOV, Using A Digital Valve Cont...
SIS “Final Element” Diagnostics Including The SOV, Using A Digital Valve Cont...
Emerson Exchange
BlackHat_2015_Slides_Krotofil_FINAL
BlackHat_2015_Slides_Krotofil_FINAL
Marina Krotofil
presentation_sas2016_V3
presentation_sas2016_V3
Marina Krotofil
(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804
(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804
James W. De Rienzo
NIST Policy Mapped to 800-53-800-53A-controls-and-objectives (Legal Size)
NIST Policy Mapped to 800-53-800-53A-controls-and-objectives (Legal Size)
James W. De Rienzo
More Related Content
What's hot
When is a SIL Rating of a Valve Required?
When is a SIL Rating of a Valve Required?
ISA Interchange
35958867 safety-instrumented-systems
35958867 safety-instrumented-systems
Mowaten Masry
Edwards Signaling E-FSA64RD Installation Manual
Edwards Signaling E-FSA64RD Installation Manual
JMAC Supply
DefCon_2015_Slides_Krotofil_Larsen
DefCon_2015_Slides_Krotofil_Larsen
Marina Krotofil
55419663 burner-management-system
55419663 burner-management-system
Mowaten Masry
Scada Security & Penetration Testing
Scada Security & Penetration Testing
Ahmed Sherif
Sil 1 (1)1
Sil 1 (1)1
Affan Sadiq MIChemE CEng
"Man-in-the-SCADA": Anatomy of Data Integrity Attacks in Industrial Control S...
"Man-in-the-SCADA": Anatomy of Data Integrity Attacks in Industrial Control S...
Marina Krotofil
71364263 voting-logic-sil-calculation
71364263 voting-logic-sil-calculation
Mowaten Masry
Functional Safety (SIL) in the Subsea and Drilling Industry
Functional Safety (SIL) in the Subsea and Drilling Industry
Lloyd's Register Energy
Sil presentation
Sil presentation
Valeriano Barrilà
SCADA Presentation
SCADA Presentation
Eric Favetta
BTS Key Mgt
BTS Key Mgt
Mahmudul Hassan
SIL in de praktjk (functional Safety)
SIL in de praktjk (functional Safety)
ie-net ingenieursvereniging vzw
Industrial Sales Presentation
Industrial Sales Presentation
ExpertsLogicTechnolo
MKAD_black_V2
MKAD_black_V2
Marina Krotofil
Scada Industrial Control Systems Penetration Testing
Scada Industrial Control Systems Penetration Testing
Yehia Mamdouh
SIS “Final Element” Diagnostics Including The SOV, Using A Digital Valve Cont...
SIS “Final Element” Diagnostics Including The SOV, Using A Digital Valve Cont...
Emerson Exchange
BlackHat_2015_Slides_Krotofil_FINAL
BlackHat_2015_Slides_Krotofil_FINAL
Marina Krotofil
presentation_sas2016_V3
presentation_sas2016_V3
Marina Krotofil
What's hot
(20)
When is a SIL Rating of a Valve Required?
When is a SIL Rating of a Valve Required?
35958867 safety-instrumented-systems
35958867 safety-instrumented-systems
Edwards Signaling E-FSA64RD Installation Manual
Edwards Signaling E-FSA64RD Installation Manual
DefCon_2015_Slides_Krotofil_Larsen
DefCon_2015_Slides_Krotofil_Larsen
55419663 burner-management-system
55419663 burner-management-system
Scada Security & Penetration Testing
Scada Security & Penetration Testing
Sil 1 (1)1
Sil 1 (1)1
"Man-in-the-SCADA": Anatomy of Data Integrity Attacks in Industrial Control S...
"Man-in-the-SCADA": Anatomy of Data Integrity Attacks in Industrial Control S...
71364263 voting-logic-sil-calculation
71364263 voting-logic-sil-calculation
Functional Safety (SIL) in the Subsea and Drilling Industry
Functional Safety (SIL) in the Subsea and Drilling Industry
Sil presentation
Sil presentation
SCADA Presentation
SCADA Presentation
BTS Key Mgt
BTS Key Mgt
SIL in de praktjk (functional Safety)
SIL in de praktjk (functional Safety)
Industrial Sales Presentation
Industrial Sales Presentation
MKAD_black_V2
MKAD_black_V2
Scada Industrial Control Systems Penetration Testing
Scada Industrial Control Systems Penetration Testing
SIS “Final Element” Diagnostics Including The SOV, Using A Digital Valve Cont...
SIS “Final Element” Diagnostics Including The SOV, Using A Digital Valve Cont...
BlackHat_2015_Slides_Krotofil_FINAL
BlackHat_2015_Slides_Krotofil_FINAL
presentation_sas2016_V3
presentation_sas2016_V3
Viewers also liked
(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804
(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804
James W. De Rienzo
NIST Policy Mapped to 800-53-800-53A-controls-and-objectives (Legal Size)
NIST Policy Mapped to 800-53-800-53A-controls-and-objectives (Legal Size)
James W. De Rienzo
RMF Step 4: ASSESS (NIST SP 800-53A Rev.1)
RMF Step 4: ASSESS (NIST SP 800-53A Rev.1)
James W. De Rienzo
Policy. FedRAMP Security Assessment Plan (SAP) Template, Policy and Procedure...
Policy. FedRAMP Security Assessment Plan (SAP) Template, Policy and Procedure...
James W. De Rienzo
L'uso dei Social Media tra i Giuristi d'Impresa
L'uso dei Social Media tra i Giuristi d'Impresa
Segretaria24.it (Deutsche Bureau AG)
Program za cjeloživotno učenje Comenius
Program za cjeloživotno učenje Comenius
Pogled kroz prozor
Insight Appstore Optimization - Matthaus Michalik, AKM3
Insight Appstore Optimization - Matthaus Michalik, AKM3
DroidConTLV
Mantenimiento de hardware
Mantenimiento de hardware
Jimer Velasquez
Tenerife abp equipos directivos_septiembre2016_desktop
Tenerife abp equipos directivos_septiembre2016_desktop
CEPTENERIFESUR
Kids consult!
Kids consult!
consultkids
FiberCorp -Sebastián Borghello
FiberCorp -Sebastián Borghello
Eventos_PrinceCooke
Smc Zee 18july09
Smc Zee 18july09
Harsh Arun
Promendoza em binos_china2011
Promendoza em binos_china2011
Barby Del Pópolo
Repositorio de imagenes imageshack
Repositorio de imagenes imageshack
feditic
Programa Ponencias 28-09-2012
Programa Ponencias 28-09-2012
SEEIC Sociedad Española Electromedicina e Ingenieria Clinica
Revista ContactForum No. 56 Edición Noviembre - Diciembre, Personalidades de ...
Revista ContactForum No. 56 Edición Noviembre - Diciembre, Personalidades de ...
SICREA Autofinanciamiento NISSAN
Presentación la caixa jornada de financiación 14 nov 2011
Presentación la caixa jornada de financiación 14 nov 2011
FIAB
Ventajas de Mudar un Software 2D al 3D
Ventajas de Mudar un Software 2D al 3D
Intelligy
ITS 2013 Smart Truck Parking
ITS 2013 Smart Truck Parking
Christian McCarrick
Anales vol 27 2014
Anales vol 27 2014
RACVAO
Viewers also liked
(20)
(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804
(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804
NIST Policy Mapped to 800-53-800-53A-controls-and-objectives (Legal Size)
NIST Policy Mapped to 800-53-800-53A-controls-and-objectives (Legal Size)
RMF Step 4: ASSESS (NIST SP 800-53A Rev.1)
RMF Step 4: ASSESS (NIST SP 800-53A Rev.1)
Policy. FedRAMP Security Assessment Plan (SAP) Template, Policy and Procedure...
