Last active
March 2, 2023 01:51
-
-
Save bryaneaton/989f481b7a017faa7a00102cffd23b98 to your computer and use it in GitHub Desktop.
nist-formatted.json
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [ | |
| { | |
| "ID": "ac-1", | |
| "TITLE": "Access Control Policy and Procedures", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "ac-2", | |
| "TITLE": "Account Management", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-2.1", | |
| "TITLE": "Account Management | Automated System Account Management", | |
| "Confidentiality": "Moderate", | |
| "Integrity": "Moderate", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-2.2", | |
| "TITLE": "Account Management | Removal of Temporary / Emergency Accounts", | |
| "Confidentiality": "Moderate", | |
| "Integrity": "Moderate", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-2.3", | |
| "TITLE": "Account Management | Disable Inactive Accounts", | |
| "Confidentiality": "Moderate", | |
| "Integrity": "Moderate", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-2.4", | |
| "TITLE": "Account Management | Automated Audit Actions", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-2.5", | |
| "TITLE": "Account Management | Inactivity Logout", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "ac-2.6", | |
| "TITLE": "Account Management | Dynamic Privilege Management", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-2.7", | |
| "TITLE": "Account Management | Role-Based Schemes", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-2.8", | |
| "TITLE": "Account Management | Dynamic Account Creation", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-2.9", | |
| "TITLE": "Account Management | Restrictions on Use of Shared Groups / Accounts", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-2.10", | |
| "TITLE": "Account Management | Shared / Group Account Credential Termination", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-2.11", | |
| "TITLE": "Account Management | Usage Conditions", | |
| "Confidentiality": "High", | |
| "Integrity": "High", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-2.12", | |
| "TITLE": "Account Management | Account Monitoring / Atypical Usage", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-2.13", | |
| "TITLE": "Account Management | Disable Accounts For High-Risk Individuals", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-3", | |
| "TITLE": "Access Enforcement", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-3.1", | |
| "TITLE": "Access Enforcement | Restricted Access to Privileged Functions", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-3.2", | |
| "TITLE": "Access Enforcement | Dual Authorization", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-3.3", | |
| "TITLE": "Access Enforcement | Mandatory Access Control", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-3.4", | |
| "TITLE": "Access Enforcement | Discretionary Access Control", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-3.5", | |
| "TITLE": "Access Enforcement | Security-Relevant Information", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-3.6", | |
| "TITLE": "Access Enforcement | Protection of User and System Information", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-3.7", | |
| "TITLE": "Access Enforcement | Role-Based Access Control", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-3.8", | |
| "TITLE": "Access Enforcement | Revocation of Access Authorizations", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-3.9", | |
| "TITLE": "Access Enforcement | Controlled Release", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-3.10", | |
| "TITLE": "Access Enforcement | Audited Override of Access Control Mechanisms", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-4", | |
| "TITLE": "Information Flow Enforcement", | |
| "Confidentiality": "Moderate", | |
| "Integrity": "Moderate", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-4.1", | |
| "TITLE": "Information Flow Enforcement | Object Security Attributes", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-4.2", | |
| "TITLE": "Information Flow Enforcement | Processing Domains", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-4.3", | |
| "TITLE": "Information Flow Enforcement | Dynamic Information Flow Control", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-4.4", | |
| "TITLE": "Information Flow Enforcement | Content Check Encrypted Information", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-4.5", | |
| "TITLE": "Information Flow Enforcement | Embedded Data Types", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-4.6", | |
| "TITLE": "Information Flow Enforcement | Metadata", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-4.7", | |
| "TITLE": "Information Flow Enforcement | One-Way Flow Mechanisms", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-4.8", | |
| "TITLE": "Information Flow Enforcement | Security Policy Filters", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-4.9", | |
| "TITLE": "Information Flow Enforcement | Human Reviews", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-4.10", | |
| "TITLE": "Information Flow Enforcement | Enable / Disable Security Policy Filters", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-4.11", | |
| "TITLE": "Information Flow Enforcement | Configuration of Security Policy Filters", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-4.12", | |
| "TITLE": "Information Flow Enforcement | Data Type Identifiers", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-4.13", | |
| "TITLE": "Information Flow Enforcement | Decomposition Into Policy-Relevant Subcomponents", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-4.14", | |
| "TITLE": "Information Flow Enforcement | Security Policy Filter Constraints", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-4.15", | |
| "TITLE": "Information Flow Enforcement | Detection of Unsanctioned Information", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-4.16", | |
| "TITLE": "Information Flow Enforcement | Information Transfers on Interconnected Systems", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-4.17", | |
| "TITLE": "Information Flow Enforcement | Domain Authentication", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-4.18", | |
| "TITLE": "Information Flow Enforcement | Security Attribute Binding", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-4.19", | |
| "TITLE": "Information Flow Enforcement | Validation of Metadata", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-4.20", | |
| "TITLE": "Information Flow Enforcement | Approved Solutions", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-4.21", | |
| "TITLE": "Information Flow Enforcement | Physical / Logical Separation of Information Flows", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-4.22", | |
| "TITLE": "Information Flow Enforcement | Access Only", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-5", | |
| "TITLE": "Separation of Duties", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-6", | |
| "TITLE": "Least Privilege", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-6.1", | |
| "TITLE": "Least Privilege | Authorize Access to Security Functions", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-6.2", | |
| "TITLE": "Least Privilege | Non-Privileged Access For Nonsecurity Functions", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-6.3", | |
| "TITLE": "Least Privilege | Network Access to Privileged Commands", | |
| "Confidentiality": "High", | |
| "Integrity": "High", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-6.4", | |
| "TITLE": "Least Privilege | Separate Processing Domains", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-6.5", | |
| "TITLE": "Least Privilege | Privileged Accounts", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-6.6", | |
| "TITLE": "Least Privilege | Privileged Access by Non-Organizational Users", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-6.7", | |
| "TITLE": "Least Privilege | Review of User Privileges", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-6.8", | |
| "TITLE": "Least Privilege | Privilege Levels For Code Execution", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-6.9", | |
| "TITLE": "Least Privilege | Auditing Use of Privileged Functions", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-6.10", | |
| "TITLE": "Least Privilege | Prohibit Nonprivileged Users from Executing Privileged Functions", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-7", | |
| "TITLE": "Unsuccessful Logon Attempts", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "ac-7.1", | |
| "TITLE": "Unsuccessful Logon Attempts | Automatic Account Lock", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-7.2", | |
| "TITLE": "Unsuccessful Logon Attempts | Purge/Wipe Mobile Device", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-8", | |
| "TITLE": "System Use Notification", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-9", | |
| "TITLE": "Previous Logon (Access) Notification", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-9.1", | |
| "TITLE": "Previous Logon Notification | Unsuccessful Logons", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-9.2", | |
| "TITLE": "Previous Logon Notification | Successful / Unsuccessful Logons", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-9.3", | |
| "TITLE": "Previous Logon Notification | Notification of Account Changes", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-9.4", | |
| "TITLE": "Previous Logon Notification | Additional Logon Information", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-10", | |
| "TITLE": "Concurrent Session Control", | |
| "Confidentiality": "Moderate", | |
| "Integrity": "Moderate", | |
| "Availability": "Moderate" | |
| }, | |
| { | |
| "ID": "ac-11", | |
| "TITLE": "Session Lock", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-11.1", | |
| "TITLE": "Session Lock | Pattern-Hiding Displays", | |
| "Confidentiality": "Low", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-12", | |
| "TITLE": "Session Termination", | |
| "Confidentiality": "Moderate", | |
| "Integrity": "Moderate", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-12.1", | |
| "TITLE": "Session Termination | User-initiated Logouts / Message Displays", | |
| "Confidentiality": "Moderate", | |
| "Integrity": "Moderate", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-13", | |
| "TITLE": "Supervision and Review \u2014 Access Control", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-14", | |
| "TITLE": "Permitted Actions Without Identification or Authentication", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-14.1", | |
| "TITLE": "Permitted Actions Without Identification or Authentication | Necessary Uses", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-15", | |
| "TITLE": "Automated Marking", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-16", | |
| "TITLE": "Security Attributes", | |
| "Confidentiality": "Moderate", | |
| "Integrity": "Moderate", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-16.1", | |
| "TITLE": "Security Attributes | Dynamic Attribute Association", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-16.2", | |
| "TITLE": "Security Attributes | Attribute Value Changes by Authorized Individuals", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-16.3", | |
| "TITLE": "Security Attributes | Maintenance of Attribute Associations by Information System", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-16.4", | |
| "TITLE": "Security Attributes | Association of Attributes by Authorized Individuals", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-16.5", | |
| "TITLE": "Security Attributes | Attribute Displays For Output Devices", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-16.6", | |
| "TITLE": "Security Attributes | Maintenance of Attribute Association by Organization", | |
| "Confidentiality": "Moderate", | |
| "Integrity": "Moderate", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-16.7", | |
| "TITLE": "Security Attributes | Consistent Attribute Interpretation", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-16.8", | |
| "TITLE": "Security Attributes | Association Techniques / Technologies", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-16.9", | |
| "TITLE": "Security Attributes | Attribute Reassignment", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-16.10", | |
| "TITLE": "Security Attributes | Attribute Configuration by Authorized Individuals", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-17", | |
| "TITLE": "Remote Access", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-17.1", | |
| "TITLE": "Remote Access | Automated Monitoring / Control", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-17.2", | |
| "TITLE": "Remote Access | Protection of Confidentiality / Integrity Using Encryption", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-17.3", | |
| "TITLE": "Remote Access | Managed Access Control Points", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-17.4", | |
| "TITLE": "Remote Access | Privileged Commands / Access", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-17.5", | |
| "TITLE": "Remote Access | Monitoring For Unauthorized Connections", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-17.6", | |
| "TITLE": "Remote Access | Protection of Information", | |
| "Confidentiality": "Low", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-17.7", | |
| "TITLE": "Remote Access | Additional Protection For Security Function Access", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-17.8", | |
| "TITLE": "Remote Access | Disable Nonsecure Network Protocols", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-17.9", | |
| "TITLE": "Remote Access | Disconnect / Disable Access", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-18", | |
| "TITLE": "Wireless Access", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-18.1", | |
| "TITLE": "Wireless Access | Authentication and Encryption", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-18.2", | |
| "TITLE": "Wireless Access | Monitoring Unauthorized Connections", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-18.3", | |
| "TITLE": "Wireless Access | Disable Wireless Networking", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-18.4", | |
| "TITLE": "Wireless Access | Restrict Configurations by Users", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-18.5", | |
| "TITLE": "Wireless Access | Antennas / Transmission Power Levels", | |
| "Confidentiality": "High", | |
| "Integrity": "High", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-19", | |
| "TITLE": "Access Control For Mobile Devices", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-19.1", | |
| "TITLE": "Access Control For Mobile Devices | Use of Writable / Portable Storage Devices", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-19.2", | |
| "TITLE": "Access Control For Mobile Devices | Use of Personally Owned Portable Storage Devices", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-19.3", | |
| "TITLE": "Access Control For Mobile Devices | Use of Portable Storage Devices with No Identifiable Owner", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-19.4", | |
| "TITLE": "Access Control For Mobile Devices | Restrictions For Classified Information", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-19.5", | |
| "TITLE": "Access Control For Mobile Devices | Full Device / Container-Based Encryption", | |
| "Confidentiality": "Moderate", | |
| "Integrity": "Moderate", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-20", | |
| "TITLE": "Use of External Information Systems", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-20.1", | |
| "TITLE": "Use of External Information Systems | Limits on Authorized Use", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-20.2", | |
| "TITLE": "Use of External Information Systems | Portable Storage Devices", | |
| "Confidentiality": "Low", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-20.3", | |
| "TITLE": "Use of External Information Systems | Non-Organizationally Owned Systems / Components / Devices", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-20.4", | |
| "TITLE": "Use of External Information Systems | Network Accessible Storage Devices", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-21", | |
| "TITLE": "Information Sharing", | |
| "Confidentiality": "Moderate", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-21.1", | |
| "TITLE": "Information Sharing | Automated Decision Support", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-21.2", | |
| "TITLE": "Information Sharing | Information Search and Retrieval", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-22", | |
| "TITLE": "Publicly Accessible Content", | |
| "Confidentiality": "Low", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-23", | |
| "TITLE": "Data Mining Protection", | |
| "Confidentiality": "Moderate", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-24", | |
| "TITLE": "Access Control Decisions", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-24.1", | |
