opexxx · February 4, 2022 10:21
diff --git a/NIST 800-53 conrol list b/NIST 800-53 conrol list
 No.	Control
 AC-1	ACCESS CONTROL POLICY AND PROCEDURES
 AC-2	ACCOUNT MANAGEMENT
 AC-3	ACCESS ENFORCEMENT
 AC-4	INFORMATION FLOW ENFORCEMENT
 AC-5	SEPARATION OF DUTIES
 AC-6	LEAST PRIVILEGE
 AC-7	UNSUCCESSFUL LOGON ATTEMPTS
 AC-8	SYSTEM USE NOTIFICATION
 AC-10	CONCURRENT SESSION CONTROL
 AC-11	SESSION LOCK
 AC-12	SESSION TERMINATION
 AC-14	PERMITTED ACTIONS WITHOUT IDENTIFICATION OR AUTHENTICATION
 AC-17	REMOTE ACCESS
 AC-18	WIRELESS ACCESS
 AC-19	ACCESS CONTROL FOR MOBILE DEVICES
 AC-20	USE OF EXTERNAL INFORMATION SYSTEMS
 AC-21	INFORMATION SHARING
 AC-22	PUBLICLY ACCESSIBLE CONTENT
 AT-1	SECURITY AWARENESS AND TRAINING POLICY AND PROCEDURES
 AT-2	SECURITY AWARENESS TRAINING
 AT-3	ROLE-BASED SECURITY TRAINING
 AT-4	SECURITY TRAINING RECORDS
 AU-1	AUDIT AND ACCOUNTABILITY POLICY AND PROCEDURES
 AU-2	AUDIT EVENTS
 AU-3	CONTENT OF AUDIT RECORDS
 AU-4	AUDIT STORAGE CAPACITY
 AU-5	RESPONSE TO AUDIT PROCESSING FAILURES
 AU-6	AUDIT REVIEW, ANALYSIS, AND REPORTING
 AU-7	AUDIT REDUCTION AND REPORT GENERATION
 AU-8	TIME STAMPS
 AU-9	PROTECTION OF AUDIT INFORMATION
 AU-10	NON-REPUDIATION
 AU-11	AUDIT RECORD RETENTION
 AU-12	AUDIT GENERATION
 CA-1	SECURITY ASSESSMENT AND AUTHORIZATION POLICY AND PROCEDURES
 CA-2	SECURITY ASSESSMENTS
 CA-3	SYSTEM INTERCONNECTIONS
 CA-5	PLAN OF ACTION AND MILESTONES
 CA-6	SECURITY AUTHORIZATION
 CA-7	CONTINUOUS MONITORING
 CA-8	PENETRATION TESTING
 CA-9	INTERNAL SYSTEM CONNECTIONS
 CM-1	CONFIGURATION MANAGEMENT POLICY AND PROCEDURES
 CM-2	BASELINE CONFIGURATION
 CM-3	CONFIGURATION CHANGE CONTROL
 CM-4	SECURITY IMPACT ANALYSIS
 CM-5	ACCESS RESTRICTIONS FOR CHANGE
 CM-6	CONFIGURATION SETTINGS
 CM-7	LEAST FUNCTIONALITY
 CM-8	INFORMATION SYSTEM COMPONENT INVENTORY
 CM-9	CONFIGURATION MANAGEMENT PLAN
 CM-10	SOFTWARE USAGE RESTRICTIONS
 CM-11	USER-INSTALLED SOFTWARE
 CP-1	CONTINGENCY PLANNING POLICY AND PROCEDURES
 CP-2	CONTINGENCY PLAN
 CP-3	CONTINGENCY TRAINING
 CP-4	CONTINGENCY PLAN TESTING
 CP-6	ALTERNATE STORAGE SITE
 CP-7	ALTERNATE PROCESSING SITE
 CP-8	TELECOMMUNICATIONS SERVICES
 CP-9	INFORMATION SYSTEM BACKUP
 CP-10	INFORMATION SYSTEM RECOVERY AND RECONSTITUTION
 IA-1	IDENTIFICATION AND AUTHENTICATION POLICY AND PROCEDURES
 IA-2	IDENTIFICATION AND AUTHENTICATION (ORGANIZATIONAL USERS)
 IA-3	DEVICE IDENTIFICATION AND AUTHENTICATION
 IA-4	IDENTIFIER MANAGEMENT