Policy. FedRAMP Security Assessment Plan (SAP) Template, Policy and Procedure...
L'uso dei Social Media tra i Giuristi d'Impresa
L'uso dei Social Media tra i Giuristi d'Impresa
Program za cjeloživotno učenje Comenius
Program za cjeloživotno učenje Comenius
Insight Appstore Optimization - Matthaus Michalik, AKM3
Insight Appstore Optimization - Matthaus Michalik, AKM3
Mantenimiento de hardware
Mantenimiento de hardware
Tenerife abp equipos directivos_septiembre2016_desktop
Tenerife abp equipos directivos_septiembre2016_desktop
Kids consult!
Kids consult!
FiberCorp -Sebastián Borghello
FiberCorp -Sebastián Borghello
Smc Zee 18july09
Smc Zee 18july09
Promendoza em binos_china2011
Promendoza em binos_china2011
Repositorio de imagenes imageshack
Repositorio de imagenes imageshack
Programa Ponencias 28-09-2012
Programa Ponencias 28-09-2012
Revista ContactForum No. 56 Edición Noviembre - Diciembre, Personalidades de ...
Revista ContactForum No. 56 Edición Noviembre - Diciembre, Personalidades de ...
Presentación la caixa jornada de financiación 14 nov 2011
Presentación la caixa jornada de financiación 14 nov 2011
Ventajas de Mudar un Software 2D al 3D
Ventajas de Mudar un Software 2D al 3D
ITS 2013 Smart Truck Parking
ITS 2013 Smart Truck Parking
Anales vol 27 2014
Anales vol 27 2014
Similar to NIST NVD REV 4 Security Controls Online Database Analysis
I phone 5 full Schematic Diagram 820 3141-b
I phone 5 full Schematic Diagram 820 3141-b
diyfix phone
Fmea
Fmea
varadharajan nvaradharajan1971
Automated FMECA Technology for Tomorrow
Automated FMECA Technology for Tomorrow
Mads Grahl-Madsen
H2O World - PAAS: Predictive Analytics offered as a Service - Prateem Mandal
H2O World - PAAS: Predictive Analytics offered as a Service - Prateem Mandal
Sri Ambati
CSA CCM V3.0CLOUD CONTROLS MATRIX VERSION 3.0Control DomainCCM V3..docx
CSA CCM V3.0CLOUD CONTROLS MATRIX VERSION 3.0Control DomainCCM V3..docx
mydrynan
10004455533
10004455533
Oscar Daniel González Aguirre
pdfcoffee.com_otis-gen-2-regen-baa21000h-plano-7-pdf-free (1).pptx
pdfcoffee.com_otis-gen-2-regen-baa21000h-plano-7-pdf-free (1).pptx
GustavoJesus32
Dual Purpose Generator Set Maintenance Manual
Dual Purpose Generator Set Maintenance Manual
Rimsky Cheng
SmartZone 5.0
SmartZone 5.0
Joseph Auby
SUZUKI G.VITARA AT.pdf
SUZUKI G.VITARA AT.pdf
Miguel Angel Sejas Villarroel
15 - Introduction to Optimization Tools Rev A.ppt
15 - Introduction to Optimization Tools Rev A.ppt
MohamedShabana37
ECS H77H2-M4 rA.pptx
ECS H77H2-M4 rA.pptx
ssusercda6b5
Presentation on SAP Data
Presentation on SAP Data
Pavan Ajmera
UENR4505-00.pdf
UENR4505-00.pdf
thang tong
CSA CCM V3.0.1 CLOUD CONTROLS MATRIX VERSION 3.0.1Control DomainC.docx
CSA CCM V3.0.1 CLOUD CONTROLS MATRIX VERSION 3.0.1Control DomainC.docx
mydrynan
Diagnóstico y programación de mercedes benz
Diagnóstico y programación de mercedes benz
absolute scan
merged
merged
Muhammad Sarfraz
2015 IES LESSONS LEARNED PRESENTATION 2015-10-10
2015 IES LESSONS LEARNED PRESENTATION 2015-10-10
Carl S. Johnson II - ACE
JCB 540-140 TBA Telescopic Handler Service Repair Manual.pdf
JCB 540-140 TBA Telescopic Handler Service Repair Manual.pdf
fujskekdmmd3e
JCB 540-200 TBA Telescopic Handler Service Repair Manual.pdf
JCB 540-200 TBA Telescopic Handler Service Repair Manual.pdf
djkkskmmmdm
Similar to NIST NVD REV 4 Security Controls Online Database Analysis
(20)
I phone 5 full Schematic Diagram 820 3141-b
I phone 5 full Schematic Diagram 820 3141-b
Fmea
Fmea
Automated FMECA Technology for Tomorrow
Automated FMECA Technology for Tomorrow
H2O World - PAAS: Predictive Analytics offered as a Service - Prateem Mandal
H2O World - PAAS: Predictive Analytics offered as a Service - Prateem Mandal
CSA CCM V3.0CLOUD CONTROLS MATRIX VERSION 3.0Control DomainCCM V3..docx
CSA CCM V3.0CLOUD CONTROLS MATRIX VERSION 3.0Control DomainCCM V3..docx
10004455533
10004455533
pdfcoffee.com_otis-gen-2-regen-baa21000h-plano-7-pdf-free (1).pptx
pdfcoffee.com_otis-gen-2-regen-baa21000h-plano-7-pdf-free (1).pptx
Dual Purpose Generator Set Maintenance Manual
Dual Purpose Generator Set Maintenance Manual
SmartZone 5.0
SmartZone 5.0
SUZUKI G.VITARA AT.pdf
SUZUKI G.VITARA AT.pdf
15 - Introduction to Optimization Tools Rev A.ppt
15 - Introduction to Optimization Tools Rev A.ppt
ECS H77H2-M4 rA.pptx
ECS H77H2-M4 rA.pptx
Presentation on SAP Data
Presentation on SAP Data
UENR4505-00.pdf
UENR4505-00.pdf
CSA CCM V3.0.1 CLOUD CONTROLS MATRIX VERSION 3.0.1Control DomainC.docx
CSA CCM V3.0.1 CLOUD CONTROLS MATRIX VERSION 3.0.1Control DomainC.docx
Diagnóstico y programación de mercedes benz
Diagnóstico y programación de mercedes benz
merged
merged
2015 IES LESSONS LEARNED PRESENTATION 2015-10-10
2015 IES LESSONS LEARNED PRESENTATION 2015-10-10
JCB 540-140 TBA Telescopic Handler Service Repair Manual.pdf
JCB 540-140 TBA Telescopic Handler Service Repair Manual.pdf
JCB 540-200 TBA Telescopic Handler Service Repair Manual.pdf
JCB 540-200 TBA Telescopic Handler Service Repair Manual.pdf
More from James W. De Rienzo
Nist sp 800_r5_baselines_&_attributes
Nist sp 800_r5_baselines_&_attributes
James W. De Rienzo
NIST CSD Cybersecurity Publications 20160417
NIST CSD Cybersecurity Publications 20160417
James W. De Rienzo
FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...
FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...
James W. De Rienzo
Job aid framework-for-improving-critical-infrastructure-cybersecurity-core-jwd
Job aid framework-for-improving-critical-infrastructure-cybersecurity-core-jwd
James W. De Rienzo
Risk Management Framework (RMF) STEP 4- Access Security Controls - NIST SP 80...
Risk Management Framework (RMF) STEP 4- Access Security Controls - NIST SP 80...