| "TITLE": "Access Control Decisions | Transmit Access Authorization Information", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-24.2", | |
| "TITLE": "Access Control Decisions | No User or Process Identity", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ac-25", | |
| "TITLE": "Reference Monitor", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "at-1", | |
| "TITLE": "Security Awareness and Training Policy and Procedures", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "at-2", | |
| "TITLE": "Security Awareness Training", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "at-2.1", | |
| "TITLE": "Security Awareness | Practical Exercises", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "at-2.2", | |
| "TITLE": "Security Awareness | Insider Threat", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "at-3", | |
| "TITLE": "Role-Based Security Training", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "at-3.1", | |
| "TITLE": "Security Training | Environmental Controls", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "at-3.2", | |
| "TITLE": "Security Training | Physical Security Controls", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "at-3.3", | |
| "TITLE": "Security Training | Practical Exercises", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "at-3.4", | |
| "TITLE": "Security Training | Suspicious Communications and Anomalous System Behavior", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "at-4", | |
| "TITLE": "Security Training Records", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "at-5", | |
| "TITLE": "Contacts With Security Groups and Associations", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "au-1", | |
| "TITLE": "Audit and Accountability Policy and Procedures", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "au-2", | |
| "TITLE": "Audit Events", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "au-2.1", | |
| "TITLE": "Audit Events | Compilation of Audit Records From Multiple Sources", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "au-2.2", | |
| "TITLE": "Audit Events | Selection of Audit Events by Component", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "au-2.3", | |
| "TITLE": "Audit Events | Reviews and Updates", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "au-2.4", | |
| "TITLE": "Audit Events | Privileged Functions", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "au-3", | |
| "TITLE": "Content of Audit Records", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "au-3.1", | |
| "TITLE": "Content of Audit Records | Additional Audit Information", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "au-3.2", | |
| "TITLE": "Content of Audit Records | Centralized Management of Planned Audit Record Content", | |
| "Confidentiality": "High", | |
| "Integrity": "High", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "au-4", | |
| "TITLE": "Audit Storage Capacity", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "au-4.1", | |
| "TITLE": "Audit Storage Capacity | Transfer to Alternate Storage", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "au-5", | |
| "TITLE": "Response to Audit Processing Failures", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "au-5.1", | |
| "TITLE": "Response to Audit Processing Failures | Audit Storage Capacity", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "au-5.2", | |
| "TITLE": "Response to Audit Processing Failures | Real-Time Alerts", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "High" | |
| }, | |
| { | |
| "ID": "au-5.3", | |
| "TITLE": "Response to Audit Processing Failures | Configurable Traffic Volume Thresholds", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "au-5.4", | |
| "TITLE": "Response to Audit Processing Failures | Shutdown on Failure", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "au-6", | |
| "TITLE": "Audit Review, Analysis, and Reporting", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "au-6.1", | |
| "TITLE": "Audit Review, Analysis, and Reporting | Process Integration", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "au-6.2", | |
| "TITLE": "Audit Review, Analysis, and Reporting | Automated Security Alerts", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "au-6.3", | |
| "TITLE": "Audit Review, Analysis, and Reporting | Correlate Audit Repositories", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "au-6.4", | |
| "TITLE": "Audit Review, Analysis, and Reporting | Central Review and Analysis", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "au-6.5", | |
| "TITLE": "Audit Review, Analysis, and Reporting | Integration / Scanning and Monitoring Capabilities", | |
| "Confidentiality": "High", | |
| "Integrity": "High", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "au-6.6", | |
| "TITLE": "Audit Review, Analysis, and Reporting | Correlation With Physical Monitoring", | |
| "Confidentiality": "High", | |
| "Integrity": "High", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "au-6.7", | |
| "TITLE": "Audit Review, Analysis, and Reporting | Permitted Actions", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "au-6.8", | |
| "TITLE": "Audit Review, Analysis, and Reporting | Full Text Analysis of Privileged Commands", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "au-6.9", | |
| "TITLE": "Audit Review, Analysis, and Reporting | Correlation with Information from Nontechnical Sources", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "au-6.10", | |
| "TITLE": "Audit Review, Analysis, and Reporting | Audit Level Adjustment", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "au-7", | |
| "TITLE": "Audit Reduction and Report Generation", | |
| "Confidentiality": "Moderate", | |
| "Integrity": "Moderate", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "au-7.1", | |
| "TITLE": "Audit Reduction and Report Generation | Automatic Processing", | |
| "Confidentiality": "Moderate", | |
| "Integrity": "Moderate", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "au-7.2", | |
| "TITLE": "Audit Reduction and Report Generation | Automatic Sort and Search", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "au-8", | |
| "TITLE": "Time Stamps", | |
| "Confidentiality": "NA", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "au-8.1", | |
| "TITLE": "Time Stamps | Synchronization With Authoritative Time Source", | |
| "Confidentiality": "NA", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "au-8.2", | |
| "TITLE": "Time Stamps | Secondary Authoritative Time Source", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "au-9", | |
| "TITLE": "Protection of Audit Information", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "au-9.1", | |
| "TITLE": "Protection of Audit Information | Hardware Write-Once Media", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "au-9.2", | |
| "TITLE": "Protection of Audit Information | Audit Backup on Separate Physical Systems / Components", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "High" | |
| }, | |
| { | |
| "ID": "au-9.3", | |
| "TITLE": "Protection of Audit Information | Cryptographic Protection", | |
| "Confidentiality": "NA", | |
| "Integrity": "High", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "au-9.4", | |
| "TITLE": "Protection of Audit Information | Access by Subset of Privileged Users", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "au-9.5", | |
| "TITLE": "Protection of Audit Information | Dual Authorization", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "au-9.6", | |
| "TITLE": "Protection of Audit Information | Read Only Access", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "au-10", | |
| "TITLE": "Non-Repudiation", | |
| "Confidentiality": "NA", | |
| "Integrity": "Moderate", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "au-10.1", | |
| "TITLE": "Non-Repudiation | Association of Identities", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "au-10.2", | |
| "TITLE": "Non-Repudiation | Validate Binding of Information Producer Identity", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "au-10.3", | |
| "TITLE": "Non-Repudiation | Chain of Custody", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "au-10.4", | |
| "TITLE": "Non-Repudiation | Validate Binding of Information Reviewer Identity", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "au-10.5", | |
| "TITLE": "Non-Repudiation | Digital Signatures", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "au-11", | |
| "TITLE": "Audit Record Retention", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "au-11.1", | |
| "TITLE": "Audit Record Retention | Long-Term Retrieval Capability", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "au-12", | |
| "TITLE": "Audit Generation", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "au-12.1", | |
| "TITLE": "Audit Generation | System-Wide / Time-Correlated Audit Trail", | |
| "Confidentiality": "NA", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "au-12.2", | |
| "TITLE": "Audit Generation | Standardized Formats", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "au-12.3", | |
| "TITLE": "Audit Generation | Changes by Authorized Individuals", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "au-13", | |
| "TITLE": "Monitoring For Information Disclosure", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "au-13.1", | |
| "TITLE": "Monitoring For Information Disclosure | Use of Automated Tools", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "au-13.2", | |
| "TITLE": "Monitoring For Information Disclosure | Review of Monitored Sites", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "au-14", | |
| "TITLE": "Session Audit", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "au-14.1", | |
| "TITLE": "Session Audit | System Start-Up", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "au-14.2", | |
| "TITLE": "Session Audit | Capture/Record and Log Content", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "au-14.3", | |
| "TITLE": "Session Audit | Remote Viewing / Listening", | |
| "Confidentiality": "Low", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "au-15", | |
| "TITLE": "Alternate Audit Capability", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "au-16", | |
| "TITLE": "Cross-Organizational Auditing", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "au-16.1", | |
| "TITLE": "Cross-Organizational Auditing | Identity Preservation", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "au-16.2", | |
| "TITLE": "Cross-Organizational Auditing | Sharing of Audit Information", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ca-1", | |
| "TITLE": "Security Assessment and Authorization Policies and Procedures", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "ca-2", | |
| "TITLE": "Security Assessments", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "ca-2.1", | |
| "TITLE": "Security Assessments | Independent Assessors", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "ca-2.2", | |
| "TITLE": "Security Assessments | Specialized Assessments", | |
| "Confidentiality": "High", | |
| "Integrity": "High", | |
| "Availability": "High" | |
| }, | |
| { | |
| "ID": "ca-2.3", | |
| "TITLE": "Security Assessments | External Organizations", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ca-3", | |
| "TITLE": "System Interconnections", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ca-3.1", | |
| "TITLE": "System Interconnections | Unclassified National Security System Connections", | |
| "Confidentiality": "Low", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ca-3.2", | |
| "TITLE": "System Interconnections | Classified National Security System Connections", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ca-3.3", | |
| "TITLE": "System Interconnections | Unclassified Non-National Security System Connections", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ca-3.4", | |
| "TITLE": "System Interconnections | Connections to Public Networks", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ca-3.5", | |
| "TITLE": "System Interconnections | Restrictions on External Network Connections", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ca-4", | |
| "TITLE": "Security Certification", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ca-5", | |
| "TITLE": "Plan of Action and Milestones", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "ca-5.1", | |
| "TITLE": "Plan of Action and Milestones | Automation Support For Accuracy / Currency", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ca-6", | |
| "TITLE": "Security Authorization", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "ca-7", | |
| "TITLE": "Continuous Monitoring", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "ca-7.1", | |
| "TITLE": "Continuous Monitoring | Independent Assessment", | |
| "Confidentiality": "Moderate", | |
| "Integrity": "Moderate", | |
| "Availability": "Moderate" | |
| }, | |
| { | |
| "ID": "ca-7.2", | |
| "TITLE": "Continuous Monitoring | Types of Assessments", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ca-7.3", | |
| "TITLE": "Continuous Monitoring | Trend Analyses", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ca-8", | |
| "TITLE": "Penetration Testing", | |
| "Confidentiality": "NA", | |
| "Integrity": "High", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ca-8.1", | |
| "TITLE": "Penetration Testing | Independent Penetration Agent or Team", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ca-8.2", | |
| "TITLE": "Penetration Testing | Red Team Exercises", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ca-9", | |
| "TITLE": "Internal System Connections", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ca-9.1", | |
| "TITLE": "Internal System Connections | Security Compliance Checks", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "cm-1", | |
| "TITLE": "Configuration Management Policy and Procedures", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "cm-2", | |
| "TITLE": "Baseline Configuration", | |
| "Confidentiality": "NA", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "cm-2.1", | |
| "TITLE": "Baseline Configuration | Reviews and Updates", | |
| "Confidentiality": "NA", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "cm-2.2", | |
| "TITLE": "Baseline Configuration | Automation Support For Accuracy / Currency", | |
| "Confidentiality": "NA", | |
| "Integrity": "High", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "cm-2.3", | |
| "TITLE": "Baseline Configuration | Retention of Previous Configurations", | |
| "Confidentiality": "NA", | |
| "Integrity": "Moderate", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "cm-2.4", | |
| "TITLE": "Baseline Configuration | Unauthorized Software", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "cm-2.5", | |
| "TITLE": "Baseline Configuration | Authorized Software", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "cm-2.6", | |
| "TITLE": "Baseline Configuration | Development and Test Environments", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "cm-2.7", | |
| "TITLE": "Baseline Configuration | Configure Systems, Components, or Devices for High-Risk Areas", | |
| "Confidentiality": "NA", | |
| "Integrity": "Moderate", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "cm-3", | |
| "TITLE": "Configuration Change Control", | |
| "Confidentiality": "NA", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "cm-3.1", | |
| "TITLE": "Configuration Change Control | Automated Document / Notification / Prohibition of Changes", | |
| "Confidentiality": "NA", | |
| "Integrity": "High", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "cm-3.2", | |
| "TITLE": "Configuration Change Control | Test / Validate / Document Changes", | |
| "Confidentiality": "NA", | |
| "Integrity": "Moderate", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "cm-3.3", | |
| "TITLE": "Configuration Change Control | Automated Change Implementation", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "cm-3.4", | |
| "TITLE": "Configuration Change Control | Security Representative", | |
| "Confidentiality": "NA", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "cm-3.5", | |
| "TITLE": "Configuration Change Control | Automated Security Response", | |
| "Confidentiality": "NA", | |
| "Integrity": "High", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "cm-3.6", | |
| "TITLE": "Configuration Change Control | Cryptography Management", | |
| "Confidentiality": "NA", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "cm-4", | |
| "TITLE": "Security Impact Analysis", | |
| "Confidentiality": "NA", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "cm-4.1", | |
| "TITLE": "Security Impact Analysis | Separate Test Environments", | |
| "Confidentiality": "NA", | |
| "Integrity": "Moderate", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "cm-4.2", | |
| "TITLE": "Security Impact Analysis | Verification of Security Functions", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "cm-5", | |
| "TITLE": "Access Restrictions For Change", | |
| "Confidentiality": "NA", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "cm-5.1", | |
| "TITLE": "Access Restrictions For Change | Automated Access Enforcement / Auditing", | |
| "Confidentiality": "NA", | |