 IA-5	AUTHENTICATOR MANAGEMENT
 IA-6	AUTHENTICATOR FEEDBACK
 IA-7	CRYPTOGRAPHIC MODULE AUTHENTICATION
 IA-8	IDENTIFICATION AND AUTHENTICATION (NON-ORGANIZATIONAL USERS)
 IR-1	INCIDENT RESPONSE POLICY AND PROCEDURES
 IR-2	INCIDENT RESPONSE TRAINING
 IR-3	INCIDENT RESPONSE TESTING
 IR-4	INCIDENT HANDLING
 IR-5	INCIDENT MONITORING
 IR-6	INCIDENT REPORTING
 IR-7	INCIDENT RESPONSE ASSISTANCE
 IR-8	INCIDENT RESPONSE PLAN
 MA-1	SYSTEM MAINTENANCE POLICY AND PROCEDURES
 MA-2	CONTROLLED MAINTENANCE
 MA-3	MAINTENANCE TOOLS
 MA-4	NONLOCAL MAINTENANCE
 MA-5	MAINTENANCE PERSONNEL
 MA-6	TIMELY MAINTENANCE
 MP-1	MEDIA PROTECTION POLICY AND PROCEDURES
 MP-2	MEDIA ACCESS
 MP-3	MEDIA MARKING
 MP-4	MEDIA STORAGE
 MP-5	MEDIA TRANSPORT
 MP-6	MEDIA SANITIZATION
 MP-7	MEDIA USE
 PE-1	PHYSICAL AND ENVIRONMENTAL PROTECTION POLICY AND PROCEDURES
 PE-2	PHYSICAL ACCESS AUTHORIZATIONS
 PE-3	PHYSICAL ACCESS CONTROL
 PE-4	ACCESS CONTROL FOR TRANSMISSION MEDIUM
 PE-5	ACCESS CONTROL FOR OUTPUT DEVICES
 PE-6	MONITORING PHYSICAL ACCESS
 PE-8	VISITOR ACCESS RECORDS
 PE-9	POWER EQUIPMENT AND CABLING
 PE-10	EMERGENCY SHUTOFF
 PE-11	EMERGENCY POWER
 PE-12	EMERGENCY LIGHTING
 PE-13	FIRE PROTECTION
 PE-14	TEMPERATURE AND HUMIDITY CONTROLS
 PE-15	WATER DAMAGE PROTECTION
 PE-16	DELIVERY AND REMOVAL
 PE-17	ALTERNATE WORK SITE
 PE-18	LOCATION OF INFORMATION SYSTEM COMPONENTS
 PL-1	SECURITY PLANNING POLICY AND PROCEDURES
 PL-2	SYSTEM SECURITY PLAN
 PL-4	RULES OF BEHAVIOR
 PL-8	INFORMATION SECURITY ARCHITECTURE
 PS-1	PERSONNEL SECURITY POLICY AND PROCEDURES
 PS-2	POSITION RISK DESIGNATION
 PS-3	PERSONNEL SCREENING
 PS-4	PERSONNEL TERMINATION
 PS-5	PERSONNEL TRANSFER
 PS-6	ACCESS AGREEMENTS
 PS-7	THIRD-PARTY PERSONNEL SECURITY
 PS-8	PERSONNEL SANCTIONS
 RA-1	RISK ASSESSMENT POLICY AND PROCEDURES
 RA-2	SECURITY CATEGORIZATION
 RA-3	RISK ASSESSMENT
 RA-5	VULNERABILITY SCANNING
 SA-1	SYSTEM AND SERVICES ACQUISITION POLICY AND PROCEDURES
 SA-2	ALLOCATION OF RESOURCES
 SA-3	SYSTEM DEVELOPMENT LIFE CYCLE
 SA-4	ACQUISITION PROCESS
 SA-5	INFORMATION SYSTEM DOCUMENTATION
 SA-8	SECURITY ENGINEERING PRINCIPLES
 SA-9	EXTERNAL INFORMATION SYSTEM SERVICES
 SA-10	DEVELOPER CONFIGURATION MANAGEMENT
 SA-11	DEVELOPER SECURITY TESTING AND EVALUATION
 SA-12	SUPPLY CHAIN PROTECTION
 SA-15	DEVELOPMENT PROCESS, STANDARDS, AND TOOLS
 SA-16	DEVELOPER-PROVIDED TRAINING
 SA-17	DEVELOPER SECURITY ARCHITECTURE AND DESIGN
 SC-1	SYSTEM AND COMMUNICATIONS PROTECTION POLICY AND PROCEDURES