James W. De Rienzo
SEI CERT Podcast Series
SEI CERT Podcast Series
James W. De Rienzo
CNDSP Assessment Template
CNDSP Assessment Template
James W. De Rienzo
(3) Map Council on CyberSecurity's Critical Security Controls (CSC) Version 5...
(3) Map Council on CyberSecurity's Critical Security Controls (CSC) Version 5...
James W. De Rienzo
Information Security Fundamentals
Information Security Fundamentals
James W. De Rienzo
Information Assurance, A DISA CCRI Conceptual Framework
Information Assurance, A DISA CCRI Conceptual Framework
James W. De Rienzo
Information System Sensitivity Level Impact Assessment (NIST SP 800-60v2r1)
Information System Sensitivity Level Impact Assessment (NIST SP 800-60v2r1)
James W. De Rienzo
NIST SP 800 30 Flow Chart
NIST SP 800 30 Flow Chart
James W. De Rienzo
RMF STEP 2: SELECT (NIST 800-53 Rev. 3 Controls, Enhancements and Supplementa...
RMF STEP 2: SELECT (NIST 800-53 Rev. 3 Controls, Enhancements and Supplementa...
James W. De Rienzo
NIST Risk Management Framework (RMF)
NIST Risk Management Framework (RMF)
James W. De Rienzo
VDI and Application Virtualization
VDI and Application Virtualization
James W. De Rienzo
More from James W. De Rienzo
(15)
Nist sp 800_r5_baselines_&_attributes
Nist sp 800_r5_baselines_&_attributes
NIST CSD Cybersecurity Publications 20160417
NIST CSD Cybersecurity Publications 20160417
FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...
FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...
Job aid framework-for-improving-critical-infrastructure-cybersecurity-core-jwd
Job aid framework-for-improving-critical-infrastructure-cybersecurity-core-jwd
Risk Management Framework (RMF) STEP 4- Access Security Controls - NIST SP 80...
Risk Management Framework (RMF) STEP 4- Access Security Controls - NIST SP 80...
SEI CERT Podcast Series
SEI CERT Podcast Series
CNDSP Assessment Template
CNDSP Assessment Template
(3) Map Council on CyberSecurity's Critical Security Controls (CSC) Version 5...
(3) Map Council on CyberSecurity's Critical Security Controls (CSC) Version 5...
Information Security Fundamentals
Information Security Fundamentals
Information Assurance, A DISA CCRI Conceptual Framework
Information Assurance, A DISA CCRI Conceptual Framework
Information System Sensitivity Level Impact Assessment (NIST SP 800-60v2r1)
Information System Sensitivity Level Impact Assessment (NIST SP 800-60v2r1)
NIST SP 800 30 Flow Chart
NIST SP 800 30 Flow Chart
RMF STEP 2: SELECT (NIST 800-53 Rev. 3 Controls, Enhancements and Supplementa...
RMF STEP 2: SELECT (NIST 800-53 Rev. 3 Controls, Enhancements and Supplementa...
NIST Risk Management Framework (RMF)
NIST Risk Management Framework (RMF)
VDI and Application Virtualization
VDI and Application Virtualization
Recently uploaded
Introduction-to-Machine-Learning (1).pptx
Introduction-to-Machine-Learning (1).pptx
firstjob4
(PARI) Call Girls Wanowrie ( 7001035870 ) HI-Fi Pune Escorts Service
(PARI) Call Girls Wanowrie ( 7001035870 ) HI-Fi Pune Escorts Service
ranjana rawat
RA-11058_IRR-COMPRESS Do 198 series of 1998
RA-11058_IRR-COMPRESS Do 198 series of 1998
YohFuh
Dubai Call Girls Wifey O52&786472 Call Girls Dubai
Dubai Call Girls Wifey O52&786472 Call Girls Dubai
hf8803863
Week-01-2.ppt BBB human Computer interaction
Week-01-2.ppt BBB human Computer interaction
fulawalesam
Ravak dropshipping via API with DroFx.pptx
Ravak dropshipping via API with DroFx.pptx
olyaivanovalion
Market Analysis in the 5 Largest Economic Countries in Southeast Asia.pdf
Market Analysis in the 5 Largest Economic Countries in Southeast Asia.pdf
Rachmat Ramadhan H
BigBuy dropshipping via API with DroFx.pptx
BigBuy dropshipping via API with DroFx.pptx
olyaivanovalion
dokumen.tips_chapter-4-transient-heat-conduction-mehmet-kanoglu.ppt
dokumen.tips_chapter-4-transient-heat-conduction-mehmet-kanoglu.ppt
Sonatrach
Midocean dropshipping via API with DroFx
Midocean dropshipping via API with DroFx
olyaivanovalion
Log Analysis using OSSEC sasoasasasas.pptx
Log Analysis using OSSEC sasoasasasas.pptx
JohnnyPlasten
Call Girls In Mahipalpur O9654467111 Escorts Service
Call Girls In Mahipalpur O9654467111 Escorts Service
Sapana Sha
100-Concepts-of-AI by Anupama Kate .pptx
100-Concepts-of-AI by Anupama Kate .pptx
Anupama Kate
FESE Capital Markets Fact Sheet 2024 Q1.pdf
FESE Capital Markets Fact Sheet 2024 Q1.pdf
MarinCaroMartnezBerg
E-Commerce Order PredictionShraddha Kamble.pptx
E-Commerce Order PredictionShraddha Kamble.pptx
Boston Institute of Analytics
Al Barsha Escorts $#$ O565212860 $#$ Escort Service In Al Barsha
Al Barsha Escorts $#$ O565212860 $#$ Escort Service In Al Barsha
AroojKhan71
Kantar AI Summit- Under Embargo till Wednesday, 24th April 2024, 4 PM, IST.pdf
Kantar AI Summit- Under Embargo till Wednesday, 24th April 2024, 4 PM, IST.pdf
Social Samosa
VIP Call Girls Service Charbagh { Lucknow Call Girls Service 9548273370 } Boo...
VIP Call Girls Service Charbagh { Lucknow Call Girls Service 9548273370 } Boo...
Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure
定制英国白金汉大学毕业证(UCB毕业证书) 成绩单原版一比一
定制英国白金汉大学毕业证(UCB毕业证书) 成绩单原版一比一
ffjhghh
Schema on read is obsolete. Welcome metaprogramming..pdf
Schema on read is obsolete. Welcome metaprogramming..pdf
Lars Albertsson
Recently uploaded
(20)
Introduction-to-Machine-Learning (1).pptx
Introduction-to-Machine-Learning (1).pptx
(PARI) Call Girls Wanowrie ( 7001035870 ) HI-Fi Pune Escorts Service
(PARI) Call Girls Wanowrie ( 7001035870 ) HI-Fi Pune Escorts Service
RA-11058_IRR-COMPRESS Do 198 series of 1998
RA-11058_IRR-COMPRESS Do 198 series of 1998
Dubai Call Girls Wifey O52&786472 Call Girls Dubai
Dubai Call Girls Wifey O52&786472 Call Girls Dubai
Week-01-2.ppt BBB human Computer interaction
Week-01-2.ppt BBB human Computer interaction
Ravak dropshipping via API with DroFx.pptx
Ravak dropshipping via API with DroFx.pptx
Market Analysis in the 5 Largest Economic Countries in Southeast Asia.pdf
Market Analysis in the 5 Largest Economic Countries in Southeast Asia.pdf
BigBuy dropshipping via API with DroFx.pptx
BigBuy dropshipping via API with DroFx.pptx
dokumen.tips_chapter-4-transient-heat-conduction-mehmet-kanoglu.ppt
dokumen.tips_chapter-4-transient-heat-conduction-mehmet-kanoglu.ppt
Midocean dropshipping via API with DroFx
Midocean dropshipping via API with DroFx
Log Analysis using OSSEC sasoasasasas.pptx
Log Analysis using OSSEC sasoasasasas.pptx
Call Girls In Mahipalpur O9654467111 Escorts Service
Call Girls In Mahipalpur O9654467111 Escorts Service
100-Concepts-of-AI by Anupama Kate .pptx
100-Concepts-of-AI by Anupama Kate .pptx
FESE Capital Markets Fact Sheet 2024 Q1.pdf
FESE Capital Markets Fact Sheet 2024 Q1.pdf
E-Commerce Order PredictionShraddha Kamble.pptx
E-Commerce Order PredictionShraddha Kamble.pptx
Al Barsha Escorts $#$ O565212860 $#$ Escort Service In Al Barsha
Al Barsha Escorts $#$ O565212860 $#$ Escort Service In Al Barsha
Kantar AI Summit- Under Embargo till Wednesday, 24th April 2024, 4 PM, IST.pdf
Kantar AI Summit- Under Embargo till Wednesday, 24th April 2024, 4 PM, IST.pdf
VIP Call Girls Service Charbagh { Lucknow Call Girls Service 9548273370 } Boo...