| "Integrity": "Moderate", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "cm-5.2", | |
| "TITLE": "Access Restrictions For Change | Review System Changes", | |
| "Confidentiality": "NA", | |
| "Integrity": "Moderate", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "cm-5.3", | |
| "TITLE": "Access Restrictions For Change | Signed Components", | |
| "Confidentiality": "NA", | |
| "Integrity": "High", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "cm-5.4", | |
| "TITLE": "Access Restrictions For Change | Dual Authorization", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "cm-5.5", | |
| "TITLE": "Access Restrictions For Change | Limit Production / Operational Privileges", | |
| "Confidentiality": "NA", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "cm-5.6", | |
| "TITLE": "Access Restrictions For Change | Limit Library Privileges", | |
| "Confidentiality": "NA", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "cm-5.7", | |
| "TITLE": "Access Restrictions For Change | Automatic Implementation of Security Safeguards", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "cm-6", | |
| "TITLE": "Configuration Settings", | |
| "Confidentiality": "NA", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "cm-6.1", | |
| "TITLE": "Configuration Settings | Automated Central Management / Application / Verification", | |
| "Confidentiality": "NA", | |
| "Integrity": "Moderate", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "cm-6.2", | |
| "TITLE": "Configuration Settings | Respond to Unauthorized Changes", | |
| "Confidentiality": "NA", | |
| "Integrity": "High", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "cm-6.3", | |
| "TITLE": "Configuration Settings | Unauthorized Change Detection", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "cm-6.4", | |
| "TITLE": "Configuration Settings | Conformance Demonstration", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "cm-7", | |
| "TITLE": "Least Functionality", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "cm-7.1", | |
| "TITLE": "Least Functionality | Periodic Review", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "cm-7.2", | |
| "TITLE": "Least Functionality | Prevent Program Execution", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "cm-7.3", | |
| "TITLE": "Least Functionality | Registration Compliance", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "cm-7.4", | |
| "TITLE": "Least Functionality | Unauthorized Software / Blacklisting", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "cm-7.5", | |
| "TITLE": "Least Functionality | Authorized Software / Whitelisting", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "cm-8", | |
| "TITLE": "Information System Component Inventory", | |
| "Confidentiality": "NA", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "cm-8.1", | |
| "TITLE": "Information System Component Inventory | Updates During Installations / Removals", | |
| "Confidentiality": "NA", | |
| "Integrity": "Moderate", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "cm-8.2", | |
| "TITLE": "Information System Component Inventory | Automated Maintenance", | |
| "Confidentiality": "NA", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "cm-8.3", | |
| "TITLE": "Information System Component Inventory | Automated Unauthorized Component Detection", | |
| "Confidentiality": "NA", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "cm-8.4", | |
| "TITLE": "Information System Component Inventory | Accountability Information", | |
| "Confidentiality": "High", | |
| "Integrity": "High", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "cm-8.5", | |
| "TITLE": "Information System Component Inventory | No Duplicate Accounting of Components", | |
| "Confidentiality": "NA", | |
| "Integrity": "Moderate", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "cm-8.6", | |
| "TITLE": "Information System Component Inventory | Assessed Configurations / Approved Deviations", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "cm-8.7", | |
| "TITLE": "Information System Component Inventory | Centralized Repository", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "cm-8.8", | |
| "TITLE": "Information System Component Inventory | Automated Location Tracking", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "cm-8.9", | |
| "TITLE": "Information System Component Inventory | Assignment of Components to Systems", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "cm-9", | |
| "TITLE": "Configuration Management Plan", | |
| "Confidentiality": "NA", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "cm-9.1", | |
| "TITLE": "Configuration Management Plan | Assignment of Responsibility", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "cm-10", | |
| "TITLE": "Software Usage Restrictions", | |
| "Confidentiality": "NA", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "cm-10.1", | |
| "TITLE": "Software Usage Restrictions | Open Source Software", | |
| "Confidentiality": "NA", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "cm-11", | |
| "TITLE": "User-Installed Software", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "cm-11.1", | |
| "TITLE": "User-Installed Software | Alerts For Unauthorized Installations", | |
| "Confidentiality": "High", | |
| "Integrity": "High", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "cm-11.2", | |
| "TITLE": "User-Installed Software | Prohibit Installation without Privileged Status", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "cp-1", | |
| "TITLE": "Contingency Planning Policy and Procedures", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "cp-2", | |
| "TITLE": "Contingency Plan", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "cp-2.1", | |
| "TITLE": "Contingency Plan | Coordinate With Related Plans", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "Moderate" | |
| }, | |
| { | |
| "ID": "cp-2.2", | |
| "TITLE": "Contingency Plan | Capacity Planning", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "High" | |
| }, | |
| { | |
| "ID": "cp-2.3", | |
| "TITLE": "Contingency Plan | Resume Essential Missions / Business Functions", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "Moderate" | |
| }, | |
| { | |
| "ID": "cp-2.4", | |
| "TITLE": "Contingency Plan | Resume All Missions / Business Functions", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "High" | |
| }, | |
| { | |
| "ID": "cp-2.5", | |
| "TITLE": "Contingency Plan | Continue Essential Missions / Business Functions", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "High" | |
| }, | |
| { | |
| "ID": "cp-2.6", | |
| "TITLE": "Contingency Plan | Alternate Processing / Storage Site", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "cp-2.7", | |
| "TITLE": "Contingency Plan | Coordinate With External Service Providers", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "cp-2.8", | |
| "TITLE": "Contingency Plan | Identify Critical Assets", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "Moderate" | |
| }, | |
| { | |
| "ID": "cp-3", | |
| "TITLE": "Contingency Training", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "cp-3.1", | |
| "TITLE": "Contingency Training | Simulated Events", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "High" | |
| }, | |
| { | |
| "ID": "cp-3.2", | |
| "TITLE": "Contingency Training | Automated Training Environments", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "cp-4", | |
| "TITLE": "Contingency Plan Testing", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "cp-4.1", | |
| "TITLE": "Contingency Plan Testing | Coordinate With Related Plans", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "Moderate" | |
| }, | |
| { | |
| "ID": "cp-4.2", | |
| "TITLE": "Contingency Plan Testing | Alternate Processing Site", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "High" | |
| }, | |
| { | |
| "ID": "cp-4.3", | |
| "TITLE": "Contingency Plan Testing | Automated Testing", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "cp-4.4", | |
| "TITLE": "Contingency Plan Testing | Full Recovery / Reconstitution", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "cp-5", | |
| "TITLE": "Contingency Plan Update", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "cp-6", | |
| "TITLE": "Alternate Storage Site", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "Moderate" | |
| }, | |
| { | |
| "ID": "cp-6.1", | |
| "TITLE": "Alternate Storage Site | Separation From Primary Site", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "Moderate" | |
| }, | |
| { | |
| "ID": "cp-6.2", | |
| "TITLE": "Alternate Storage Site | Recovery Time / Point Objectives", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "High" | |
| }, | |
| { | |
| "ID": "cp-6.3", | |
| "TITLE": "Alternate Storage Site | Accessibility", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "Moderate" | |
| }, | |
| { | |
| "ID": "cp-7", | |
| "TITLE": "Alternate Processing Site", | |
| "Confidentiality": "Moderate", | |
| "Integrity": "Moderate", | |
| "Availability": "Moderate" | |
| }, | |
| { | |
| "ID": "cp-7.1", | |
| "TITLE": "Alternate Processing Site | Separation From Primary Site", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "Moderate" | |
| }, | |
| { | |
| "ID": "cp-7.2", | |
| "TITLE": "Alternate Processing Site | Accessibility", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "Moderate" | |
| }, | |
| { | |
| "ID": "cp-7.3", | |
| "TITLE": "Alternate Processing Site | Priority of Service", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "Moderate" | |
| }, | |
| { | |
| "ID": "cp-7.4", | |
| "TITLE": "Alternate Processing Site | Preparation for Use", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "High" | |
| }, | |
| { | |
| "ID": "cp-7.5", | |
| "TITLE": "Alternate Processing Site | Equivalent Information Security Safeguards", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "cp-7.6", | |
| "TITLE": "Alternate Processing Site | Inability to Return to Primary Site", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "cp-8", | |
| "TITLE": "Telecommunications Services", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "Moderate" | |
| }, | |
| { | |
| "ID": "cp-8.1", | |
| "TITLE": "Telecommunications Services | Priority of Service Provisions", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "Moderate" | |
| }, | |
| { | |
| "ID": "cp-8.2", | |
| "TITLE": "Telecommunications Services | Single Points of Failure", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "Moderate" | |
| }, | |
| { | |
| "ID": "cp-8.3", | |
| "TITLE": "Telecommunications Services | Separation of Primary / Alternate Providers", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "High" | |
| }, | |
| { | |
| "ID": "cp-8.4", | |
| "TITLE": "Telecommunications Services | Provider Contingency Plan", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "High" | |
| }, | |
| { | |
| "ID": "cp-8.5", | |
| "TITLE": "Telecommunications Services | Alternate Telecommunication Service Testing", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "High" | |
| }, | |
| { | |
| "ID": "cp-9", | |
| "TITLE": "Information System Backup", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "cp-9.1", | |
| "TITLE": "Information System Backup | Testing For Reliability / Integrity", | |
| "Confidentiality": "NA", | |
| "Integrity": "Moderate", | |
| "Availability": "Moderate" | |
| }, | |
| { | |
| "ID": "cp-9.2", | |
| "TITLE": "Information System Backup | Test Restoration Using Sampling", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "High" | |
| }, | |
| { | |
| "ID": "cp-9.3", | |
| "TITLE": "Information System Backup | Separate Storage for Critical Information", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "High" | |
| }, | |
| { | |
| "ID": "cp-9.4", | |
| "TITLE": "Information System Backup | Protection From Unauthorized Modification", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "cp-9.5", | |
| "TITLE": "Information System Backup | Transfer to Alternate Storage Site", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "Moderate" | |
| }, | |
| { | |
| "ID": "cp-9.6", | |
| "TITLE": "Information System Backup | Redundant Secondary System", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "cp-9.7", | |
| "TITLE": "Information System Backup | Dual Authorization", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "cp-10", | |
| "TITLE": "Information System Recovery and Reconstitution", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "cp-10.1", | |
| "TITLE": "Information System Recovery and Reconstitution | Contingency Plan Testing", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "cp-10.2", | |
| "TITLE": "Information System Recovery and Reconstitution | Transaction Recovery", | |
| "Confidentiality": "NA", | |
| "Integrity": "Moderate", | |
| "Availability": "Moderate" | |
| }, | |
| { | |
| "ID": "cp-10.3", | |
| "TITLE": "Information System Recovery and Reconstitution | Compensating Security Controls", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "cp-10.4", | |
| "TITLE": "Information System Recovery and Reconstitution | Restore Within Time Period", | |
| "Confidentiality": "NA", | |
| "Integrity": "High", | |
| "Availability": "High" | |
| }, | |
| { | |
| "ID": "cp-10.5", | |
| "TITLE": "Information System Recovery and Reconstitution | Failover Capability", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "cp-10.6", | |
| "TITLE": "Information System Recovery and Reconstitution | Component Protection", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "cp-11", | |
| "TITLE": "Alternate Communications Protocols", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "cp-12", | |
| "TITLE": "Safe Mode", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "cp-13", | |
| "TITLE": "Alternative Security Mechanisms", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ia-1", | |
| "TITLE": "Identification and Authentication Policy and Procedures", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ia-2", | |
| "TITLE": "Identification and Authentication (Organizational Users)", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ia-2.1", | |
| "TITLE": "Identification and Authentication (Organizational Users) | Network Access to Privileged Accounts", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ia-2.2", | |
| "TITLE": "Identification and Authentication (Organizational Users) | Network Access to Non-Privileged Accounts", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ia-2.3", | |
| "TITLE": "Identification and Authentication (Organizational Users) | Local Access to Privileged Accounts", | |
| "Confidentiality": "Moderate", | |
| "Integrity": "Moderate", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ia-2.4", | |
| "TITLE": "Identification and Authentication (Organizational Users) | Local Access to Non-Privileged Accounts", | |
| "Confidentiality": "Moderate", | |
| "Integrity": "Moderate", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ia-2.5", | |
| "TITLE": "Identification and Authentication (Organizational Users) | Group Authentication", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ia-2.6", | |
| "TITLE": "Identification and Authentication (Organizational Users) | Network Access to Privileged Accounts - Separate Device", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ia-2.7", | |
| "TITLE": "Identification and Authentication (Organizational Users) | Network Access to Non-Privileged Accounts - Separate Device", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ia-2.8", | |
| "TITLE": "Identification and Authentication (Organizational Users) | Network Access to Privileged Accounts - Replay Resistant", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ia-2.9", | |
| "TITLE": "Identification and Authentication (Organizational Users) | Network Access to Non-Privileged Accounts - Replay Resistant", | |
| "Confidentiality": "Moderate", | |
| "Integrity": "Moderate", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ia-2.10", | |
| "TITLE": "Identification and Authentication (Organizational Users) | Single Sign-On", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ia-2.11", | |
| "TITLE": "Identification and Authentication (Organizational Users) | Remote Access - Separate Device", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ia-2.12", | |
| "TITLE": "Identification and Authentication (Organizational Users) | Acceptance of PIV Credentials", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ia-2.13", | |
| "TITLE": "Identification and Authentication | Out-of-Band Authentication", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ia-3", | |
| "TITLE": "Device Identification and Authentication", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ia-3.1", | |
| "TITLE": "Device Identification and Authentication | Cryptographic Bidirectional Authentication", | |
| "Confidentiality": "Moderate", | |
| "Integrity": "Moderate", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ia-3.2", | |
| "TITLE": "Device Identification and Authentication | Cryptographic Bidirectional Network Authentication", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ia-3.3", | |
| "TITLE": "Device Identification and Authentication | Dynamic Address Allocation", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ia-3.4", | |