 SC-2	APPLICATION PARTITIONING
 SC-3	SECURITY FUNCTION ISOLATION
 SC-4	INFORMATION IN SHARED RESOURCES
 SC-5	DENIAL OF SERVICE PROTECTION
 SC-7	BOUNDARY PROTECTION
 SC-8	TRANSMISSION CONFIDENTIALITY AND INTEGRITY
 SC-10	NETWORK DISCONNECT
 SC-12	CRYPTOGRAPHIC KEY ESTABLISHMENT AND MANAGEMENT
 SC-13	CRYPTOGRAPHIC PROTECTION
 SC-15	COLLABORATIVE COMPUTING DEVICES
 SC-17	PUBLIC KEY INFRASTRUCTURE CERTIFICATES
 SC-18	MOBILE CODE
 SC-19	VOICE OVER INTERNET PROTOCOL
 SC-20	SECURE NAME / ADDRESS RESOLUTION SERVICE (AUTHORITATIVE SOURCE)
 SC-21	SECURE NAME / ADDRESS RESOLUTION SERVICE (RECURSIVE OR CACHING RESOLVER)
 SC-22	ARCHITECTURE AND PROVISIONING FOR NAME / ADDRESS RESOLUTION SERVICE
 SC-23	SESSION AUTHENTICITY
 SC-24	FAIL IN KNOWN STATE
 SC-28	PROTECTION OF INFORMATION AT REST
 SC-39	PROCESS ISOLATION
 SI-1	SYSTEM AND INFORMATION INTEGRITY POLICY AND PROCEDURES
 SI-2	FLAW REMEDIATION
 SI-3	MALICIOUS CODE PROTECTION
 SI-4	INFORMATION SYSTEM MONITORING
 SI-5	SECURITY ALERTS, ADVISORIES, AND DIRECTIVES
 SI-6	SECURITY FUNCTION VERIFICATION
 SI-7	SOFTWARE, FIRMWARE, AND INFORMATION INTEGRITY
 SI-8	SPAM PROTECTION
 SI-10	INFORMATION INPUT VALIDATION
 SI-11	ERROR HANDLING
 SI-12	INFORMATION HANDLING AND RETENTION
 SI-16	MEMORY PROTECTION
	No. Control
	AC-1 ACCESS CONTROL POLICY AND PROCEDURES
	AC-2 ACCOUNT MANAGEMENT
	AC-3 ACCESS ENFORCEMENT
	AC-4 INFORMATION FLOW ENFORCEMENT
	AC-5 SEPARATION OF DUTIES
	AC-6 LEAST PRIVILEGE
	AC-7 UNSUCCESSFUL LOGON ATTEMPTS
	AC-8 SYSTEM USE NOTIFICATION
	AC-10 CONCURRENT SESSION CONTROL
	AC-11 SESSION LOCK
	AC-12 SESSION TERMINATION
	AC-14 PERMITTED ACTIONS WITHOUT IDENTIFICATION OR AUTHENTICATION
	AC-17 REMOTE ACCESS
	AC-18 WIRELESS ACCESS
	AC-19 ACCESS CONTROL FOR MOBILE DEVICES
	AC-20 USE OF EXTERNAL INFORMATION SYSTEMS
	AC-21 INFORMATION SHARING
	AC-22 PUBLICLY ACCESSIBLE CONTENT
	AT-1 SECURITY AWARENESS AND TRAINING POLICY AND PROCEDURES
	AT-2 SECURITY AWARENESS TRAINING
	AT-3 ROLE-BASED SECURITY TRAINING
	AT-4 SECURITY TRAINING RECORDS
	AU-1 AUDIT AND ACCOUNTABILITY POLICY AND PROCEDURES
	AU-2 AUDIT EVENTS
	AU-3 CONTENT OF AUDIT RECORDS
	AU-4 AUDIT STORAGE CAPACITY
	AU-5 RESPONSE TO AUDIT PROCESSING FAILURES
	AU-6 AUDIT REVIEW, ANALYSIS, AND REPORTING
	AU-7 AUDIT REDUCTION AND REPORT GENERATION
	AU-8 TIME STAMPS
	AU-9 PROTECTION OF AUDIT INFORMATION
	AU-10 NON-REPUDIATION
	AU-11 AUDIT RECORD RETENTION
	AU-12 AUDIT GENERATION