VIP Call Girls Service Charbagh { Lucknow Call Girls Service 9548273370 } Boo...
定制英国白金汉大学毕业证(UCB毕业证书) 成绩单原版一比一
定制英国白金汉大学毕业证(UCB毕业证书) 成绩单原版一比一
Schema on read is obsolete. Welcome metaprogramming..pdf
Schema on read is obsolete. Welcome metaprogramming..pdf
NIST NVD REV 4 Security Controls Online Database Analysis
1.
NIST NVD 800
Rev4 Data Analysis Page 1 of 4 Priority 256 100% P3 12 4.7% P2 36 14.1% P1 122 47.7% 137 82 44 11 93 71 49 18 20 19 14 11 7 9 2 5 1 4 3 2 P0 54 21.1% Combined Count Control Count Enhance Count Level 1 Count Level 2 Count Level 3 Count Level 4 Count Level 5 Count Level 6 Count Level 7 Count Level 8 Count (blank) 32 12.5% 124 261 343 115 159 170 9 102 173 4 53 71 3 23 42 1 15 26 1 8 17 2 7 1 5 3 2 FAMILY ID SECURITY CONTROL TITLE P Low Mod High L M H L M H L M H L M H L M H L M H L M H L M H L M H L M H L M H AC AC-1 ACCESS CONTROL POLICY AND PROCEDURES P1 AC-1 AC-1 AC-1 1 1 1 1 1 1 AC AC-2 ACCOUNT MANAGEMENT P1 AC-2 AC-2 (1) (2) (3) (4) AC-2 (1) (2) (3) (4) (5) (11) (12) (13) 1 5 9 1 1 1 4 8 (1) (1) (2) (2) (3) (3) (4) (4) (5) (11) (12) (13) AC AC-3 ACCESS ENFORCEMENT P1 AC-3 AC-3 AC-3 1 1 1 1 1 1 AC AC-4 INFORMATION FLOW ENFORCEMENT P1 AC-4 AC-4 1 1 1 1 AC AC-5 SEPARATION OF DUTIES P1 AC-5 AC-5 1 1 1 1 AC AC-6 LEAST PRIVILEGE P1 AC-6 (1) (2) (5) (9) (10) AC-6 (1) (2) (3) (5) (9) (10) 6 7 1 1 5 6 (1) (1) (2) (2) (5) (3) (9) (5) (10) (9) (10) AC AC-7 UNSUCCESSFUL LOGON ATTEMPTS P2 AC-7 AC-7 AC-7 1 1 1 1 1 1 AC AC-8 SYSTEM USE NOTIFICATION P1 AC-8 AC-8 AC-8 1 1 1 1 1 1 AC AC-9 PREVIOUS LOGON (ACCESS) NOTIFICATION P0 AC AC-10 CONCURRENT SESSION CONTROL P3 AC-10 1 1 AC AC-11 SESSION LOCK P3 AC-11 (1) AC-11 (1) 2 2 1 1 1 1 (1) (1) AC AC-12 SESSION TERMINATION P2 AC-12 AC-12 1 1 1 1 AC AC-13 SUPERVISION AND REVIEW - ACCESS CONTROL (blank) AC AC-14 PERMITTED ACTIONS WITHOUT IDENTIFICATION OR AUTHENTICATION P3 AC-14 AC-14 AC-14 1 1 1 1 1 1 AC AC-15 AUTOMATED MARKING (blank) AC AC-16 SECURITY ATTRIBUTES P0 AC AC-17 REMOTE ACCESS P1 AC-17 AC-17 (1) (2) (3) (4) AC-17 (1) (2) (3) (4) 1 5 5 1 1 1 4 4 (1) (1) (2) (2) (3) (3) (4) (4) AC AC-18 WIRELESS ACCESS P1 AC-18 AC-18 (1) AC-18 (1) (4) (5) 1 2 4 1 1 1 1 3 (1) (1) (4) (5) AC AC-19 ACCESS CONTROL FOR MOBILE DEVICES P1 AC-19 AC-19 (5) AC-19 (5) 1 2 2 1 1 1 1 1 (5) (5) AC AC-20 USE OF EXTERNAL INFORMATION SYSTEMS P1 AC-20 AC-20 (1) (2) AC-20 (1) (2) 1 3 3 1 1 1 2 2 (1) (1) (2) (2) AC AC-21 INFORMATION SHARING P2 AC-21 AC-21 1 1 1 1 AC AC-22 PUBLICLY ACCESSIBLE CONTENT P3 AC-22 AC-22 AC-22 1 1 1 1 1 1 AC AC-23 DATA MINING PROTECTION P0 AC AC-24 ACCESS CONTROL DECISIONS P0 AC AC-25 REFERENCE MONITOR P0 AT AT-1 SECURITY AWARENESS AND TRAINING POLICY AND PROCEDURES P1 AT-1 AT-1 AT-1 1 1 1 1 1 1 AT AT-2 SECURITY AWARENESS TRAINING P1 AT-2 AT-2 (2) AT-2 (2) 1 2 2 1 1 1 1 1 (2) (2) AT AT-3 ROLE-BASED SECURITY TRAINING P1 AT-3 AT-3 AT-3 1 1 1 1 1 1 AT AT-4 SECURITY TRAINING RECORDS P3 AT-4 AT-4 AT-4 1 1 1 1 1 1 AT AT-5 CONTACTS WITH SECURITY GROUPS AND ASSOCIATIONS (blank) AU AU-1 AUDIT AND ACCOUNTABILITY POLICY AND PROCEDURES P1 AU-1 AU-1 AU-1 1 1 1 1 1 1 AU AU-2 AUDIT EVENTS P1 AU-2 AU-2 (3) AU-2 (3) 1 2 2 1 1 1 1 1 (3) (3) AU AU-3 CONTENT OF AUDIT RECORDS P1 AU-3 AU-3 (1) AU-3 (1) (2) 1 2 3 1 1 1 1 2 (1) (1) (2) AU AU-4 AUDIT STORAGE CAPACITY P1 AU-4 AU-4 AU-4 1 1 1 1 1 1 AU AU-5 RESPONSE TO AUDIT PROCESSING FAILURES P1 AU-5 AU-5 AU-5 (1) (2) 1 1 3 1 1 1 2 (1) (2) AU AU-6 AUDIT REVIEW, ANALYSIS, AND REPORTING P1 AU-6 AU-6 (1) (3) AU-6 (1) (3) (5) (6) 1 3 5 1 1 1 2 4 (1) (1) (3) (3) (5) (6) AU AU-7 AUDIT REDUCTION AND REPORT GENERATION P2 AU-7 (1) AU-7 (1) 2 2 1 1 1 1 (1) (1) AU AU-8 TIME STAMPS P1 AU-8 AU-8 (1) AU-8 (1) 1 2 2 1 1 1 1 1 (1) (1) AU AU-9 PROTECTION OF AUDIT INFORMATION P1 AU-9 AU-9 (4) AU-9 (2) (3) (4) 1 2 4 1 1 1 1 3 (4) (2) (3) (4) AU AU-10 NON-REPUDIATION P2 AU-10 1 1 AU AU-11 AUDIT RECORD RETENTION P3 AU-11 AU-11 AU-11 1 1 1 1 1 1 AU AU-12 AUDIT GENERATION P1 AU-12 AU-12 AU-12 (1) (3) 1 1 3 1 1 1 2 (1) (3) AU AU-13 MONITORING FOR INFORMATION DISCLOSURE P0 AU AU-14 SESSION AUDIT P0 AU AU-15 ALTERNATE AUDIT CAPABILITY P0 AU AU-16 CROSS-ORGANIZATIONAL AUDITING P0 CA CA-1 SECURITY ASSESSMENT AND AUTHORIZATION POLICY AND PROCEDURES P1 CA-1 CA-1 CA-1 1 1 1 1 1 1 CA CA-2 SECURITY ASSESSMENTS P2 CA-2 CA-2 (1) CA-2 (1) (2) 1 2 3 1 1 1 1 2 (1) (1) (2) CA CA-3 SYSTEM INTERCONNECTIONS P1 CA-3 CA-3 (5) CA-3 (5) 1 2 2 1 1 1 1 1 (5) (5) CA CA-4 SECURITY CERTIFICATION (blank) CA CA-5 PLAN OF ACTION AND MILESTONES P3 CA-5 CA-5 CA-5 1 1 1 1 1 1 CA CA-6 SECURITY AUTHORIZATION P2 CA-6 CA-6 CA-6 1 1 1 1 1 1 CA CA-7 CONTINUOUS MONITORING P2 CA-7 CA-7 (1) CA-7 (1) 1 2 2 1 1 1 1 1 (1) (1) CA CA-8 PENETRATION TESTING P2 CA-8 1 1 CA CA-9 INTERNAL SYSTEM CONNECTIONS P2 CA-9 CA-9 CA-9 1 1 1 1 1 1 CM CM-1 CONFIGURATION MANAGEMENT POLICY AND PROCEDURES P1 CM-1 CM-1 CM-1 1 1 1 1 1 1 CM CM-2 BASELINE CONFIGURATION P1 CM-2 CM-2 (1) (3) (7) CM-2 (1) (2) (3) (7) 1 4 5 1 1 1 3 4 (1) (1) (3) (2) (7) (3) (7) CM CM-3 CONFIGURATION CHANGE CONTROL P1 CM-3 (2) CM-3 (1) (2) 2 3 1 1 1 2 (2) (1) (2) CM CM-4 SECURITY IMPACT ANALYSIS P2 CM-4 CM-4 CM-4 (1) 1 1 2 1 1 1 1 (1) CM CM-5 ACCESS RESTRICTIONS FOR CHANGE P1 CM-5 CM-5 (1) (2) (3) 1 4 1 1 3 (1) (2) (3) CM CM-6 CONFIGURATION SETTINGS P1 CM-6 CM-6 CM-6 (1) (2) 1 1 3 1 1 1 2 (1) (2) CM CM-7 LEAST FUNCTIONALITY P1 CM-7 CM-7 (1) (2) (4) CM-7 (1) (2) (5) 1 4 4 1 1 1 3 3 (1) (1) (2) (2) (4) (5) CM CM-8 INFORMATION SYSTEM COMPONENT INVENTORY P1 CM-8 CM-8 (1) (3) (5) CM-8 (1) (2) (3) (4) (5) 1 4 6 1 1 1 3 5 (1) (1) (3) (2) (5) (3) (4) (5) CM CM-9 CONFIGURATION MANAGEMENT PLAN P1 CM-9 CM-9 1 1 1 1
2.
NIST NVD 800
Rev4 Data Analysis Page 2 of 4 Priority 256 100% P3 12 4.7% P2 36 14.1% P1 122 47.7% 137 82 44 11 93 71 49 18 20 19 14 11 7 9 2 5 1 4 3 2 P0 54 21.1% Combined Count Control Count Enhance Count Level 1 Count Level 2 Count Level 3 Count Level 4 Count Level 5 Count Level 6 Count Level 7 Count Level 8 Count (blank) 32 12.5% 124 261 343 115 159 170 9 102 173 4 53 71 3 23 42 1 15 26 1 8 17 2 7 1 5 3 2 FAMILY ID SECURITY CONTROL TITLE P Low Mod High L M H L M H L M H L M H L M H L M H L M H L M H L M H L M H L M H CM CM-10 SOFTWARE USAGE RESTRICTIONS P2 CM-10 CM-10 CM-10 1 1 1 1 1 1 CM CM-11 USER-INSTALLED SOFTWARE P1 CM-11 CM-11 CM-11 1 1 1 1 1 1 CP CP-1 CONTINGENCY PLANNING POLICY AND PROCEDURES P1 CP-1 CP-1 CP-1 1 1 1 1 1 1 CP CP-2 CONTINGENCY PLAN P1 CP-2 CP-2 (1) (3) (8) CP-2 (1) (2) (3) (4) (5) (8) 1 4 7 1 1 1 3 6 (1) (1) (3) (2) (8) (3) (4) (5) (8) CP CP-3 CONTINGENCY TRAINING P2 CP-3 CP-3 CP-3 (1) 1 1 2 1 1 1 1 (1) CP CP-4 CONTINGENCY PLAN TESTING P2 CP-4 CP-4 (1) CP-4 (1) (2) 1 2 3 1 1 1 1 2 (1) (1) (2) CP CP-5 CONTINGENCY PLAN UPDATE (blank) CP CP-6 ALTERNATE STORAGE SITE P1 CP-6 (1) (3) CP-6 (1) (2) (3) 3 4 1 1 2 3 (1) (1) (3) (2) (3) CP CP-7 ALTERNATE PROCESSING SITE P1 CP-7 (1) (2) (3) CP-7 (1) (2) (3) (4) 4 5 1 1 3 4 (1) (1) (2) (2) (3) (3) (4) CP CP-8 TELECOMMUNICATIONS SERVICES P1 CP-8 (1) (2) CP-8 (1) (2) (3) (4) 3 5 1 1 2 4 (1) (1) (2) (2) (3) (4) CP CP-9 INFORMATION SYSTEM BACKUP P1 CP-9 CP-9 (1) CP-9 (1) (2) (3) (5) 1 2 5 1 1 1 1 4 (1) (1) (2) (3) (5) CP CP-10 INFORMATION SYSTEM RECOVERY AND RECONSTITUTION P1 CP-10 CP-10 (2) CP-10 (2) (4) 1 2 3 1 1 1 1 2 (2) (2) (4) CP CP-11 ALTERNATE COMMUNICATIONS PROTOCOLS P0 CP CP-12 SAFE MODE P0 CP CP-13 ALTERNATIVE SECURITY MECHANISMS P0 IA IA-1 