| "TITLE": "Device Identification and Authentication | Device Attestation", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ia-4", | |
| "TITLE": "Identifier Management", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ia-4.1", | |
| "TITLE": "Identifier Management | Prohibit Account Identifiers As Public Identifiers", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ia-4.2", | |
| "TITLE": "Identifier Management | Supervisor Authorization", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ia-4.3", | |
| "TITLE": "Identifier Management | Multiple Forms of Certification", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ia-4.4", | |
| "TITLE": "Identifier Management | Identify User Status", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ia-4.5", | |
| "TITLE": "Identifier Management | Dynamic Management", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ia-4.6", | |
| "TITLE": "Identifier Management | Cross-Organization Management", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ia-4.7", | |
| "TITLE": "Identifier Management | In Person Registration", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ia-5", | |
| "TITLE": "Authenticator Management", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ia-5.1", | |
| "TITLE": "Authenticator Management | Password-Based Authentication", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ia-5.2", | |
| "TITLE": "Authenticator Management | PKI-Based Authentication", | |
| "Confidentiality": "Moderate", | |
| "Integrity": "Moderate", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ia-5.3", | |
| "TITLE": "Authenticator Management | In Person or Trusted Third-Party Registration", | |
| "Confidentiality": "NA", | |
| "Integrity": "Moderate", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ia-5.4", | |
| "TITLE": "Authenticator Management | Automated Support for Password Strength Determination", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ia-5.5", | |
| "TITLE": "Authenticator Management | Change Authenticators Prior to Delivery", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ia-5.6", | |
| "TITLE": "Authenticator Management | Protection of Authenticators", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ia-5.7", | |
| "TITLE": "Authenticator Management | No Embedded Unencrypted Static Authenticators", | |
| "Confidentiality": "Low", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ia-5.8", | |
| "TITLE": "Authenticator Management | Multiple Information System Accounts", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ia-5.9", | |
| "TITLE": "Authenticator Management | Cross-Organization Credential Management", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ia-5.10", | |
| "TITLE": "Authenticator Management | Dynamic Credential Association", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ia-5.11", | |
| "TITLE": "Authenticator Management | Hardware Token-Based Authentication", | |
| "Confidentiality": "NA", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ia-5.12", | |
| "TITLE": "Authenticator Management | Biometric Authentication", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ia-5.13", | |
| "TITLE": "Authenticator Management | Expiration of Cached Authenticators", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ia-5.14", | |
| "TITLE": "Authenticator Management | Managing Content of PKI Trust stores", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ia-5.15", | |
| "TITLE": "Authenticator Management | FICAM-Approved Products and Services", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ia-6", | |
| "TITLE": "Authenticator Feedback", | |
| "Confidentiality": "Low", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ia-7", | |
| "TITLE": "Cryptographic Module Authentication", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ia-8", | |
| "TITLE": "Identification and Authentication (Non-Organizational Users)", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ia-8.1", | |
| "TITLE": "Identification and Authentication (Non-Organizational Users) | Acceptance of PIV Credentials from Other Agencies", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ia-8.2", | |
| "TITLE": "Identification and Authentication (Non-Organizational Users) | Acceptance of Third- Party Credentials", | |
| "Confidentiality": "NA", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ia-8.3", | |
| "TITLE": "Identification and Authentication (Non-Organizational Users) | Use of FICAM- Approved Products", | |
| "Confidentiality": "NA", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ia-8.4", | |
| "TITLE": "Identification and Authentication (Non-Organizational Users) | Use of FICAM-Issued Profiles", | |
| "Confidentiality": "NA", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ia-8.5", | |
| "TITLE": "Identification and Authentication (Non-Organizational Users) | Acceptance of PIV-I Credentials", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ia-9", | |
| "TITLE": "Service Identification and Authentication", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ia-9.1", | |
| "TITLE": "Service Identification and Authentication | Information Exchange", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ia-9.2", | |
| "TITLE": "Service Identification and Authentication | Transmission of Decisions", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ia-10", | |
| "TITLE": "Adaptive Identification and Authentication", | |
| "Confidentiality": "High", | |
| "Integrity": "High", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ia-11", | |
| "TITLE": "Re-authentication", | |
| "Confidentiality": "High", | |
| "Integrity": "High", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ir-1", | |
| "TITLE": "Incident Response Policy and Procedures", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "ir-2", | |
| "TITLE": "Incident Response Training", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "ir-2.1", | |
| "TITLE": "Incident Response Training | Simulated Events", | |
| "Confidentiality": "High", | |
| "Integrity": "High", | |
| "Availability": "High" | |
| }, | |
| { | |
| "ID": "ir-2.2", | |
| "TITLE": "Incident Response Training | Automated Training Environments", | |
| "Confidentiality": "NA", | |
| "Integrity": "High", | |
| "Availability": "High" | |
| }, | |
| { | |
| "ID": "ir-3", | |
| "TITLE": "Incident Response Testing", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "ir-3.1", | |
| "TITLE": "Incident Response Testing | Automated Testing", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ir-3.2", | |
| "TITLE": "Incident Response Testing | Coordination With Related Plans", | |
| "Confidentiality": "Moderate", | |
| "Integrity": "Moderate", | |
| "Availability": "Moderate" | |
| }, | |
| { | |
| "ID": "ir-4", | |
| "TITLE": "Incident Handling", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "ir-4.1", | |
| "TITLE": "Incident Handling | Automated Incident Handling Processes", | |
| "Confidentiality": "Moderate", | |
| "Integrity": "Moderate", | |
| "Availability": "Moderate" | |
| }, | |
| { | |
| "ID": "ir-4.2", | |
| "TITLE": "Incident Handling | Dynamic Reconfiguration", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ir-4.3", | |
| "TITLE": "Incident Handling | Continuity of Operations", | |
| "Confidentiality": "Moderate", | |
| "Integrity": "Moderate", | |
| "Availability": "Moderate" | |
| }, | |
| { | |
| "ID": "ir-4.4", | |
| "TITLE": "Incident Handling | Information Correlation", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "ir-4.5", | |
| "TITLE": "Incident Handling | Automatic Disabling of Information System", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ir-4.6", | |
| "TITLE": "Incident Handling | Insider Threats - Specific Capabilities", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "ir-4.7", | |
| "TITLE": "Incident Handling | Insider Threats - Intra-Organization Coordination", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "ir-4.8", | |
| "TITLE": "Incident Handling | Correlation With External Organizations", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "ir-4.9", | |
| "TITLE": "Incident Handling | Dynamic Response Capability", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ir-4.10", | |
| "TITLE": "Incident Handling | Supply Chain Coordination", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ir-5", | |
| "TITLE": "Incident Monitoring", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "ir-5.1", | |
| "TITLE": "Incident Monitoring | Automated Tracking / Data Collection / Analysis", | |
| "Confidentiality": "High", | |
| "Integrity": "High", | |
| "Availability": "High" | |
| }, | |
| { | |
| "ID": "ir-6", | |
| "TITLE": "Incident Reporting", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "ir-6.1", | |
| "TITLE": "Incident Reporting | Automated Reporting", | |
| "Confidentiality": "Moderate", | |
| "Integrity": "Moderate", | |
| "Availability": "Moderate" | |
| }, | |
| { | |
| "ID": "ir-6.2", | |
| "TITLE": "Incident Reporting | Vulnerabilities Related to Incidents", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "ir-6.3", | |
| "TITLE": "Incident Reporting | Coordination With Supply Chain", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ir-7", | |
| "TITLE": "Incident Response Assistance", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "ir-7.1", | |
| "TITLE": "Incident Response Assistance | Automation Support For Availability of Information / Support", | |
| "Confidentiality": "Moderate", | |
| "Integrity": "Moderate", | |
| "Availability": "Moderate" | |
| }, | |
| { | |
| "ID": "ir-7.2", | |
| "TITLE": "Incident Response Assistance | Coordination With External Providers", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "ir-8", | |
| "TITLE": "Incident Response Plan", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "ir-9", | |
| "TITLE": "Information Spillage Response", | |
| "Confidentiality": "Low", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ir-9.1", | |
| "TITLE": "Information Spillage Response | Responsible Personnel", | |
| "Confidentiality": "Low", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ir-9.2", | |
| "TITLE": "Information Spillage Response | Training", | |
| "Confidentiality": "Low", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ir-9.3", | |
| "TITLE": "Information Spillage Response | Post-Spill Operations", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "Moderate" | |
| }, | |
| { | |
| "ID": "ir-9.4", | |
| "TITLE": "Information Spillage Response | Exposure to Unauthorized Personnel", | |
| "Confidentiality": "Low", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ir-10", | |
| "TITLE": "Integrated Information Security Cell", | |
| "Confidentiality": "Moderate", | |
| "Integrity": "Moderate", | |
| "Availability": "Moderate" | |
| }, | |
| { | |
| "ID": "ma-1", | |
| "TITLE": "System Maintenance Policy and Procedures", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "ma-2", | |
| "TITLE": "Controlled Maintenance", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "ma-2.1", | |
| "TITLE": "Controlled Maintenance | Record Content", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ma-2.2", | |
| "TITLE": "Controlled Maintenance | Automated Maintenance Activities", | |
| "Confidentiality": "High", | |
| "Integrity": "High", | |
| "Availability": "High" | |
| }, | |
| { | |
| "ID": "ma-3", | |
| "TITLE": "Maintenance Tools", | |
| "Confidentiality": "NA", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ma-3.1", | |
| "TITLE": "Maintenance Tools | Inspect Tools", | |
| "Confidentiality": "NA", | |
| "Integrity": "Moderate", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ma-3.2", | |
| "TITLE": "Maintenance Tools | Inspect Media", | |
| "Confidentiality": "NA", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ma-3.3", | |
| "TITLE": "Maintenance Tools | Prevent Unauthorized Removal", | |
| "Confidentiality": "Low", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ma-3.4", | |
| "TITLE": "Maintenance Tools | Restricted Tool Use", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ma-4", | |
| "TITLE": "Nonlocal Maintenance", | |
| "Confidentiality": "NA", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ma-4.1", | |
| "TITLE": "Nonlocal Maintenance | Auditing and Review", | |
| "Confidentiality": "NA", | |
| "Integrity": "Moderate", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ma-4.2", | |
| "TITLE": "Nonlocal Maintenance | Document Nonlocal Maintenance", | |
| "Confidentiality": "NA", | |
| "Integrity": "Moderate", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ma-4.3", | |
| "TITLE": "Nonlocal Maintenance | Comparable Security / Sanitization", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ma-4.4", | |
| "TITLE": "Nonlocal Maintenance | Authentication / Separation of Maintenance Sessions", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ma-4.5", | |
| "TITLE": "Nonlocal Maintenance | Approvals and Notifications", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ma-4.6", | |
| "TITLE": "Nonlocal Maintenance | Cryptographic Protection", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ma-4.7", | |
| "TITLE": "Nonlocal Maintenance | Remote Disconnect Verification", | |
| "Confidentiality": "NA", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ma-5", | |
| "TITLE": "Maintenance Personnel", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "ma-5.1", | |
| "TITLE": "Maintenance Personnel | Individuals Without Appropriate Access", | |
| "Confidentiality": "High", | |
| "Integrity": "High", | |
| "Availability": "High" | |
| }, | |
| { | |
| "ID": "ma-5.2", | |
| "TITLE": "Maintenance Personnel | Security Clearances For Classified Systems", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ma-5.3", | |
| "TITLE": "Maintenance Personnel | Citizenship Requirements For Classified Systems", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ma-5.4", | |
| "TITLE": "Maintenance Personnel | Foreign Nationals", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ma-5.5", | |
| "TITLE": "Maintenance Personnel | Non System-Related Maintenance", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ma-6", | |
| "TITLE": "Timely Maintenance", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "Moderate" | |
| }, | |
| { | |
| "ID": "ma-6.1", | |
| "TITLE": "Timely Maintenance | Preventive Maintenance", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ma-6.2", | |
| "TITLE": "Timely Maintenance | Predictive Maintenance", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ma-6.3", | |
| "TITLE": "Timely Maintenance | Automated Support for Predictive Maintenance", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "mp-1", | |
| "TITLE": "Media Protection Policy and Procedures", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "mp-2", | |
| "TITLE": "Media Access", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "mp-2.1", | |
| "TITLE": "Media Access | Automated Restricted Access", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "mp-2.2", | |
| "TITLE": "Media Access | Cryptographic Protection", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "mp-3", | |
| "TITLE": "Media Marking", | |
| "Confidentiality": "Moderate", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "mp-4", | |
| "TITLE": "Media Storage", | |
| "Confidentiality": "Moderate", | |
| "Integrity": "Moderate", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "mp-4.1", | |
| "TITLE": "Media Storage | Cryptographic Protection", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "mp-4.2", | |
| "TITLE": "Media Storage | Automated Restricted Access", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "mp-5", | |
| "TITLE": "Media Transport", | |
| "Confidentiality": "Moderate", | |
| "Integrity": "Moderate", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "mp-5.1", | |
| "TITLE": "Media Transport | Protection Outside of Controlled Areas", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "mp-5.2", | |
| "TITLE": "Media Transport | Documentation of Activities", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "mp-5.3", | |
| "TITLE": "Media Transport | Custodians", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "mp-5.4", | |
| "TITLE": "Media Transport | Cryptographic Protection", | |
| "Confidentiality": "Moderate", | |
| "Integrity": "Moderate", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "mp-6", | |
| "TITLE": "Media Sanitization", | |
| "Confidentiality": "Low", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "mp-6.1", | |
| "TITLE": "Media Sanitization | Review / Approve / Track / Document / Verify", | |
| "Confidentiality": "High", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "mp-6.2", | |
| "TITLE": "Media Sanitization | Equipment Testing", | |
| "Confidentiality": "High", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "mp-6.3", | |
| "TITLE": "Media Sanitization | Nondestructive Techniques", | |
| "Confidentiality": "High", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "mp-6.4", | |
| "TITLE": "Media Sanitization | Controlled Unclassified Information", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "mp-6.5", | |
| "TITLE": "Media Sanitization | Classified Information", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "mp-6.6", | |