	CA-1 SECURITY ASSESSMENT AND AUTHORIZATION POLICY AND PROCEDURES
	CA-2 SECURITY ASSESSMENTS
	CA-3 SYSTEM INTERCONNECTIONS
	CA-5 PLAN OF ACTION AND MILESTONES
	CA-6 SECURITY AUTHORIZATION
	CA-7 CONTINUOUS MONITORING
	CA-8 PENETRATION TESTING
	CA-9 INTERNAL SYSTEM CONNECTIONS
	CM-1 CONFIGURATION MANAGEMENT POLICY AND PROCEDURES
	CM-2 BASELINE CONFIGURATION
	CM-3 CONFIGURATION CHANGE CONTROL
	CM-4 SECURITY IMPACT ANALYSIS
	CM-5 ACCESS RESTRICTIONS FOR CHANGE
	CM-6 CONFIGURATION SETTINGS
	CM-7 LEAST FUNCTIONALITY
	CM-8 INFORMATION SYSTEM COMPONENT INVENTORY
	CM-9 CONFIGURATION MANAGEMENT PLAN
	CM-10 SOFTWARE USAGE RESTRICTIONS
	CM-11 USER-INSTALLED SOFTWARE
	CP-1 CONTINGENCY PLANNING POLICY AND PROCEDURES
	CP-2 CONTINGENCY PLAN
	CP-3 CONTINGENCY TRAINING
	CP-4 CONTINGENCY PLAN TESTING
	CP-6 ALTERNATE STORAGE SITE
	CP-7 ALTERNATE PROCESSING SITE
	CP-8 TELECOMMUNICATIONS SERVICES
	CP-9 INFORMATION SYSTEM BACKUP
	CP-10 INFORMATION SYSTEM RECOVERY AND RECONSTITUTION
	IA-1 IDENTIFICATION AND AUTHENTICATION POLICY AND PROCEDURES
	IA-2 IDENTIFICATION AND AUTHENTICATION (ORGANIZATIONAL USERS)
	IA-3 DEVICE IDENTIFICATION AND AUTHENTICATION
	IA-4 IDENTIFIER MANAGEMENT
	IA-5 AUTHENTICATOR MANAGEMENT
	IA-6 AUTHENTICATOR FEEDBACK
	IA-7 CRYPTOGRAPHIC MODULE AUTHENTICATION
	IA-8 IDENTIFICATION AND AUTHENTICATION (NON-ORGANIZATIONAL USERS)
	IR-1 INCIDENT RESPONSE POLICY AND PROCEDURES
	IR-2 INCIDENT RESPONSE TRAINING
	IR-3 INCIDENT RESPONSE TESTING
	IR-4 INCIDENT HANDLING
	IR-5 INCIDENT MONITORING
	IR-6 INCIDENT REPORTING
	IR-7 INCIDENT RESPONSE ASSISTANCE
	IR-8 INCIDENT RESPONSE PLAN
	MA-1 SYSTEM MAINTENANCE POLICY AND PROCEDURES
	MA-2 CONTROLLED MAINTENANCE
	MA-3 MAINTENANCE TOOLS
	MA-4 NONLOCAL MAINTENANCE
	MA-5 MAINTENANCE PERSONNEL
	MA-6 TIMELY MAINTENANCE
	MP-1 MEDIA PROTECTION POLICY AND PROCEDURES
	MP-2 MEDIA ACCESS
	MP-3 MEDIA MARKING
	MP-4 MEDIA STORAGE
	MP-5 MEDIA TRANSPORT
	MP-6 MEDIA SANITIZATION
	MP-7 MEDIA USE
	PE-1 PHYSICAL AND ENVIRONMENTAL PROTECTION POLICY AND PROCEDURES
	PE-2 PHYSICAL ACCESS AUTHORIZATIONS
	PE-3 PHYSICAL ACCESS CONTROL
	PE-4 ACCESS CONTROL FOR TRANSMISSION MEDIUM
	PE-5 ACCESS CONTROL FOR OUTPUT DEVICES
	PE-6 MONITORING PHYSICAL ACCESS
	PE-8 VISITOR ACCESS RECORDS
	PE-9 POWER EQUIPMENT AND CABLING
	PE-10 EMERGENCY SHUTOFF
	PE-11 EMERGENCY POWER
	PE-12 EMERGENCY LIGHTING
	PE-13 FIRE PROTECTION
	PE-14 TEMPERATURE AND HUMIDITY CONTROLS
	PE-15 WATER DAMAGE PROTECTION
	PE-16 DELIVERY AND REMOVAL