IDENTIFICATION AND AUTHENTICATION POLICY AND PROCEDURES P1 IA-1 IA-1 IA-1 1 1 1 1 1 1 IA IA-2 IDENTIFICATION AND AUTHENTICATION (ORGANIZATIONAL USERS) P1 IA-2 (1) (12) IA-2 (1) (2) (3) (8) (11) (12) IA-2 (1) (2) (3) (4) (8) (9) (11) (12) 3 7 9 1 1 1 2 6 8 (1) (1) (1) (12) (2) (2) (3) (3) (8) (4) (11) (8) (12) (9) (11) (12) IA IA-3 DEVICE IDENTIFICATION AND AUTHENTICATION P1 IA-3 IA-3 1 1 1 1 IA IA-4 IDENTIFIER MANAGEMENT P1 IA-4 IA-4 IA-4 1 1 1 1 1 1 IA IA-5 AUTHENTICATOR MANAGEMENT P1 IA-5 (1) (11) IA-5 (1) (2) (3) (11) IA-5 (1) (2) (3) (11) 3 5 5 1 1 1 2 4 4 (1) (1) (1) (11) (2) (2) (3) (3) (11) (11) IA IA-6 AUTHENTICATOR FEEDBACK P2 IA-6 IA-6 IA-6 1 1 1 1 1 1 IA IA-7 CRYPTOGRAPHIC MODULE AUTHENTICATION P1 IA-7 IA-7 IA-7 1 1 1 1 1 1 IA IA-8 IDENTIFICATION AND AUTHENTICATION (NON-ORGANIZATIONAL USERS) P1 IA-8 (1) (2) (3) (4) IA-8 (1) (2) (3) (4) IA-8 (1) (2) (3) (4) 5 5 5 1 1 1 4 4 4 (1) (1) (1) (2) (2) (2) (3) (3) (3) (4) (4) (4) IA IA-9 SERVICE IDENTIFICATION AND AUTHENTICATION P0 IA IA-10 ADAPTIVE IDENTIFICATION AND AUTHENTICATION P0 IA IA-11 RE-AUTHENTICATION P0 IR IR-1 INCIDENT RESPONSE POLICY AND PROCEDURES P1 IR-1 IR-1 IR-1 1 1 1 1 1 1 IR IR-2 INCIDENT RESPONSE TRAINING P2 IR-2 IR-2 IR-2 (1) (2) 1 1 3 1 1 1 2 (1) (2) IR IR-3 INCIDENT RESPONSE TESTING P2 IR-3 (2) IR-3 (2) 2 2 1 1 1 1 (2) (2) IR IR-4 INCIDENT HANDLING P1 IR-4 IR-4 (1) IR-4 (1) (4) 1 2 3 1 1 1 1 2 (1) (1) (4) IR IR-5 INCIDENT MONITORING P1 IR-5 IR-5 IR-5 (1) 1 1 2 1 1 1 1 (1) IR IR-6 INCIDENT REPORTING P1 IR-6 IR-6 (1) IR-6 (1) 1 2 2 1 1 1 1 1 (1) (1) IR IR-7 INCIDENT RESPONSE ASSISTANCE P2 IR-7 IR-7 (1) IR-7 (1) 1 2 2 1 1 1 1 1 (1) (1) IR IR-8 INCIDENT RESPONSE PLAN P1 IR-8 IR-8 IR-8 1 1 1 1 1 1 IR IR-9 INFORMATION SPILLAGE RESPONSE P0 IR IR-10 INTEGRATED INFORMATION SECURITY ANALYSIS TEAM P0 MA MA-1 SYSTEM MAINTENANCE POLICY AND PROCEDURES P1 MA-1 MA-1 MA-1 1 1 1 1 1 1 MA MA-2 CONTROLLED MAINTENANCE P2 MA-2 MA-2 MA-2 (2) 1 1 2 1 1 1 1 (2) MA MA-3 MAINTENANCE TOOLS P3 MA-3 (1) (2) MA-3 (1) (2) (3) 3 4 1 1 2 3 (1) (1) (2) (2) (3) MA MA-4 NONLOCAL MAINTENANCE P2 MA-4 MA-4 (2) MA-4 (2) (3) 1 2 3 1 1 1 1 2 (2) (2) (3) MA MA-5 MAINTENANCE PERSONNEL P2 MA-5 MA-5 MA-5 (1) 1 1 2 1 1 1 1 (1) MA MA-6 TIMELY MAINTENANCE P2 MA-6 MA-6 1 1 1 1 MP MP-1 MEDIA PROTECTION POLICY AND PROCEDURES P1 MP-1 MP-1 MP-1 1 1 1 1 1 1 MP MP-2 MEDIA ACCESS P1 MP-2 MP-2 MP-2 1 1 1 1 1 1 MP MP-3 MEDIA MARKING P2 MP-3 MP-3 1 1 1 1 MP MP-4 MEDIA STORAGE P1 MP-4 MP-4 1 1 1 1 MP MP-5 MEDIA TRANSPORT P1 MP-5 (4) MP-5 (4) 2 2 1 1 1 1 (4) (4) MP MP-6 MEDIA SANITIZATION P1 MP-6 MP-6 MP-6 (1) (2) (3) 1 1 4 1 1 1 3 (1) (2) (3) MP MP-7 MEDIA USE P1 MP-7 MP-7 (1) MP-7 (1) 1 2 2 1 1 1 1 1 (1) (1) MP MP-8 MEDIA DOWNGRADING P0 PE PE-1 PHYSICAL AND ENVIRONMENTAL PROTECTION POLICY AND PROCEDURES P1 PE-1 PE-1 PE-1 1 1 1 1 1 1 PE PE-2 PHYSICAL ACCESS AUTHORIZATIONS P1 PE-2 PE-2 PE-2 1 1 1 1 1 1 PE PE-3 PHYSICAL ACCESS CONTROL P1 PE-3 PE-3 PE-3 (1) 1 1 2 1 1 1 1 (1) PE PE-4 ACCESS CONTROL FOR TRANSMISSION MEDIUM P1 PE-4 PE-4 1 1 1 1 PE PE-5 ACCESS CONTROL FOR OUTPUT DEVICES P2 PE-5 PE-5 1 1 1 1 PE PE-6 MONITORING PHYSICAL ACCESS P1 PE-6 PE-6 (1) PE-6 (1) (4) 1 2 3 1 1 1 1 2 (1) (1) (4) PE PE-7 VISITOR CONTROL (blank) PE PE-8 VISITOR ACCESS RECORDS P3 PE-8 PE-8 PE-8 (1) 1 1 2 1 1 1 1 (1) PE PE-9 POWER EQUIPMENT AND CABLING P1 PE-9 PE-9 1 1 1 1 PE PE-10 EMERGENCY SHUTOFF P1 PE-10 PE-10 1 1 1 1 PE PE-11 EMERGENCY POWER P1 PE-11 PE-11 (1) 1 2 1 1 1 (1) PE PE-12 EMERGENCY LIGHTING P1 PE-12 PE-12 PE-12 1 1 1 1 1 1 PE PE-13 FIRE PROTECTION P1 PE-13 PE-13 (3) PE-13 (1) (2) (3) 1 2 4 1 1 1 1 3 (3) (1) (2) (3) PE PE-14 TEMPERATURE AND HUMIDITY CONTROLS P1 PE-14 PE-14 PE-14 1 1 1 1 1 1
3.