| "TITLE": "Media Sanitization | Media Destruction", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "mp-6.7", | |
| "TITLE": "Media Sanitization | Dual Authorization", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "mp-6.8", | |
| "TITLE": "Media Sanitization | Remote Purging / Wiping of Information", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "mp-7", | |
| "TITLE": "Media Use", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "mp-7.1", | |
| "TITLE": "Media Use | Prohibit Use without Owner", | |
| "Confidentiality": "NA", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "mp-7.2", | |
| "TITLE": "Media Use | Prohibit Use of Sanitization-Resistant Media", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "mp-8", | |
| "TITLE": "Media Downgrading", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "mp-8.1", | |
| "TITLE": "Media Downgrading | Documentation of Process", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "mp-8.2", | |
| "TITLE": "Media Downgrading | Equipment Testing", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "mp-8.3", | |
| "TITLE": "Media Downgrading | Controlled Unclassified Information", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "mp-8.4", | |
| "TITLE": "Media Downgrading | Classified Information", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "pe-1", | |
| "TITLE": "Physical and Environmental Protection Policy and Procedures", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "pe-2", | |
| "TITLE": "Physical Access Authorizations", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "pe-2.1", | |
| "TITLE": "Physical Access Authorizations | Access by Position / Role", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "pe-2.2", | |
| "TITLE": "Physical Access Authorizations | Two Forms of Identification", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "pe-2.3", | |
| "TITLE": "Physical Access Authorizations | Restrict Unescorted Access", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "pe-3", | |
| "TITLE": "Physical Access Control", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "pe-3.1", | |
| "TITLE": "Physical Access Control | Information System Access", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "pe-3.2", | |
| "TITLE": "Physical Access Control | Facility / Information System Boundaries", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "pe-3.3", | |
| "TITLE": "Physical Access Control | Continuous Guards / Alarms / Monitoring", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "pe-3.4", | |
| "TITLE": "Physical Access Control | Lockable Casings", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "pe-3.5", | |
| "TITLE": "Physical Access Control | Tamper Protection", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "pe-3.6", | |
| "TITLE": "Physical Access Control | Facility Penetration Testing", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "pe-4", | |
| "TITLE": "Access Control For Transmission Medium", | |
| "Confidentiality": "Moderate", | |
| "Integrity": "Moderate", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "pe-5", | |
| "TITLE": "Access Control For Output Devices", | |
| "Confidentiality": "Moderate", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "pe-5.1", | |
| "TITLE": "Access Control For Output Devices | Access to Output by Authorized Individuals", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "pe-5.2", | |
| "TITLE": "Access Control For Output Devices | Access to Output by Individual Identity", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "pe-5.3", | |
| "TITLE": "Access Control For Output Devices | Marking Output Devices", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "pe-6", | |
| "TITLE": "Monitoring Physical Access", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "pe-6.1", | |
| "TITLE": "Monitoring Physical Access | Intrusion Alarms / Surveillance Equipment", | |
| "Confidentiality": "Moderate", | |
| "Integrity": "Moderate", | |
| "Availability": "Moderate" | |
| }, | |
| { | |
| "ID": "pe-6.2", | |
| "TITLE": "Monitoring Physical Access | Automated Intrusion Recognition / Responses", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "pe-6.3", | |
| "TITLE": "Monitoring Physical Access | Video Surveillance", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "pe-6.4", | |
| "TITLE": "Monitoring Physical Access | Monitoring Physical Access to Information Systems", | |
| "Confidentiality": "High", | |
| "Integrity": "High", | |
| "Availability": "High" | |
| }, | |
| { | |
| "ID": "pe-7", | |
| "TITLE": "Visitor Control", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "pe-7.1", | |
| "TITLE": "Visitor Control", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "pe-7.2", | |
| "TITLE": "Visitor Control", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "pe-8", | |
| "TITLE": "Visitor Access Records", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "pe-8.1", | |
| "TITLE": "Visitor Access Records | Automated Records Maintenance / Review", | |
| "Confidentiality": "High", | |
| "Integrity": "High", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "pe-8.2", | |
| "TITLE": "Visitor Access Records | Physical Access Records", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "pe-9", | |
| "TITLE": "Power Equipment and Cabling", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "Moderate" | |
| }, | |
| { | |
| "ID": "pe-9.1", | |
| "TITLE": "Power Equipment and Cabling | Redundant Cabling", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "pe-9.2", | |
| "TITLE": "Power Equipment and Cabling | Automatic Voltage Controls", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "pe-10", | |
| "TITLE": "Emergency Shutoff", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "Moderate" | |
| }, | |
| { | |
| "ID": "pe-10.1", | |
| "TITLE": "Emergency Shutoff | Accidental / Unauthorized Activation", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "pe-11", | |
| "TITLE": "Emergency Power", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "Moderate" | |
| }, | |
| { | |
| "ID": "pe-11.1", | |
| "TITLE": "Emergency Power | Long-Term Alternate Power Supply - Minimal Operational Capability", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "High" | |
| }, | |
| { | |
| "ID": "pe-11.2", | |
| "TITLE": "Emergency Power | Long-Term Alternate Power Supply - Self-Contained", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "pe-12", | |
| "TITLE": "Emergency Lighting", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "pe-12.1", | |
| "TITLE": "Emergency Lighting | Essential Missions / Business Functions", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "pe-13", | |
| "TITLE": "Fire Protection", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "pe-13.1", | |
| "TITLE": "Fire Protection | Detection Devices / Systems", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "High" | |
| }, | |
| { | |
| "ID": "pe-13.2", | |
| "TITLE": "Fire Protection | Suppression Devices / Systems", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "High" | |
| }, | |
| { | |
| "ID": "pe-13.3", | |
| "TITLE": "Fire Protection | Automatic Fire Suppression", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "Moderate" | |
| }, | |
| { | |
| "ID": "pe-13.4", | |
| "TITLE": "Fire Protection | Inspections", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "High" | |
| }, | |
| { | |
| "ID": "pe-14", | |
| "TITLE": "Temperature and Humidity Controls", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "pe-14.1", | |
| "TITLE": "Temperature and Humidity Controls | Automatic Controls", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "pe-14.2", | |
| "TITLE": "Temperature and Humidity Controls | Monitoring With Alarms / Notifications", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "pe-15", | |
| "TITLE": "Water Damage Protection", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "pe-15.1", | |
| "TITLE": "Water Damage Protection | Automation Support", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "High" | |
| }, | |
| { | |
| "ID": "pe-16", | |
| "TITLE": "Delivery and Removal", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "pe-17", | |
| "TITLE": "Alternate Work Site", | |
| "Confidentiality": "Moderate", | |
| "Integrity": "Moderate", | |
| "Availability": "Moderate" | |
| }, | |
| { | |
| "ID": "pe-18", | |
| "TITLE": "Location of Information System Components", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "High" | |
| }, | |
| { | |
| "ID": "pe-18.1", | |
| "TITLE": "Location of Information System Components | Facility Site", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "pe-19", | |
| "TITLE": "Information Leakage", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "pe-19.1", | |
| "TITLE": "Information Leakage | National Emissions / TEMPEST Policies and Procedures", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "pe-20", | |
| "TITLE": "Asset Monitoring and Tracking", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "pl-1", | |
| "TITLE": "Security Planning Policy and Procedures", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "pl-2", | |
| "TITLE": "System Security Plan", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "pl-2.1", | |
| "TITLE": "System Security Plan | Concept of Operations", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "pl-2.2", | |
| "TITLE": "System Security Plan | Functional Architecture", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "pl-2.3", | |
| "TITLE": "System Security Plan | Plan / Coordinate With Other Organizational Entities", | |
| "Confidentiality": "Moderate", | |
| "Integrity": "Moderate", | |
| "Availability": "Moderate" | |
| }, | |
| { | |
| "ID": "pl-3", | |
| "TITLE": "System Security Plan Update", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "pl-4", | |
| "TITLE": "Rules of Behavior", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "pl-4.1", | |
| "TITLE": "Rules of Behavior | Social Media and Networking Restrictions", | |
| "Confidentiality": "Moderate", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "pl-5", | |
| "TITLE": "Privacy Impact Assessment", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "pl-6", | |
| "TITLE": "Security-Related Activity Planning", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "pl-7", | |
| "TITLE": "Security Concept of Operations", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "pl-8", | |
| "TITLE": "Information Security Architecture", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "pl-8.1", | |
| "TITLE": "Information Security Architecture | Defense-in-Depth", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "pl-8.2", | |
| "TITLE": "Information Security Architecture | Supplier Diversity", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "pl-9", | |
| "TITLE": "Central Management", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ps-1", | |
| "TITLE": "Personnel Security Policy and Procedures", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "ps-2", | |
| "TITLE": "Position Risk Designation", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "ps-3", | |
| "TITLE": "Personnel Screening", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ps-3.1", | |
| "TITLE": "Personnel Screening | Classified Information", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ps-3.2", | |
| "TITLE": "Personnel Screening | Formal Indoctrination", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ps-3.3", | |
| "TITLE": "Personnel Screening | Information With Special Protection Measures", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ps-4", | |
| "TITLE": "Personnel Termination", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "ps-4.1", | |
| "TITLE": "Personnel Termination | Post-Employment Requirements", | |
| "Confidentiality": "Low", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ps-4.2", | |
| "TITLE": "Personnel Termination | Automated Notification", | |
| "Confidentiality": "High", | |
| "Integrity": "High", | |
| "Availability": "High" | |
| }, | |
| { | |
| "ID": "ps-5", | |
| "TITLE": "Personnel Transfer", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "ps-6", | |
| "TITLE": "Access Agreements", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ps-6.1", | |
| "TITLE": "Access Agreements | Information Requiring Special Protection", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ps-6.2", | |
| "TITLE": "Access Agreements | Classified Information Requiring Special Protection", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ps-6.3", | |
| "TITLE": "Access Agreements | Post-Employment Requirements", | |
| "Confidentiality": "Low", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ps-7", | |
| "TITLE": "Third-Party Personnel Security", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ps-8", | |
| "TITLE": "Personnel Sanctions", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "ra-1", | |
| "TITLE": "Risk Assessment Policy and Procedures", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "ra-2", | |
| "TITLE": "Security Categorization", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "ra-3", | |
| "TITLE": "Risk Assessment", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "ra-4", | |
| "TITLE": "Risk Assessment Update", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ra-5", | |
| "TITLE": "Vulnerability Scanning", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "ra-5.1", | |
| "TITLE": "Vulnerability Scanning | Update Tool Capability", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "ra-5.2", | |
| "TITLE": "Vulnerability Scanning | Update by Frequency / Prior to New Scan / When Identified", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "ra-5.3", | |
| "TITLE": "Vulnerability Scanning | Breadth /Depth of Coverage", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ra-5.4", | |
| "TITLE": "Vulnerability Scanning | Discoverable Information", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "ra-5.5", | |
| "TITLE": "Vulnerability Scanning | Privileged Access", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "ra-5.6", | |
| "TITLE": "Vulnerability Scanning | Automated Trend Analyses", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ra-5.7", | |
| "TITLE": "Vulnerability Scanning | Automated Detection and Notification of Unauthorized Components", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ra-5.8", | |
| "TITLE": "Vulnerability Scanning | Review Historic Audit Logs", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ra-5.9", | |
| "TITLE": "Vulnerability Scanning | Penetration Testing and Analyses", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ra-5.10", | |
| "TITLE": "Vulnerability Scanning | Correlate Scanning Information", | |
| "Confidentiality": "High", | |
| "Integrity": "High", | |
| "Availability": "High" | |
| }, | |
| { | |
| "ID": "ra-6", | |
| "TITLE": "Technical Surveillance Countermeasures Survey", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sa-1", | |
| "TITLE": "System and Services Acquisition Policy and Procedures", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "sa-2", | |
| "TITLE": "Allocation of Resources", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "sa-3", | |
| "TITLE": "System Development Life Cycle", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "sa-4", | |
| "TITLE": "Acquisition Process", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "sa-4.1", | |
| "TITLE": "Acquisition Process | Functional Properties of Security Controls", | |
| "Confidentiality": "Moderate", | |
| "Integrity": "Moderate", | |
| "Availability": "Moderate" | |
| }, | |
| { | |
| "ID": "sa-4.2", | |
| "TITLE": "Acquisition Process | Design / Implementation Information for Security Controls", | |
| "Confidentiality": "Moderate", | |
| "Integrity": "Moderate", | |
| "Availability": "Moderate" | |
| }, | |
| { | |
| "ID": "sa-4.3", | |
| "TITLE": "Acquisition Process | Development Methods / Techniques / Practices", | |
| "Confidentiality": "NA", | |
| "Integrity": "High", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sa-4.4", | |
| "TITLE": "Acquisition Process | Assignment of Components to Systems", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sa-4.5", | |
| "TITLE": "Acquisition Process | System / Component / Service Configurations", | |
| "Confidentiality": "NA", | |
| "Integrity": "High", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sa-4.6", | |
| "TITLE": "Acquisition Process | Use of Information Assurance Products", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sa-4.7", | |
| "TITLE": "Acquisition Process | NIAP-Approved Protection Profiles", | |
| "Confidentiality": "NA", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sa-4.8", | |
| "TITLE": "Acquisition Process | Continuous Monitoring Plan", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sa-4.9", | |
| "TITLE": "Acquisition Process | Functions / Ports / Protocols / Services in Use", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "sa-4.10", | |
| "TITLE": "Acquisition Process | Use of Approved PIV Products", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sa-5", | |
| "TITLE": "Information System Documentation", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "sa-5.1", | |