	PE-17 ALTERNATE WORK SITE
	PE-18 LOCATION OF INFORMATION SYSTEM COMPONENTS
	PL-1 SECURITY PLANNING POLICY AND PROCEDURES
	PL-2 SYSTEM SECURITY PLAN
	PL-4 RULES OF BEHAVIOR
	PL-8 INFORMATION SECURITY ARCHITECTURE
	PS-1 PERSONNEL SECURITY POLICY AND PROCEDURES
	PS-2 POSITION RISK DESIGNATION
	PS-3 PERSONNEL SCREENING
	PS-4 PERSONNEL TERMINATION
	PS-5 PERSONNEL TRANSFER
	PS-6 ACCESS AGREEMENTS
	PS-7 THIRD-PARTY PERSONNEL SECURITY
	PS-8 PERSONNEL SANCTIONS
	RA-1 RISK ASSESSMENT POLICY AND PROCEDURES
	RA-2 SECURITY CATEGORIZATION
	RA-3 RISK ASSESSMENT
	RA-5 VULNERABILITY SCANNING
	SA-1 SYSTEM AND SERVICES ACQUISITION POLICY AND PROCEDURES
	SA-2 ALLOCATION OF RESOURCES
	SA-3 SYSTEM DEVELOPMENT LIFE CYCLE
	SA-4 ACQUISITION PROCESS
	SA-5 INFORMATION SYSTEM DOCUMENTATION
	SA-8 SECURITY ENGINEERING PRINCIPLES
	SA-9 EXTERNAL INFORMATION SYSTEM SERVICES
	SA-10 DEVELOPER CONFIGURATION MANAGEMENT
	SA-11 DEVELOPER SECURITY TESTING AND EVALUATION
	SA-12 SUPPLY CHAIN PROTECTION
	SA-15 DEVELOPMENT PROCESS, STANDARDS, AND TOOLS
	SA-16 DEVELOPER-PROVIDED TRAINING
	SA-17 DEVELOPER SECURITY ARCHITECTURE AND DESIGN
	SC-1 SYSTEM AND COMMUNICATIONS PROTECTION POLICY AND PROCEDURES
	SC-2 APPLICATION PARTITIONING
	SC-3 SECURITY FUNCTION ISOLATION
	SC-4 INFORMATION IN SHARED RESOURCES
	SC-5 DENIAL OF SERVICE PROTECTION
	SC-7 BOUNDARY PROTECTION
	SC-8 TRANSMISSION CONFIDENTIALITY AND INTEGRITY
	SC-10 NETWORK DISCONNECT
	SC-12 CRYPTOGRAPHIC KEY ESTABLISHMENT AND MANAGEMENT
	SC-13 CRYPTOGRAPHIC PROTECTION
	SC-15 COLLABORATIVE COMPUTING DEVICES
	SC-17 PUBLIC KEY INFRASTRUCTURE CERTIFICATES
	SC-18 MOBILE CODE
	SC-19 VOICE OVER INTERNET PROTOCOL
	SC-20 SECURE NAME / ADDRESS RESOLUTION SERVICE (AUTHORITATIVE SOURCE)
	SC-21 SECURE NAME / ADDRESS RESOLUTION SERVICE (RECURSIVE OR CACHING RESOLVER)
	SC-22 ARCHITECTURE AND PROVISIONING FOR NAME / ADDRESS RESOLUTION SERVICE
	SC-23 SESSION AUTHENTICITY
	SC-24 FAIL IN KNOWN STATE
	SC-28 PROTECTION OF INFORMATION AT REST
	SC-39 PROCESS ISOLATION
	SI-1 SYSTEM AND INFORMATION INTEGRITY POLICY AND PROCEDURES
	SI-2 FLAW REMEDIATION
	SI-3 MALICIOUS CODE PROTECTION
	SI-4 INFORMATION SYSTEM MONITORING
	SI-5 SECURITY ALERTS, ADVISORIES, AND DIRECTIVES
	SI-6 SECURITY FUNCTION VERIFICATION
	SI-7 SOFTWARE, FIRMWARE, AND INFORMATION INTEGRITY
	SI-8 SPAM PROTECTION
	SI-10 INFORMATION INPUT VALIDATION
	SI-11 ERROR HANDLING
	SI-12 INFORMATION HANDLING AND RETENTION
	SI-16 MEMORY PROTECTION