NIST NVD 800
Rev4 Data Analysis Page 3 of 4 Priority 256 100% P3 12 4.7% P2 36 14.1% P1 122 47.7% 137 82 44 11 93 71 49 18 20 19 14 11 7 9 2 5 1 4 3 2 P0 54 21.1% Combined Count Control Count Enhance Count Level 1 Count Level 2 Count Level 3 Count Level 4 Count Level 5 Count Level 6 Count Level 7 Count Level 8 Count (blank) 32 12.5% 124 261 343 115 159 170 9 102 173 4 53 71 3 23 42 1 15 26 1 8 17 2 7 1 5 3 2 FAMILY ID SECURITY CONTROL TITLE P Low Mod High L M H L M H L M H L M H L M H L M H L M H L M H L M H L M H L M H PE PE-15 WATER DAMAGE PROTECTION P1 PE-15 PE-15 PE-15 (1) 1 1 2 1 1 1 1 (1) PE PE-16 DELIVERY AND REMOVAL P2 PE-16 PE-16 PE-16 1 1 1 1 1 1 PE PE-17 ALTERNATE WORK SITE P2 PE-17 PE-17 1 1 1 1 PE PE-18 LOCATION OF INFORMATION SYSTEM COMPONENTS P3 PE-18 1 1 PE PE-19 INFORMATION LEAKAGE P0 PE PE-20 ASSET MONITORING AND TRACKING P0 PL PL-1 SECURITY PLANNING POLICY AND PROCEDURES P1 PL-1 PL-1 PL-1 1 1 1 1 1 1 PL PL-2 SYSTEM SECURITY PLAN P1 PL-2 PL-2 (3) PL-2 (3) 1 2 2 1 1 1 1 1 (3) (3) PL PL-3 SYSTEM SECURITY PLAN UPDATE (blank) PL PL-4 RULES OF BEHAVIOR P2 PL-4 PL-4 (1) PL-4 (1) 1 2 2 1 1 1 1 1 (1) (1) PL PL-5 PRIVACY IMPACT ASSESSMENT (blank) PL PL-6 SECURITY-RELATED ACTIVITY PLANNING (blank) PL PL-7 SECURITY CONCEPT OF OPERATIONS P0 PL PL-8 INFORMATION SECURITY ARCHITECTURE P1 PL-8 PL-8 1 1 1 1 PL PL-9 CENTRAL MANAGEMENT P0 PM PM-1 INFORMATION SECURITY PROGRAM PLAN (blank) PM PM-2 SENIOR INFORMATION SECURITY OFFICER (blank) PM PM-3 INFORMATION SECURITY RESOURCES (blank) PM PM-4 PLAN OF ACTION AND MILESTONES PROCESS (blank) PM PM-5 INFORMATION SYSTEM INVENTORY (blank) PM PM-6 INFORMATION SECURITY MEASURES OF PERFORMANCE (blank) PM PM-7 ENTERPRISE ARCHITECTURE (blank) PM PM-8 CRITICAL INFRASTRUCTURE PLAN (blank) PM PM-9 RISK MANAGEMENT STRATEGY (blank) PM PM-10 SECURITY AUTHORIZATION PROCESS (blank) PM PM-11 MISSION/BUSINESS PROCESS DEFINITION (blank) PM PM-12 INSIDER THREAT PROGRAM (blank) PM PM-13 INFORMATION SECURITY WORKFORCE (blank) PM PM-14 TESTING, TRAINING, AND MONITORING (blank) PM PM-15 CONTACTS WITH SECURITY GROUPS AND ASSOCIATIONS (blank) PM PM-16 THREAT AWARENESS PROGRAM (blank) PS PS-1 PERSONNEL SECURITY POLICY AND PROCEDURES P1 PS-1 PS-1 PS-1 1 1 1 1 1 1 PS PS-2 POSITION RISK DESIGNATION P1 PS-2 PS-2 PS-2 1 1 1 1 1 1 PS PS-3 PERSONNEL SCREENING P1 PS-3 PS-3 PS-3 1 1 1 1 1 1 PS PS-4 PERSONNEL TERMINATION P1 PS-4 PS-4 PS-4 (2) 1 1 2 1 1 1 1 (2) PS PS-5 PERSONNEL TRANSFER P2 PS-5 PS-5 PS-5 1 1 1 1 1 1 PS PS-6 ACCESS AGREEMENTS P3 PS-6 PS-6 PS-6 1 1 1 1 1 1 PS PS-7 THIRD-PARTY PERSONNEL SECURITY P1 PS-7 PS-7 PS-7 1 1 1 1 1 1 PS PS-8 PERSONNEL SANCTIONS P3 PS-8 PS-8 PS-8 1 1 1 1 1 1 RA RA-1 RISK ASSESSMENT POLICY AND PROCEDURES P1 RA-1 RA-1 RA-1 1 1 1 1 1 1 RA RA-2 SECURITY CATEGORIZATION P1 RA-2 RA-2 RA-2 1 1 1 1 1 1 RA RA-3 RISK ASSESSMENT P1 RA-3 RA-3 RA-3 1 1 1 1 1 1 RA RA-4 RISK ASSESSMENT UPDATE (blank) RA RA-5 VULNERABILITY SCANNING P1 RA-5 RA-5 (1) (2) (5) RA-5 (1) (2) (4) (5) 1 4 5 1 1 1 3 4 (1) (1) (2) (2) (5) (4) (5) RA RA-6 TECHNICAL SURVEILLANCE COUNTERMEASURES SURVEY P0 SA SA-1 SYSTEM AND SERVICES ACQUISITION POLICY AND PROCEDURES P1 SA-1 SA-1 SA-1 1 1 1 1 1 1 SA SA-2 ALLOCATION OF RESOURCES P1 SA-2 SA-2 SA-2 1 1 1 1 1 1 SA SA-3 SYSTEM DEVELOPMENT LIFE CYCLE P1 SA-3 SA-3 SA-3 1 1 1 1 1 1 SA SA-4 ACQUISITION PROCESS P1 SA-4 (10) SA-4 (1) (2) (9) (10) SA-4 (1) (2) (9) (10) 2 5 5 1 1 1 1 4 4 (10) (1) (1) (2) (2) (9) (9) (10) (10) SA SA-5 INFORMATION SYSTEM DOCUMENTATION P2 SA-5 SA-5 SA-5 1 1 1 1 1 1 SA SA-6 SOFTWARE USAGE RESTRICTIONS (blank) SA SA-7 USER-INSTALLED SOFTWARE (blank) SA SA-8 SECURITY ENGINEERING PRINCIPLES P1 SA-8 SA-8 1 1 1 1 SA SA-9 EXTERNAL INFORMATION SYSTEM SERVICES P1 SA-9 SA-9 (2) SA-9 (2) 1 2 2 1 1 1 1 1 (2) (2) SA SA-10 DEVELOPER CONFIGURATION MANAGEMENT P1 SA-10 SA-10 1 1 1 1 SA SA-11 DEVELOPER SECURITY TESTING AND EVALUATION P1 SA-11 SA-11 1 1 1 1 SA SA-12 SUPPLY CHAIN PROTECTION P1 SA-12 1 1 SA SA-13 TRUSTWORTHINESS P0 SA SA-14 CRITICALITY ANALYSIS P0 SA SA-15 DEVELOPMENT PROCESS, STANDARDS, AND TOOLS P2 SA-15 1 1 SA SA-16 DEVELOPER-PROVIDED TRAINING P2 SA-16 1 1 SA SA-17 DEVELOPER SECURITY ARCHITECTURE AND DESIGN P1 SA-17 1 1 SA SA-18 TAMPER RESISTANCE AND DETECTION P0 SA SA-19 COMPONENT AUTHENTICITY P0
4.
NIST NVD 800
Rev4 Data Analysis Page 4 of 4 Priority 256 100% P3 12 4.7% P2 36 14.1% P1 122 47.7% 137 82 44 11 93 71 49 18 20 19 14 11 7 9 2 5 1 4 3 2 P0 54 21.1% Combined Count Control Count Enhance Count Level 1 Count Level 2 Count Level 3 Count Level 4 Count Level 5 Count Level 6 Count Level 7 Count Level 8 Count (blank) 32 12.5% 124 261 343 115 159 170 9 102 173 4 53 71 3 23 42 1 15 26 1 8 17 2 7 1 5 3 2 FAMILY ID SECURITY CONTROL TITLE P Low Mod High L M H L M H L M H L M H L M H L M H L M H L M H L M H L M H L M H SA SA-20 CUSTOMIZED DEVELOPMENT OF CRITICAL COMPONENTS P0 SA SA-21 DEVELOPER SCREENING P0 SA SA-22 UNSUPPORTED SYSTEM COMPONENTS P0 SC SC-1 SYSTEM AND COMMUNICATIONS PROTECTION POLICY AND PROCEDURES P1 SC-1 SC-1 SC-1 1 1 1 1 1 1 SC SC-2 APPLICATION PARTITIONING P1 SC-2 SC-2 1 1 1 1 SC SC-3 SECURITY FUNCTION ISOLATION P1 SC-3 1 1 SC SC-4 INFORMATION IN SHARED RESOURCES P1 SC-4 SC-4 1 1 1 1 SC SC-5 DENIAL OF SERVICE PROTECTION P1 SC-5 SC-5 SC-5 1 1 1 1 1 1 SC SC-6 RESOURCE AVAILABILITY P0 SC SC-7 BOUNDARY PROTECTION P1 SC-7 SC-7 (3) (4) (5) (7) SC-7 (3) (4) (5) (7) (8) (18) (21) 1 5 8 1 1 1 4 7 (3) (3) (4) (4) (5) (5) (7) (7) (8) (18) (21) SC SC-8 TRANSMISSION CONFIDENTIALITY AND INTEGRITY P1 SC-8 (1) SC-8 (1) 2 2 1 1 1 1 (1) (1) SC SC-9 TRANSMISSION CONFIDENTIALITY (blank) SC SC-10 NETWORK DISCONNECT P2 SC-10 SC-10 1 1 1 1 SC SC-11 TRUSTED PATH P0 SC SC-12 CRYPTOGRAPHIC KEY ESTABLISHMENT AND MANAGEMENT P1 SC-12 SC-12 SC-12 (1) 1 1 2 1 1 1 1 (1) SC SC-13 CRYPTOGRAPHIC PROTECTION P1 SC-13 SC-13 SC-13 1 1 1 1 1 1 SC SC-14 PUBLIC ACCESS PROTECTIONS (blank) SC SC-15 COLLABORATIVE COMPUTING DEVICES P1 SC-15 SC-15 SC-15 1 1 1 1 1 1 SC SC-16 TRANSMISSION OF SECURITY ATTRIBUTES P0 SC SC-17 PUBLIC KEY INFRASTRUCTURE CERTIFICATES P1 SC-17 SC-17 1 1 1 1 SC SC-18 MOBILE CODE P2 SC-18 SC-18 1 1 1 1 SC SC-19 VOICE OVER INTERNET PROTOCOL P1 SC-19 SC-19 1 1 1 1 SC SC-20 SECURE NAME / ADDRESS RESOLUTION SERVICE (AUTHORITATIVE SOURCE) P1 SC-20 SC-20 SC-20 1 1 1 1 1 1 SC SC-21 SECURE NAME / ADDRESS RESOLUTION SERVICE (RECURSIVE OR CACHING RESOLVER) P1 SC-21 SC-21 SC-21 1 1 1 1 1 1 SC SC-22 ARCHITECTURE AND PROVISIONING FOR NAME / ADDRESS RESOLUTION SERVICE P1 SC-22 SC-22 SC-22 1 1 1 1 1 1 SC SC-23 SESSION AUTHENTICITY P1 SC-23 SC-23 1 1 1 1 SC SC-24 FAIL IN KNOWN STATE P1 SC-24 1 1 SC SC-25 THIN NODES P0 SC SC-26 HONEYPOTS P0 SC SC-27 PLATFORM-INDEPENDENT APPLICATIONS P0 SC SC-28 PROTECTION OF INFORMATION AT REST P1 SC-28 SC-28 1 1 1 1 SC SC-29 HETEROGENEITY P0 SC SC-30 CONCEALMENT AND MISDIRECTION P0 SC SC-31 COVERT CHANNEL ANALYSIS P0 SC SC-32 INFORMATION SYSTEM PARTITIONING P0 SC SC-33 TRANSMISSION PREPARATION INTEGRITY (blank) SC SC-34 NON-MODIFIABLE EXECUTABLE PROGRAMS P0 SC SC-35 HONEYCLIENTS P0 SC SC-36 DISTRIBUTED PROCESSING AND STORAGE P0 SC SC-37 OUT-OF-BAND CHANNELS P0 SC SC-38 OPERATIONS SECURITY P0 SC SC-39 PROCESS ISOLATION P1 SC-39 SC-39 SC-39 1 1 1 1 1 1 SC SC-40 WIRELESS LINK PROTECTION P0 SC SC-41 PORT AND I/O DEVICE ACCESS P0 SC SC-42 SENSOR CAPABILITY AND DATA P0 SC SC-43 USAGE RESTRICTIONS P0 SC SC-44 DETONATION CHAMBERS P0 SI SI-1 SYSTEM AND INFORMATION INTEGRITY POLICY AND PROCEDURES P1 SI-1 SI-1 SI-1 1 1 1 1 1 1 SI SI-2 FLAW REMEDIATION P1 SI-2 SI-2 (2) SI-2 (1) (2) 1 2 3 1 1 1 1 2 (2) (1) (2) SI SI-3 MALICIOUS CODE PROTECTION P1 SI-3 SI-3 (1) (2) SI-3 (1) (2) 1 3 3 1 1 1 2 2 (1) (1) (2) (2) SI SI-4 INFORMATION SYSTEM MONITORING P1 SI-4 SI-4 (2) (4) (5) SI-4 (2) (4) (5) 1 4 4 1 1 1 3 3 (2) (2) (4) (4) (5) (5) SI SI-5 SECURITY ALERTS, ADVISORIES, AND DIRECTIVES P1 SI-5 SI-5 SI-5 (1) 1 1 2 1 1 1 1 (1) SI SI-6 SECURITY FUNCTION VERIFICATION P1 SI-6 1 1 SI SI-7 SOFTWARE, FIRMWARE, AND INFORMATION INTEGRITY P1 SI-7 (1) (7) SI-7 (1) (2) (5) (7) (14) 3 6 1 1 2 5 (1) (1) (7) (2) (5) (7) (14) SI SI-8 SPAM PROTECTION P2 SI-8 (1) (2) SI-8 (1) (2) 3 3 1 1 2 2 (1) (1) (2) (2) SI SI-9 INFORMATION INPUT RESTRICTIONS (blank) SI SI-10 INFORMATION INPUT VALIDATION P1 SI-10 SI-10 1 1 1 1 SI SI-11 ERROR HANDLING P2 SI-11 SI-11 1 1 1 1 SI SI-12 INFORMATION HANDLING AND RETENTION P2 SI-12 SI-12 SI-12 1 1 1 1 1 1 SI SI-13 PREDICTABLE FAILURE PREVENTION P0 SI SI-14 NON-PERSISTENCE P0 SI SI-15 INFORMATION OUTPUT FILTERING P0 SI SI-16 MEMORY PROTECTION P1 SI-16 SI-16 1 1 1 1 SI SI-17 FAIL-SAFE PROCEDURES P0
Download now