| "TITLE": "Information System Documentation | Functional Properties of Security Controls", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sa-5.2", | |
| "TITLE": "Information System Documentation | Security-Relevant External System Interfaces", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sa-5.3", | |
| "TITLE": "Information System Documentation | High-Level Design", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sa-5.4", | |
| "TITLE": "Information System Documentation | Low-Level Design", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sa-5.5", | |
| "TITLE": "Information System Documentation | Source Code", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sa-6", | |
| "TITLE": "Software Usage Restrictions", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sa-6.1", | |
| "TITLE": "Software Usage Restrictions", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sa-7", | |
| "TITLE": "User-Installed Software", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sa-8", | |
| "TITLE": "Security Engineering Principles", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "sa-9", | |
| "TITLE": "External Information System Services", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "sa-9.1", | |
| "TITLE": "External Information Systems | Risk Assessments / Organizational Approvals", | |
| "Confidentiality": "NA", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sa-9.2", | |
| "TITLE": "External Information Systems | Identification of Functions / Ports / Protocols / Services", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "sa-9.3", | |
| "TITLE": "External Information Systems | Establish / Maintain Trust Relationship with Providers", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sa-9.4", | |
| "TITLE": "External Information Systems | Consistent Interests of Consumers and Providers", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sa-9.5", | |
| "TITLE": "External Information Systems | Processing, Storage, and Service Location", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sa-10", | |
| "TITLE": "Developer Configuration Management", | |
| "Confidentiality": "NA", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sa-10.1", | |
| "TITLE": "Developer Configuration Management | Software / Firmware Integrity Verification", | |
| "Confidentiality": "NA", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sa-10.2", | |
| "TITLE": "Developer Configuration Management | Alternative Configuration Management Processes", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sa-10.3", | |
| "TITLE": "Developer Configuration Management | Hardware Integrity Verification", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sa-10.4", | |
| "TITLE": "Developer Configuration Management | Trusted Generation", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sa-10.5", | |
| "TITLE": "Developer Configuration Management | Mapping Integrity for Version Control", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sa-10.6", | |
| "TITLE": "Developer Configuration Management | Trusted Distribution", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sa-11", | |
| "TITLE": "Developer Security Testing and Evaluation", | |
| "Confidentiality": "Moderate", | |
| "Integrity": "Moderate", | |
| "Availability": "Moderate" | |
| }, | |
| { | |
| "ID": "sa-11.1", | |
| "TITLE": "Developer Security Testing and Evaluation | Static Code Analysis", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sa-11.2", | |
| "TITLE": "Developer Security Testing and Evaluation | Threat and Vulnerability Analyses", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sa-11.3", | |
| "TITLE": "Developer Security Testing and Evaluation | Independent Verification of Assessment Plans / Evidence", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sa-11.4", | |
| "TITLE": "Developer Security Testing and Evaluation | Manual Code Reviews", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sa-11.5", | |
| "TITLE": "Developer Security Testing and Evaluation | Penetration Testing / Analysis", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sa-11.6", | |
| "TITLE": "Developer Security Testing and Evaluation | Attack Surface Reviews", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sa-11.7", | |
| "TITLE": "Developer Security Testing and Evaluation | Verify Scope of Testing / Evaluation", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sa-11.8", | |
| "TITLE": "Developer Security Testing and Evaluation | Dynamic Code Analysis", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sa-12", | |
| "TITLE": "Supply Chain Protection", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "sa-12.1", | |
| "TITLE": "Supply Chain Protection | Acquisition Strategies / Tools / Methods", | |
| "Confidentiality": "High", | |
| "Integrity": "High", | |
| "Availability": "High" | |
| }, | |
| { | |
| "ID": "sa-12.2", | |
| "TITLE": "Supply Chain Protection | Supplier Reviews", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sa-12.3", | |
| "TITLE": "Supply Chain Protection | Trusted Shipping and Warehousing", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sa-12.4", | |
| "TITLE": "Supply Chain Protection | Diversity of Suppliers", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sa-12.5", | |
| "TITLE": "Supply Chain Protection | Limitation of Harm", | |
| "Confidentiality": "High", | |
| "Integrity": "High", | |
| "Availability": "High" | |
| }, | |
| { | |
| "ID": "sa-12.6", | |
| "TITLE": "Supply Chain Protection | Minimizing Procurement Time", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sa-12.7", | |
| "TITLE": "Supply Chain Protection | Assessments Prior to Selection / Acceptance / Update", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sa-12.8", | |
| "TITLE": "Supply Chain Protection | Use of All-Source Intelligence", | |
| "Confidentiality": "High", | |
| "Integrity": "High", | |
| "Availability": "High" | |
| }, | |
| { | |
| "ID": "sa-12.9", | |
| "TITLE": "Supply Chain Protection | Operations Security", | |
| "Confidentiality": "High", | |
| "Integrity": "High", | |
| "Availability": "High" | |
| }, | |
| { | |
| "ID": "sa-12.10", | |
| "TITLE": "Supply Chain Protection | Validate As Genuine and Not Altered", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sa-12.11", | |
| "TITLE": "Supply Chain Protection | Penetration Testing / Analysis of Elements, Processes, and Actors", | |
| "Confidentiality": "High", | |
| "Integrity": "High", | |
| "Availability": "High" | |
| }, | |
| { | |
| "ID": "sa-12.12", | |
| "TITLE": "Supply Chain Protection | Inter-Organizational Agreements", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sa-12.13", | |
| "TITLE": "Supply Chain Protection | Critical Information System Components", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sa-12.14", | |
| "TITLE": "Supply Chain Protection | Identity and Traceability", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sa-12.15", | |
| "TITLE": "Supply Chain Protection | Processes to Address Weaknesses or Deficiencies", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sa-13", | |
| "TITLE": "Trustworthiness", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sa-14", | |
| "TITLE": "Criticality Analysis", | |
| "Confidentiality": "High", | |
| "Integrity": "High", | |
| "Availability": "High" | |
| }, | |
| { | |
| "ID": "sa-14.1", | |
| "TITLE": "Criticality Analysis / Critical Components with No Viable Alternative Sourcing", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sa-15", | |
| "TITLE": "Development Process, Standards, and Tools", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "sa-15.1", | |
| "TITLE": "Development Process, Standards, and Tools | Quality Metrics", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sa-15.2", | |
| "TITLE": "Development Process, Standards, and Tools | Security Tracking Tools", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sa-15.3", | |
| "TITLE": "Development Process, Standards, and Tools | Criticality Analysis", | |
| "Confidentiality": "High", | |
| "Integrity": "High", | |
| "Availability": "High" | |
| }, | |
| { | |
| "ID": "sa-15.4", | |
| "TITLE": "Development Process, Standards, and Tools | Threat Modeling / Vulnerability Analysis", | |
| "Confidentiality": "High", | |
| "Integrity": "High", | |
| "Availability": "High" | |
| }, | |
| { | |
| "ID": "sa-15.5", | |
| "TITLE": "Development Process, Standards, and Tools | Attack Surface Reduction", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sa-15.6", | |
| "TITLE": "Development Process, Standards, and Tools | Continuous Improvement", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sa-15.7", | |
| "TITLE": "Development Process, Standards, and Tools | Automated Vulnerability Analysis", | |
| "Confidentiality": "NA", | |
| "Integrity": "High", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sa-15.8", | |
| "TITLE": "Development Process, Standards, and Tools | Reuse of Threat / Vulnerability Information", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sa-15.9", | |
| "TITLE": "Development Process, Standards, and Tools | Use of Live Data", | |
| "Confidentiality": "Low", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sa-15.10", | |
| "TITLE": "Development Process, Standards, and Tools | Incident Response Plan", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sa-15.11", | |
| "TITLE": "Development Process, Standards, and Tools | Archive Information System / Component", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sa-16", | |
| "TITLE": "Developer-Provided Training", | |
| "Confidentiality": "High", | |
| "Integrity": "High", | |
| "Availability": "High" | |
| }, | |
| { | |
| "ID": "sa-17", | |
| "TITLE": "Developer Security Architecture and Design", | |
| "Confidentiality": "High", | |
| "Integrity": "High", | |
| "Availability": "High" | |
| }, | |
| { | |
| "ID": "sa-17.1", | |
| "TITLE": "Developer Security Architecture and Design | Formal Policy Model", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sa-17.2", | |
| "TITLE": "Developer Security Architecture and Design | Security-Relevant Components", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sa-17.3", | |
| "TITLE": "Developer Security Architecture and Design | Formal Correspondence", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sa-17.4", | |
| "TITLE": "Developer Security Architecture and Design | Informal Correspondence", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sa-17.5", | |
| "TITLE": "Developer Security Architecture and Design | Conceptually Simple Design", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sa-17.6", | |
| "TITLE": "Developer Security Architecture and Design | Structure for Testing", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sa-17.7", | |
| "TITLE": "Developer Security Architecture and Design | Structure for Least Privilege", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sa-18", | |
| "TITLE": "Tamper Resistance and Detection", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sa-18.1", | |
| "TITLE": "Tamper Resistance and Detection | Multiple Phases of SDLC", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sa-18.2", | |
| "TITLE": "Tamper Resistance and Detection | Inspection of Information Systems, Components, or Devices", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sa-19", | |
| "TITLE": "Component Authenticity", | |
| "Confidentiality": "NA", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sa-19.1", | |
| "TITLE": "Component Authenticity | Anti-Counterfeit Training", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sa-19.2", | |
| "TITLE": "Component Authenticity | Configuration Control for Component Service / Repair", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sa-19.3", | |
| "TITLE": "Component Authenticity | Component Disposal", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sa-19.4", | |
| "TITLE": "Component Authenticity | Anti-Counterfeit Scanning", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sa-20", | |
| "TITLE": "Customized Development of Critical Components", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sa-21", | |
| "TITLE": "Developer Screening", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sa-21.1", | |
| "TITLE": "Developer Screening | Validation of Screening", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sa-22", | |
| "TITLE": "Unsupported System Components", | |
| "Confidentiality": "High", | |
| "Integrity": "High", | |
| "Availability": "High" | |
| }, | |
| { | |
| "ID": "sa-22.1", | |
| "TITLE": "Unsupported System Components | Alternative Sources for Continued Support", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-1", | |
| "TITLE": "System and Communications Protection Policy and Procedures", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "sc-2", | |
| "TITLE": "Application Partitioning", | |
| "Confidentiality": "Moderate", | |
| "Integrity": "Moderate", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-2.1", | |
| "TITLE": "Application Partitioning | Interfaces For Non-Privileged Users", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-3", | |
| "TITLE": "Security Function Isolation", | |
| "Confidentiality": "High", | |
| "Integrity": "High", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-3.1", | |
| "TITLE": "Security Function Isolation | Hardware Separation", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-3.2", | |
| "TITLE": "Security Function Isolation | Access / Flow Control Functions", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-3.3", | |
| "TITLE": "Security Function Isolation | Minimize Nonsecurity Functionality", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-3.4", | |
| "TITLE": "Security Function Isolation | Module Coupling and Cohesiveness", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-3.5", | |
| "TITLE": "Security Function Isolation | Layered Structures", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-4", | |
| "TITLE": "Information In Shared Resources", | |
| "Confidentiality": "Moderate", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-4.1", | |
| "TITLE": "Information In Shared Resources | Security Levels", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-4.2", | |
| "TITLE": "Information In Shared Resources | Periods Processing", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-5", | |
| "TITLE": "Denial of Service Protection", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "sc-5.1", | |
| "TITLE": "Denial of Service Protection | Restrict Internal Users", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "sc-5.2", | |
| "TITLE": "Denial of Service Protection | Excess Capacity / Bandwidth / Redundancy", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "Moderate" | |
| }, | |
| { | |
| "ID": "sc-5.3", | |
| "TITLE": "Denial of Service Protection | Detection / Monitoring", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "Moderate" | |
| }, | |
| { | |
| "ID": "sc-6", | |
| "TITLE": "Resource Availability", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-7", | |
| "TITLE": "Boundary Protection", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-7.1", | |
| "TITLE": "Boundary Protection | Physically Separated Subnetworks", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-7.2", | |
| "TITLE": "Boundary Protection | Public Access", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-7.3", | |
| "TITLE": "Boundary Protection | Access Points", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-7.4", | |
| "TITLE": "Boundary Protection | External Telecommunications Services", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-7.5", | |
| "TITLE": "Boundary Protection | Deny by Default / Allow by Exception", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-7.6", | |
| "TITLE": "Boundary Protection | Response to Recognized Failures", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-7.7", | |
| "TITLE": "Boundary Protection | Prevent Split Tunneling for Remote Devices", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-7.8", | |
| "TITLE": "Boundary Protection | Route Traffic to Authenticated Proxy Servers", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-7.9", | |
| "TITLE": "Boundary Protection | Restrict Threatening Outgoing Communications Traffic", | |
| "Confidentiality": "NA", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-7.10", | |
| "TITLE": "Boundary Protection | Prevent Unauthorized Exfiltration", | |
| "Confidentiality": "Low", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-7.11", | |
| "TITLE": "Boundary Protection | Restrict Incoming Communications Traffic", | |
| "Confidentiality": "NA", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-7.12", | |
| "TITLE": "Boundary Protection | Host-Based Protection", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "sc-7.13", | |
| "TITLE": "Boundary Protection | Isolation of Security Tools / Mechanisms / Support Components", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-7.14", | |
| "TITLE": "Boundary Protection | Protect Against Unauthorized Physical Connections", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-7.15", | |
| "TITLE": "Boundary Protection | Route Privileged Network Accesses", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-7.16", | |
| "TITLE": "Boundary Protection | Prevent Discovery of Components / Devices", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-7.17", | |
| "TITLE": "Boundary Protection | Automated Enforcement of Protocol Formats", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-7.18", | |
| "TITLE": "Boundary Protection | Fail Secure", | |
| "Confidentiality": "High", | |
| "Integrity": "High", | |
| "Availability": "High" | |
| }, | |
| { | |
| "ID": "sc-7.19", | |
| "TITLE": "Boundary Protection | Block Communication from Non-Organizationally Configured Hosts", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-7.20", | |
| "TITLE": "Boundary Protection | Dynamic Isolation / Segregation", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-7.21", | |
| "TITLE": "Boundary Protection | Isolation of Information System Components", | |
| "Confidentiality": "High", | |
| "Integrity": "High", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-7.22", | |
| "TITLE": "Boundary Protection | Separate Subnets for Connecting to Different Security Domains", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-7.23", | |
| "TITLE": "Boundary Protection | Disable Sender Feedback on Protocol Validation Failure", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-8", | |
| "TITLE": "Transmission Confidentiality and Integrity", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-8.1", | |
| "TITLE": "Transmission Confidentiality and Integrity | Cryptographic or Alternate Physical Protection", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-8.2", | |
| "TITLE": "Transmission Confidentiality and Integrity | Pre / Post Transmission Handling", | |
| "Confidentiality": "Moderate", | |
| "Integrity": "Moderate", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-8.3", | |
| "TITLE": "Transmission Confidentiality and Integrity | Cryptographic Protection for Message Externals", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-8.4", | |
| "TITLE": "Transmission Confidentiality and Integrity | Conceal / Randomize Communications", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-9", | |
| "TITLE": "Transmission Confidentiality", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-9.1", | |
| "TITLE": "Transmission Confidentiality | Cryptographic or Alternate Physical Protection", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-9.2", | |
| "TITLE": "Transmission Confidentiality | Pre / Post Transmission Handling", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-10", | |
| "TITLE": "Network Disconnect", | |
| "Confidentiality": "Moderate", | |
| "Integrity": "Moderate", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-11", | |
| "TITLE": "Trusted Path", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-11.1", | |
| "TITLE": "Trusted Path | Logical Isolation", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-12", | |
| "TITLE": "Cryptographic Key Establishment and Management", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-12.1", | |
| "TITLE": "Cryptographic Key Establishment and Management | Availability", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "High" | |
| }, | |
| { | |
| "ID": "sc-12.2", | |
| "TITLE": "Cryptographic Key Establishment and Management | Symmetric Keys", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-12.3", | |
| "TITLE": "Cryptographic Key Establishment and Management | Asymmetric Keys", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-12.4", | |
| "TITLE": "Cryptographic Key Establishment and Management | PKI Certificates", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-12.5", | |
| "TITLE": "Cryptographic Key Establishment and Management | PKI Certificates / Hardware Tokens", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-13", | |
| "TITLE": "Cryptographic Protection", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-13.1", | |
| "TITLE": "Cryptographic Protection | FIPS-Validated Cryptography", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-13.2", | |
| "TITLE": "Cryptographic Protection | NSA-Approved Cryptography", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-13.3", | |
| "TITLE": "Cryptographic Protection | Individuals Without Formal Access Approvals", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-13.4", | |
| "TITLE": "Cryptographic Protection | Digital Signatures", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-14", | |
| "TITLE": "Public Access Protections", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-15", | |
| "TITLE": "Collaborative Computing Devices", | |
| "Confidentiality": "Low", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-15.1", | |
| "TITLE": "Collaborative Computing Devices | Physical Disconnect", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-15.2", | |
| "TITLE": "Collaborative Computing Devices | Blocking Inbound / Outbound Communications Traffic", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-15.3", | |
| "TITLE": "Collaborative Computing Devices | Disabling / Removal In Secure Work Areas", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-15.4", | |
| "TITLE": "Collaborative Computing Devices | Explicitly Indicate Current Participants", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-16", | |
| "TITLE": "Transmission of Security Attributes", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-16.1", | |
| "TITLE": "Transmission of Security Attributes | Integrity Validation", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-17", | |
| "TITLE": "Public Key Infrastructure Certificates", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-18", | |
| "TITLE": "Mobile Code", | |
| "Confidentiality": "NA", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-18.1", | |
| "TITLE": "Mobile Code | Identify Unacceptable Code / Take Corrective Actions", | |
| "Confidentiality": "NA", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-18.2", | |
| "TITLE": "Mobile Code | Acquisition / Development / Use", | |
| "Confidentiality": "NA", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-18.3", | |
| "TITLE": "Mobile Code | Prevent Downloading / Execution", | |
| "Confidentiality": "NA", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-18.4", | |
| "TITLE": "Mobile Code | Prevent Automatic Execution", | |
| "Confidentiality": "NA", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-18.5", | |
| "TITLE": "Mobile Code | Allow Execution Only In Confined Environments", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-19", | |
| "TITLE": "Voice Over Internet Protocol", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "sc-20", | |
| "TITLE": "Secure Name / Address Resolution Service (Authoritative Source)", | |
| "Confidentiality": "NA", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-20.1", | |
| "TITLE": "Secure Name / Address Resolution Service (Authoritative Source) | Child Subspaces", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-20.2", | |
| "TITLE": "Secure Name / Address Resolution Service (Authoritative Source) | Data Origin / Integrity", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-21", | |
| "TITLE": "Secure Name / Address Resolution Service (Recursive or Caching Resolver)", | |
| "Confidentiality": "NA", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-21.1", | |
| "TITLE": "Secure Name / Address Resolution Service (Recursive or Caching Resolver) | Data Origin / Integrity", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-22", | |
| "TITLE": "Architecture and Provisioning for Name / Address Resolution Service", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "sc-23", | |
| "TITLE": "Session Authenticity", | |
| "Confidentiality": "NA", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-23.1", | |
| "TITLE": "Session Authenticity | Invalidate Session Identifiers At Logout", | |
| "Confidentiality": "NA", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-23.2", | |
| "TITLE": "Session Authenticity | User-Initiated Logouts / Message Displays", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-23.3", | |
| "TITLE": "Session Authenticity | Unique Session Identifiers With Randomization", | |
| "Confidentiality": "NA", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-23.4", | |
| "TITLE": "Session Authenticity | Unique Session Identifiers With Randomization", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-23.5", | |
| "TITLE": "Session Authenticity | Allowed Certificate Authorities", | |
| "Confidentiality": "NA", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-24", | |
| "TITLE": "Fail In Known State", | |
| "Confidentiality": "High", | |
| "Integrity": "High", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-25", | |
| "TITLE": "Thin Nodes", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-26", | |
| "TITLE": "Honeypots", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-26.1", | |
| "TITLE": "Honeypots | Detection of Malicious Code", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-27", | |
| "TITLE": "Platform-Independent Applications", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-28", | |
| "TITLE": "Protection of Information At Rest", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-28.1", | |
| "TITLE": "Protection of Information At Rest | Cryptographic Protection", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-28.2", | |
| "TITLE": "Protection of Information At Rest | Off-Line Storage", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-29", | |
| "TITLE": "Heterogeneity", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-29.1", | |
| "TITLE": "Heterogeneity | Virtualization Techniques", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-30", | |
| "TITLE": "Concealment and Misdirection", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-30.1", | |
| "TITLE": "Concealment and Misdirection | Virtualization Techniques", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-30.2", | |
| "TITLE": "Concealment and Misdirection | Randomness", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-30.3", | |
| "TITLE": "Concealment and Misdirection | Change Processing / Storage Locations", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-30.4", | |
| "TITLE": "Concealment and Misdirection | Misleading Information", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-30.5", | |
| "TITLE": "Concealment and Misdirection | Concealment of System Components", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-31", | |
| "TITLE": "Covert Channel Analysis", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-31.1", | |
| "TITLE": "Covert Channel Analysis | Test Covert Channels for Exploitability", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-31.2", | |
| "TITLE": "Covert Channel Analysis | Maximum Bandwidth", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-31.3", | |
| "TITLE": "Covert Channel Analysis | Measure Bandwidth In Operational Environments", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-32", | |
| "TITLE": "Information System Partitioning", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-33", | |
| "TITLE": "Transmission Preparation Integrity", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-34", | |
| "TITLE": "Non-modifiable executable programs", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-34.1", | |
| "TITLE": "Non-Modifiable Executable Programs | No Writable Storage", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-34.2", | |
| "TITLE": "Non-Modifiable Executable Programs | Integrity Protection / Read-Only Media", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-34.3", | |
| "TITLE": "Non-Modifiable Executable Programs | Hardware-Based Protection", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-35", | |
| "TITLE": "Honeyclients", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-36", | |
| "TITLE": "Distributed Processing and Storage", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-36.1", | |
| "TITLE": "Distributed Processing and Storage | Polling Techniques", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-37", | |
| "TITLE": "Out-of-Band Channels", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-37.1", | |
| "TITLE": "Out-Of-Band Channels | Ensure Delivery / Transmission", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-38", | |
| "TITLE": "Operations Security", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "sc-39", | |
| "TITLE": "Process Isolation", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-39.1", | |
| "TITLE": "Process Isolation | Hardware Separation", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-39.2", | |
| "TITLE": "Process Isolation | Thread Isolation", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-40", | |
| "TITLE": "Wireless Link Protection", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-40.1", | |
| "TITLE": "Wireless Link Protection | Electromagnetic Interference", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-40.2", | |
| "TITLE": "Wireless Link Protection | Reduce Detection Potential", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-40.3", | |
| "TITLE": "Wireless Link Protection | Imitative or Manipulative Communications Deception", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-40.4", | |
| "TITLE": "Wireless Link Protection | Signal Parameter Identification", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-41", | |
| "TITLE": "Port and I/O Device Access", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-42", | |
| "TITLE": "Sensor Capability and Data", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-42.1", | |
| "TITLE": "Sensor Capability and Data | Reporting to Authorized Individuals or Roles", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-42.2", | |
| "TITLE": "Sensor Capability and Data | Authorized Use", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-42.3", | |
| "TITLE": "Sensor Capability and Data | Prohibit Use of Devices", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-43", | |
| "TITLE": "Usage Restrictions", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "sc-44", | |
| "TITLE": "Detonation Chambers", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "si-1", | |
| "TITLE": "System and Information Integrity Policy and Procedures", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "si-2", | |
| "TITLE": "Flaw Remediation", | |
| "Confidentiality": "NA", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "si-2.1", | |
| "TITLE": "Flaw Remediation | Central Management", | |
| "Confidentiality": "NA", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "si-2.2", | |
| "TITLE": "Flaw Remediation | Automated Flaw Remediation Status", | |
| "Confidentiality": "NA", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "si-2.3", | |
| "TITLE": "Flaw Remediation | Time to Remediate Flaws / Benchmarks for Corrective Actions", | |
| "Confidentiality": "NA", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "si-2.4", | |
| "TITLE": "Flaw Remediation | Automated Patch Management Tools", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "si-2.5", | |
| "TITLE": "Flaw Remediation | Automatic software / Firmware Updates", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "si-2.6", | |
| "TITLE": "Flaw Remediation | Removal of Previous Versions of Software / Firmware", | |
| "Confidentiality": "NA", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "si-3", | |
| "TITLE": "Malicious Code Protection", | |
| "Confidentiality": "NA", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "si-3.1", | |
| "TITLE": "Malicious Code Protection | Central Management", | |
| "Confidentiality": "NA", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "si-3.2", | |
| "TITLE": "Malicious Code Protection | Automatic Updates", | |
| "Confidentiality": "NA", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "si-3.3", | |
| "TITLE": "Malicious Code Protection | Non-Privileged Users", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "si-3.4", | |
| "TITLE": "Malicious Code Protection | Updates Only by Privileged Users", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "si-3.5", | |
| "TITLE": "Malicious Code Protection | Portable Storage Devices", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "si-3.6", | |
| "TITLE": "Malicious Code Protection | Testing / Verification", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "si-3.7", | |
| "TITLE": "Malicious Code Protection | Non Signature-Based Detection", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "si-3.8", | |
| "TITLE": "Malicious Code Protection | Detect Unauthorized Commands", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "si-3.9", | |
| "TITLE": "Malicious Code Protection | Authenticate Remote commands", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "si-3.10", | |
| "TITLE": "Malicious Code Protection | Malicious Code Analysis", | |
| "Confidentiality": "NA", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "si-4", | |
| "TITLE": "Information System Monitoring", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "si-4.1", | |
| "TITLE": "Information System Monitoring | System-Wide Intrusion Detection System", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "si-4.2", | |
| "TITLE": "Information System Monitoring | Automated Tools For Real-Time Analysis", | |
| "Confidentiality": "Moderate", | |
| "Integrity": "Moderate", | |
| "Availability": "Moderate" | |
| }, | |
| { | |
| "ID": "si-4.3", | |
| "TITLE": "Information System Monitoring | Automated Tool Integration", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "si-4.4", | |
| "TITLE": "Information System Monitoring | Inbound and Outbound Communications Traffic", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "si-4.5", | |
| "TITLE": "Information System Monitoring | System-Generated Alerts", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "si-4.6", | |
| "TITLE": "Information System Monitoring | Restrict Non-Privileged Users", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "si-4.7", | |
| "TITLE": "Information System Monitoring | Automated Response to Suspicious Events", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "si-4.8", | |
| "TITLE": "Information System Monitoring | Protection of Monitoring Information", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "si-4.9", | |
| "TITLE": "Information System Monitoring | Testing of Monitoring Tools", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "si-4.10", | |
| "TITLE": "Information System Monitoring | Visibility of Encrypted Communications", | |
| "Confidentiality": "Moderate", | |
| "Integrity": "Moderate", | |
| "Availability": "Moderate" | |
| }, | |
| { | |
| "ID": "si-4.11", | |
| "TITLE": "Information System Monitoring | Analyze Communications Traffic Anomalies", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "si-4.12", | |
| "TITLE": "Information System Monitoring | Automated Alerts", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "si-4.13", | |
| "TITLE": "Information System Monitoring | Analyze Traffic / Event Patterns", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "si-4.14", | |
| "TITLE": "Information System Monitoring | Wireless Intrusion Detection", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "si-4.15", | |
| "TITLE": "Information System Monitoring | Wireless to Wireline Communications", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "si-4.16", | |
| "TITLE": "Information System Monitoring | Correlate Monitoring Information", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "si-4.17", | |
| "TITLE": "Information System Monitoring | Integrated Situational Awareness", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "si-4.18", | |
| "TITLE": "Information System Monitoring | Analyze Traffic / Covert Exfiltration", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "si-4.19", | |
| "TITLE": "Information System Monitoring | Individuals Posing Greater Risk", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "si-4.20", | |
| "TITLE": "Information System Monitoring | Privileged User", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "si-4.21", | |
| "TITLE": "Information System Monitoring | Probationary Periods", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "si-4.22", | |
| "TITLE": "Information System Monitoring | Unauthorized Network Services", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "si-4.23", | |
| "TITLE": "Information System Monitoring | Host-Based Devices", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "si-4.24", | |
| "TITLE": "Information System Monitoring | Indicators of Compromise", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "si-5", | |
| "TITLE": "Security Alerts, Advisories, and Directives", | |
| "Confidentiality": "NA", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "si-5.1", | |
| "TITLE": "Security Alerts, Advisories, and Directives | Automated Alerts and Advisories", | |
| "Confidentiality": "NA", | |
| "Integrity": "High", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "si-6", | |
| "TITLE": "Security Function Verification", | |
| "Confidentiality": "NA", | |
| "Integrity": "High", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "si-6.1", | |
| "TITLE": "Security Function Verification | Notification of Failed Security Tests", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "si-6.2", | |
| "TITLE": "Security Function Verification | Automation Support For Distributed Testing", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "si-6.3", | |
| "TITLE": "Security Function Verification | Report Verification Results", | |
| "Confidentiality": "NA", | |
| "Integrity": "High", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "si-7", | |
| "TITLE": "Software, Firmware, and Information Integrity", | |
| "Confidentiality": "NA", | |
| "Integrity": "Moderate", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "si-7.1", | |
| "TITLE": "Software, Firmware, and Information Integrity | Integrity Checks", | |
| "Confidentiality": "NA", | |
| "Integrity": "Moderate", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "si-7.2", | |
| "TITLE": "Software, Firmware, and Information Integrity | Automated Notifications of Integrity Violations", | |
| "Confidentiality": "NA", | |
| "Integrity": "High", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "si-7.3", | |
| "TITLE": "Software, Firmware, and Information Integrity | Centrally-Managed Integrity Tools", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "si-7.4", | |
| "TITLE": "Software, Firmware, and Information Integrity | Tamper-Evident Packaging", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "si-7.5", | |
| "TITLE": "Software, Firmware, and Information Integrity | Automated Response to Integrity Violations", | |
| "Confidentiality": "NA", | |
| "Integrity": "High", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "si-7.6", | |
| "TITLE": "Software, Firmware, and Information Integrity | Cryptographic Protection", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "si-7.7", | |
| "TITLE": "Software, Firmware, and Information Integrity | Integration of Detection and Response", | |
| "Confidentiality": "NA", | |
| "Integrity": "Moderate", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "si-7.8", | |
| "TITLE": "Software, Firmware, and Information Integrity | Auditing Capability For Significant Events", | |
| "Confidentiality": "NA", | |
| "Integrity": "Moderate", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "si-7.9", | |
| "TITLE": "Software, Firmware, and Information Integrity | Verify Boot Process", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "si-7.10", | |
| "TITLE": "Software, Firmware, and Information Integrity | Protection of Boot Firmware", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "si-7.11", | |
| "TITLE": "Software, Firmware, and Information Integrity | Confined Environments With Limited Privileges", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "si-7.12", | |
| "TITLE": "Software, Firmware, and Information Integrity | Integrity Verification", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "si-7.13", | |
| "TITLE": "Software, Firmware, and Information Integrity | Code Execution In Protected Environments", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "si-7.14", | |
| "TITLE": "Software, Firmware, and Information Integrity | Binary or Machine Executable Code", | |
| "Confidentiality": "NA", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "si-7.15", | |
| "TITLE": "Software, Firmware, and Information Integrity | Code Authentication", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "si-7.16", | |
| "TITLE": "Software, Firmware, and Information Integrity | Time Limit on Process Execution without Supervision", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "si-8", | |
| "TITLE": "Spam Protection", | |
| "Confidentiality": "NA", | |
| "Integrity": "Moderate", | |
| "Availability": "Moderate" | |
| }, | |
| { | |
| "ID": "si-8.1", | |
| "TITLE": "Spam Protection | Central Management of Protection Mechanisms", | |
| "Confidentiality": "NA", | |
| "Integrity": "Moderate", | |
| "Availability": "Moderate" | |
| }, | |
| { | |
| "ID": "si-8.2", | |
| "TITLE": "Spam Protection | Automatic Updates", | |
| "Confidentiality": "NA", | |
| "Integrity": "Moderate", | |
| "Availability": "Moderate" | |
| }, | |
| { | |
| "ID": "si-8.3", | |
| "TITLE": "Spam Protection | Continuous Learning Capability", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "si-9", | |
| "TITLE": "Information Input Restrictions", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "si-10", | |
| "TITLE": "Information Input Validation", | |
| "Confidentiality": "NA", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "si-10.1", | |
| "TITLE": "Information Input Validation | Manual Override Capability", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "si-10.2", | |
| "TITLE": "Information Input Validation | Review / Resolution of Errors", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "si-10.3", | |
| "TITLE": "Information Input Validation | Predictable Behavior", | |
| "Confidentiality": "NA", | |
| "Integrity": "Moderate", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "si-10.4", | |
| "TITLE": "Information Input Validation | Review / Timing Interactions", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "si-10.5", | |
| "TITLE": "Information Input Validation | Review / Restrict Inputs to Trusted Sources and Approved Formats", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "si-11", | |
| "TITLE": "Error Handling", | |
| "Confidentiality": "NA", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "si-12", | |
| "TITLE": "Information Handling and Retention", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "si-13", | |
| "TITLE": "Predictable Failure Prevention", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "si-13.1", | |
| "TITLE": "Predictable Failure Prevention | Transferring Component Responsibilities", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "si-13.2", | |
| "TITLE": "Predictable Failure Prevention | Time Limit on Process Execution without Supervision", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "si-13.3", | |
| "TITLE": "Predictable Failure Prevention | Manual Transfer between Components", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "si-13.4", | |
| "TITLE": "Predictable Failure Prevention | Standby Component Installation / Notification", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "si-13.5", | |
| "TITLE": "Predictable Failure Prevention | Failover Capability", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "si-14", | |
| "TITLE": "Non-Persistence", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "si-14.1", | |
| "TITLE": "Non-Persistence | Refresh from Trusted Sources", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "si-15", | |
| "TITLE": "Information Output Filtering", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "si-16", | |
| "TITLE": "Memory Protection", | |
| "Confidentiality": "NA", | |
| "Integrity": "Moderate", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "si-17", | |
| "TITLE": "Fail-Safe Procedures", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "pm-1", | |
| "TITLE": "Information Security Program Plan", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "pm-2", | |
| "TITLE": "Senior Information Security Officer", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "pm-3", | |
| "TITLE": "Information Security Resources", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "pm-4", | |
| "TITLE": "Plan of Action and Milestones Process", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "pm-5", | |
| "TITLE": "Information System Inventory", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "pm-6", | |
| "TITLE": "Information Security Measures of Performance", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "pm-7", | |
| "TITLE": "Enterprise Architecture", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "pm-8", | |
| "TITLE": "Critical Infrastructure Plan", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "pm-9", | |
| "TITLE": "Risk Management Strategy", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "pm-10", | |
| "TITLE": "Security Authorization Process", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "pm-11", | |
| "TITLE": "Mission/Business Process Definition", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "pm-12", | |
| "TITLE": "Insider Threat Program", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "pm-13", | |
| "TITLE": "Information Security Workforce", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "pm-14", | |
| "TITLE": "Testing, Training, and Monitoring", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "pm-15", | |
| "TITLE": "Contacts with Security Groups and Associations", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "pm-16", | |
| "TITLE": "Threat Awareness Program", | |
| "Confidentiality": "Low", | |
| "Integrity": "Low", | |
| "Availability": "Low" | |
| }, | |
| { | |
| "ID": "ap-1", | |
| "TITLE": "Authority to Collect", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ap-2", | |
| "TITLE": "Purpose Specification", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ar-1", | |
| "TITLE": "Governance and Privacy Program", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ar-2", | |
| "TITLE": "Privacy Impact and Risk Assessment", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ar-3", | |
| "TITLE": "Privacy Requirements for Contractors and Service Providers", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ar-4", | |
| "TITLE": "Privacy Monitoring and Auditing", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ar-5", | |
| "TITLE": "Privacy Awareness and Training", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ar-6", | |
| "TITLE": "Privacy Reporting", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ar-7", | |
| "TITLE": "Privacy-Enhanced System Design and Development", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ar-8", | |
| "TITLE": "Accounting of Disclosures", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "di-1", | |
| "TITLE": "Data Quality", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "di-1.1", | |
| "TITLE": "Data Quality | Validate PII", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "di-1.2", | |
| "TITLE": "Data Quality | Re-Validate PII", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "di-2", | |
| "TITLE": "Data Integrity and Data Integrity Board", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "di-2.1", | |
| "TITLE": "Data Integrity and Data Integrity Board | Publish Agreements on Website", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "dm-1", | |
| "TITLE": "Minimization of Personally Identifiable Information", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "dm-1.1", | |
| "TITLE": "Minimization of Personally Identifiable Information | Locate / Remove / Redact / Anonymize PII", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "dm-2", | |
| "TITLE": "Data Retention and Disposal", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "dm-2.1", | |
| "TITLE": "Data Retention and Disposal | System Configuration", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "dm-3", | |
| "TITLE": "Minimization of PII Used in Testing, Training, and Research", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "dm-3.1", | |
| "TITLE": "Minimization of PII Used in Testing, Training, and Research | Risk Minimization Techniques", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ip-1", | |
| "TITLE": "Consent", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ip-1.1", | |
| "TITLE": "Consent | Mechanisms Supporting Itemized or Tiered Consent", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ip-2", | |
| "TITLE": "Individual Access", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ip-3", | |
| "TITLE": "Redress", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ip-4", | |
| "TITLE": "Complaint Management", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ip-4.1", | |
| "TITLE": "Complaint Management | Response Times", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "se-1", | |
| "TITLE": "Inventory of Personally Identifiable Information", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "se-2", | |
| "TITLE": "Privacy Incident Response", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "tr-1", | |
| "TITLE": "Privacy Notice", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "tr-1.1", | |
| "TITLE": "Privacy Notice | Real-Time or Layered Notice", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "tr-2", | |
| "TITLE": "System of Records Notices and Privacy Act Statements", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "tr-2.1", | |
| "TITLE": "System of Records Notices and Privacy Act Statements | Public Website Publication", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "tr-3", | |
| "TITLE": "Dissemination of Privacy Program Information", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ul-1", | |
| "TITLE": "Internal Use", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| }, | |
| { | |
| "ID": "ul-2", | |
| "TITLE": "Information Sharing with Third Parties", | |
| "Confidentiality": "NA", | |
| "Integrity": "NA", | |
| "Availability": "NA" | |
| } | |
| ] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment