NIST 800-53r5 Configuration Items Mapping

REF: NIST SP 800-53r5 Table C-1 thru C-20

O - Organizational, S - Systems, O/S - Both
ControlNumberControlNameImplementedByAssurance
AC-2(2)AUTOMATED TEMPORARY AND EMERGENCY ACCOUNT MANAGEMENTS
AC-2(3)DISABLE ACCOUNTSS
AC-2(4)AUTOMATED AUDIT ACTIONSS
AC-2(5)INACTIVITY LOGOUTO/S
AC-2(6)DYNAMIC PRIVILEGE MANAGEMENTS
AC-2(8)DYNAMIC ACCOUNT MANAGEMENTS
AC-2(11)USAGE CONDITIONSS
AC-2(12)ACCOUNT MONITORING FOR ATYPICAL USAGEO/S
AC-3Access EnforcementS
AC-3(2)DUAL AUTHORIZATIONS
AC-3(3)MANDATORY ACCESS CONTROLS
AC-3(4)DISCRETIONARY ACCESS CONTROLS
AC-3(5)SECURITY-RELEVANT INFORMATIONS
AC-3(7)ROLE-BASED ACCESS CONTROLO/S
AC-3(8)REVOCATION OF ACCESS AUTHORIZATIONSO/S
AC-3(9)CONTROLLED RELEASEO/S
AC-3(11)RESTRICT ACCESS TO SPECIFIC INFORMATION TYPESS
AC-3(12)ASSERT AND ENFORCE APPLICATION ACCESSS
AC-3(13)ATTRIBUTE-BASED ACCESS CONTROLS
AC-3(14)INDIVIDUAL ACCESSS
AC-3(15)DISCRETIONARY AND MANDATORY ACCESS CONTROLS
AC-4Information Flow EnforcementS
AC-4(1)OBJECT SECURITY AND PRIVACY ATTRIBUTESS
AC-4(2)PROCESSING DOMAINSS
AC-4(3)DYNAMIC INFORMATION FLOW CONTROLS
AC-4(4)FLOW CONTROL OF ENCRYPTED INFORMATIONS
AC-4(5)EMBEDDED DATA TYPESS
AC-4(6)METADATAS
AC-4(7)ONE-WAY FLOW MECHANISMSS
AC-4(8)SECURITY AND PRIVACY POLICY FILTERSS
AC-4(9)HUMAN REVIEWSO/S
AC-4(10)ENABLE AND DISABLE SECURITY OR PRIVACY POLICY FILTERSS
AC-4(11)CONFIGURATION OF SECURITY OR PRIVACY POLICY FILTERSS
AC-4(12)DATA TYPE IDENTIFIERSS
AC-4(13)DECOMPOSITION INTO POLICY-RELEVANT SUBCOMPONENTSS
AC-4(14)SECURITY OR PRIVACY POLICY FILTER CONSTRAINTSS
AC-4(15)DETECTION OF UNSANCTIONED INFORMATIONS
AC-4(17)DOMAIN AUTHENTICATIONS
AC-4(19)VALIDATION OF METADATAS
AC-4(21)PHYSICAL OR LOGICAL SEPARATION OF INFORMATION FLOWSO/S
AC-4(22)ACCESS ONLYS
AC-4(23)MODIFY NON-RELEASABLE INFORMATIONO/S
AC-4(24)INTERNAL NORMALIZED FORMATS
AC-4(25)DATA SANITIZATIONS
AC-4(26)AUDIT FILTERING ACTIONSO/S
AC-4(27)REDUNDANT/INDEPENDENT FILTERING MECHANISMSS
AC-4(28)LINEAR FILTER PIPELINESS
AC-4(29)FILTER ORCHESTRATION ENGINESO/S
AC-4(30)FILTER MECHANISMS USING MULTIPLE PROCESSESS
AC-4(31)FAILED CONTENT TRANSFER PREVENTIONS
AC-4(32)PROCESS REQUIREMENTS FOR INFORMATION TRANSFERS
AC-6(4)SEPARATE PROCESSING DOMAINSO/S
AC-6(8)PRIVILEGE LEVELS FOR CODE EXECUTIONS
AC-6(9)LOG USE OF PRIVILEGED FUNCTIONSS
AC-6(10)PROHIBIT NON-PRIVILEGED USERS FROM EXECUTING PRIVILEGED FUNCTIONSS
AC-7Unsuccessful Logon AttemptsS
AC-7(2)PURGE OR WIPE MOBILE DEVICES
AC-7(4)USE OF ALTERNATE AUTHENTICATION FACTORO/S
AC-8System Use NotificationO/S
AC-9Previous Logon NotificationS
AC-9(1)UNSUCCESSFUL LOGONSS
AC-9(2)SUCCESSFUL AND UNSUCCESSFUL LOGONSS
AC-9(3)NOTIFICATION OF ACCOUNT CHANGESS
AC-9(4)ADDITIONAL LOGON INFORMATIONS
AC-10Concurrent Session ControlS
AC-11Device LockS
AC-11(1)PATTERN-HIDING DISPLAYSS
AC-12Session TerminationS
AC-12(1)USER-INITIATED LOGOUTSO/S
AC-12(2)TERMINATION MESSAGES
AC-12(3)TIMEOUT WARNING MESSAGES
AC-16(1)DYNAMIC ATTRIBUTE ASSOCIATIONS
AC-16(2)ATTRIBUTE VALUE CHANGES BY AUTHORIZED INDIVIDUALSS
AC-16(3)MAINTENANCE OF ATTRIBUTE ASSOCIATIONS BY SYSTEMS
AC-16(4)ASSOCIATION OF ATTRIBUTES BY AUTHORIZED INDIVIDUALSS
AC-16(5)ATTRIBUTE DISPLAYS ON OBJECTS TO BE OUTPUTS
AC-16(8)ASSOCIATION TECHNIQUES AND TECHNOLOGIESS
AC-17(1)MONITORING AND CONTROLO/S
AC-17(2)PROTECTION OF CONFIDENTIALITY AND INTEGRITY USING ENCRYPTIONS
AC-17(3)MANAGED ACCESS CONTROL POINTSS
AC-17(10)AUTHENTICATE REMOTE COMMANDSS
AC-18(1)AUTHENTICATION AND ENCRYPTIONS
AC-18(3)DISABLE WIRELESS NETWORKINGO/S
AC-21(1)AUTOMATED DECISION SUPPORTS
AC-21(2)INFORMATION SEARCH AND RETRIEVALS
AC-24(1)TRANSMIT ACCESS AUTHORIZATION INFORMATIONS
AC-24(2)NO USER OR PROCESS IDENTITYS
AC-25Reference MonitorSX
AU-3Content of Audit RecordsS
AU-3(1)ADDITIONAL AUDIT INFORMATIONS
AU-4Audit Log Storage CapacityO/S
AU-4(1)TRANSFER TO ALTERNATE STORAGEO/S
AU-5Response to Audit Logging Process FailuresS
AU-5(1)STORAGE CAPACITY WARNINGS
AU-5(2)REAL-TIME ALERTSS
AU-5(3)CONFIGURABLE TRAFFIC VOLUME THRESHOLDSS
AU-5(4)SHUTDOWN ON FAILURES
AU-6(4)CENTRAL REVIEW AND ANALYSISSX
AU-7Audit Record Reduction and Report GenerationSX
AU-7(1)AUTOMATIC PROCESSINGSX
AU-8Time StampsS
AU-9Protection of Audit InformationS
AU-9(1)HARDWARE WRITE-ONCE MEDIAS
AU-9(2)STORE ON SEPARATE PHYSICAL SYSTEMS OR COMPONENTSS
AU-9(3)CRYPTOGRAPHIC PROTECTIONS
AU-9(5)DUAL AUTHORIZATIONO/S
AU-9(6)READ-ONLY ACCESSO/S
AU-10Non-repudiationSX
AU-10(1)ASSOCIATION OF IDENTITIESSX
AU-10(2)VALIDATE BINDING OF INFORMATION PRODUCER IDENTITYSX
AU-10(3)CHAIN OF CUSTODYO/SX
AU-10(4)VALIDATE BINDING OF INFORMATION REVIEWER IDENTITYSX
AU-12Audit Record GenerationS
AU-12(1)SYSTEM-WIDE AND TIME-CORRELATED AUDIT TRAILS
AU-12(2)STANDARDIZED FORMATSS
AU-12(3)CHANGES BY AUTHORIZED INDIVIDUALSS
AU-12(4)QUERY PARAMETER AUDITS OF PERSONALLY IDENTIFIABLE INFORMATIONS
AU-13(1)USE OF AUTOMATED TOOLSO/SX
AU-13(3)UNAUTHORIZED REPLICATION OF INFORMATIONO/SX
AU-14Session AuditSX
AU-14(1)SYSTEM START-UPSX
AU-14(3)REMOTE VIEWING AND LISTENINGSX
CA-3(6)TRANSFER AUTHORIZATIONSO/SX
CA-3(7)TRANSITIVE INFORMATION EXCHANGESO/SX
CA-7(4)RISK MONITORINGO/SX
CA-7(6)AUTOMATION SUPPORT FOR MONITORINGO/SX
CA-9(1)COMPLIANCE CHECKSO/SX
CM-3(5)AUTOMATED SECURITY RESPONSES
CM-3(8)PREVENT OR RESTRICT CONFIGURATION CHANGESS
CM-5(1)AUTOMATED ACCESS ENFORCEMENT AND AUDIT RECORDSS
CM-5(4)DUAL AUTHORIZATIONO/S
CM-5(6)LIMIT LIBRARY PRIVILEGESO/S
CM-6Configuration SettingsO/S
CM-7Least FunctionalityO/S
CM-7(1)PERIODIC REVIEWO/S
CM-7(2)PREVENT PROGRAM EXECUTIONS
CM-7(4)UNAUTHORIZED SOFTWAREO/S
CM-7(5)AUTHORIZED SOFTWAREO/S
CM-7(7)CODE EXECUTION IN PROTECTED ENVIRONMENTSO/SX
CM-7(8)BINARY OR MACHINE EXECUTABLE CODEO/SX
CM-7(9)PROHIBITING THE USE OF UNAUTHORIZED HARDWAREO/SX
CM-11(2)SOFTWARE INSTALLATION WITH PRIVILEGED STATUSS
CM-11(3)AUTOMATED ENFORCEMENT AND MONITORINGSX
CM-14Signed ComponentsO/SX
CP-4(5)SELF-CHALLENGEO/SX
CP-12Safe ModeSX
CP-13Alternative Security MechanismsO/S
IA-2Identification and Authentication (Organizational Users)O/S
IA-2(1)MULTI-FACTOR AUTHENTICATION TO PRIVILEGED ACCOUNTSS
IA-2(2)MULTI-FACTOR AUTHENTICATION TO NON-PRIVILEGED ACCOUNTSS
IA-2(5)INDIVIDUAL AUTHENTICATION WITH GROUP AUTHENTICATIONO/S
IA-2(6)ACCESS TO ACCOUNTS — SEPARATE DEVICES
IA-2(8)ACCESS TO ACCOUNTS — REPLAY RESISTANTS
IA-2(10)SINGLE SIGN-ONS
IA-2(12)ACCEPTANCE OF PIV CREDENTIALSS
IA-2(13)OUT-OF-BAND AUTHENTICATIONS
IA-3Device Identification and AuthenticationS
IA-3(1)CRYPTOGRAPHIC BIDIRECTIONAL AUTHENTICATIONS
IA-4(5)DYNAMIC MANAGEMENTS
IA-4(9)ATTRIBUTE MAINTENANCE AND PROTECTIONO/S
IA-5Authenticator ManagementO/S
IA-5(1)PASSWORD-BASED AUTHENTICATIONO/S
IA-5(2)PUBLIC KEY-BASED AUTHENTICATIONS
IA-5(10)DYNAMIC CREDENTIAL BINDINGS
IA-5(12)BIOMETRIC AUTHENTICATION PERFORMANCES
IA-5(13)EXPIRATION OF CACHED AUTHENTICATORSS
IA-5(17)PRESENTATION ATTACK DETECTION FOR BIOMETRIC AUTHENTICATORSS
IA-5(18)PASSWORD MANAGERSS
IA-6Authentication FeedbackS
IA-7Cryptographic Module AuthenticationS
IA-8Identification and Authentication (Non-Organizational Users)S
IA-8(1)ACCEPTANCE OF PIV CREDENTIALS FROM OTHER AGENCIESS
IA-8(2)ACCEPTANCE OF EXTERNAL AUTHENTICATORSS
IA-8(4)USE OF DEFINED PROFILESS
IA-8(5)ACCEPTANCE OF PIV-I CREDENTIALSS
IA-9Service Identification and AuthenticationO/S
IA-11Re-authenticationO/S
IR-4(5)AUTOMATIC DISABLING OF SYSTEMO/S
IR-4(14)SECURITY OPERATIONS CENTERO/S
MA-3(4)RESTRICTED TOOL USEO/S
MA-3(5)EXECUTION WITH PRIVILEGEO/S
MA-3(6)SOFTWARE UPDATES AND PATCHESO/S
MA-4(6)CRYPTOGRAPHIC PROTECTIONO/S
MA-4(7)DISCONNECT VERIFICATIONS
PE-5(2)LINK TO INDIVIDUAL IDENTITYS
PT-2(1)DATA TAGGINGSX
PT-3(1)DATA TAGGINGSX
RA-10Threat HuntingO/SX
SA-8(1)CLEAR ABSTRACTIONSO/SX
SA-8(2)LEAST COMMON MECHANISMO/SX
SA-8(3)MODULARITY AND LAYERINGO/SX
SA-8(4)PARTIALLY ORDERED DEPENDENCIESO/SX
SA-8(5)EFFICIENTLY MEDIATED ACCESSO/SX
SA-8(6)MINIMIZED SHARINGO/SX
SA-8(7)REDUCED COMPLEXITYO/SX
SA-8(8)SECURE EVOLVABILITYO/SX
SA-8(9)TRUSTED COMPONENTSO/SX
SA-8(10)HIERARCHICAL TRUSTO/SX
SA-8(11)INVERSE MODIFICATION THRESHOLDO/SX
SA-8(12)HIERARCHICAL PROTECTIONO/SX
SA-8(13)MINIMIZED SECURITY ELEMENTSO/SX
SA-8(14)LEAST PRIVILEGEO/SX
SA-8(15)PREDICATE PERMISSIONO/SX
SA-8(16)SELF-RELIANT TRUSTWORTHINESSO/SX
SA-8(17)SECURE DISTRIBUTED COMPOSITIONO/SX
SA-8(18)TRUSTED COMMUNICATIONS CHANNELSO/SX
SA-8(19)CONTINUOUS PROTECTIONO/SX
SA-8(20)SECURE METADATA MANAGEMENTO/SX
SA-8(21)SELF-ANALYSISO/SX
SA-8(22)ACCOUNTABILITY AND TRACEABILITYO/SX
SA-8(23)SECURE DEFAULTSO/SX
SA-8(24)SECURE FAILURE AND RECOVERYO/SX
SA-8(25)ECONOMIC SECURITYO/SX
SA-8(26)PERFORMANCE SECURITYO/SX
SA-8(27)HUMAN FACTORED SECURITYO/SX
SA-8(28)ACCEPTABLE SECURITYO/SX
SA-8(29)REPEATABLE AND DOCUMENTED PROCEDURESO/SX
SA-8(30)PROCEDURAL RIGORO/SX
SA-8(31)SECURE SYSTEM MODIFICATIONO/SX
SA-8(32)SUFFICIENT DOCUMENTATIONO/SX
SA-8(33)MINIMIZATIONO/SX
SC-2Separation of System and User FunctionalitySX
SC-2(1)INTERFACES FOR NON-PRIVILEGED USERSSX
SC-2(2)DISASSOCIABILITYSX
SC-3Security Function IsolationSX
SC-3(1)HARDWARE SEPARATIONSX
SC-3(2)ACCESS AND FLOW CONTROL FUNCTIONSSX
SC-3(3)MINIMIZE NONSECURITY FUNCTIONALITYO/SX
SC-3(4)MODULE COUPLING AND COHESIVENESSO/SX
SC-3(5)LAYERED STRUCTURESO/SX
SC-4Information in Shared System ResourcesS
SC-4(2)MULTILEVEL OR PERIODS PROCESSINGS
SC-5Denial-of-Service ProtectionS
SC-5(1)RESTRICT ABILITY TO ATTACK OTHER SYSTEMSS
SC-5(2)“CAPACITY, BANDWIDTH, AND REDUNDANCY”S
SC-5(3)DETECTION AND MONITORINGS
SC-6Resource AvailabilitySX
SC-7Boundary ProtectionS
SC-7(3)ACCESS POINTSS
SC-7(5)DENY BY DEFAULT — ALLOW BY EXCEPTIONS
SC-7(7)SPLIT TUNNELING FOR REMOTE DEVICESS
SC-7(8)ROUTE TRAFFIC TO AUTHENTICATED PROXY SERVERSS
SC-7(9)RESTRICT THREATENING OUTGOING COMMUNICATIONS TRAFFICS
SC-7(10)PREVENT EXFILTRATIONS
SC-7(11)RESTRICT INCOMING COMMUNICATIONS TRAFFICS
SC-7(12)HOST-BASED PROTECTIONS
SC-7(13)“ISOLATION OF SECURITY TOOLS, MECHANISMS, AND SUPPORT COMPONENTS”S
SC-7(14)PROTECT AGAINST UNAUTHORIZED PHYSICAL CONNECTIONSS
SC-7(15)NETWORKED PRIVILEGED ACCESSESS
SC-7(16)PREVENT DISCOVERY OF SYSTEM COMPONENTSS
SC-7(17)AUTOMATED ENFORCEMENT OF PROTOCOL FORMATSS
SC-7(18)FAIL SECURESX
SC-7(19)BLOCK COMMUNICATION FROM NON-ORGANIZATIONALLY CONFIGURED HOSTSS
SC-7(20)DYNAMIC ISOLATION AND SEGREGATIONS
SC-7(21)ISOLATION OF SYSTEM COMPONENTSO/SX
SC-7(22)SEPARATE SUBNETS FOR CONNECTING TO DIFFERENT SECURITY DOMAINSSX
SC-7(23)DISABLE SENDER FEEDBACK ON PROTOCOL VALIDATION FAILURES
SC-7(24)PERSONALLY IDENTIFIABLE INFORMATIONO/S
SC-7(29)SEPARATE SUBNETS TO ISOLATE FUNCTIONSS
SC-8Transmission Confidentiality and IntegrityS
SC-8(1)CRYPTOGRAPHIC PROTECTIONS
SC-8(2)PRE- AND POST-TRANSMISSION HANDLINGS
SC-8(3)CRYPTOGRAPHIC PROTECTION FOR MESSAGE EXTERNALSS
SC-8(4)CONCEAL OR RANDOMIZE COMMUNICATIONSS
SC-8(5)PROTECTED DISTRIBUTION SYSTEMS
SC-10Network DisconnectS
SC-11Trusted PathSX
SC-11(1)IRREFUTABLE COMMUNICATIONS PATHSX
SC-12Cryptographic Key Establishment and ManagementO/S
SC-12(1)AVAILABILITYO/S
SC-12(2)SYMMETRIC KEYSO/S
SC-12(3)ASYMMETRIC KEYSO/S
SC-12(6)PHYSICAL CONTROL OF KEYSO/S
SC-13Cryptographic ProtectionS
SC-15Collaborative Computing Devices and ApplicationsS
SC-15(1)PHYSICAL OR LOGICAL DISCONNECTS
SC-15(4)EXPLICITLY INDICATE CURRENT PARTICIPANTSS
SC-16Transmission of Security and Privacy AttributesS
SC-16(1)INTEGRITY VERIFICATIONS
SC-16(2)ANTI-SPOOFING MECHANISMSS
SC-16(3)CRYPTOGRAPHIC BINDINGS
SC-17Public Key Infrastructure CertificatesO/S
SC-18(1)IDENTIFY UNACCEPTABLE CODE AND TAKE CORRECTIVE ACTIONSS
SC-18(3)PREVENT DOWNLOADING AND EXECUTIONS
SC-18(4)PREVENT AUTOMATIC EXECUTIONS
SC-18(5)ALLOW EXECUTION ONLY IN CONFINED ENVIRONMENTSS
SC-20Secure Name/Address Resolution Service (Authoritative Source)S
SC-20(2)DATA ORIGIN AND INTEGRITYS
SC-21Secure Name/Address Resolution Service (Recursive or Caching Resolver)S
SC-22Architecture and Provisioning for Name/Address Resolution ServiceS
SC-23Session AuthenticityS
SC-23(1)INVALIDATE SESSION IDENTIFIERS AT LOGOUTS
SC-23(3)UNIQUE SYSTEM-GENERATED SESSION IDENTIFIERSS
SC-23(5)ALLOWED CERTIFICATE AUTHORITIESS
SC-24Fail in Known StateSX
SC-25Thin NodesS
SC-26DecoysS
SC-27Platform-Independent ApplicationsS
SC-28Protection of Information at RestS
SC-28(1)CRYPTOGRAPHIC PROTECTIONS
SC-28(3)CRYPTOGRAPHIC KEYSO/S
SC-32System PartitioningO/SX
SC-32(1)SEPARATE PHYSICAL DOMAINS FOR PRIVILEGED FUNCTIONSO/SX
SC-34Non-Modifiable Executable ProgramsSX
SC-35External Malicious Code IdentificationS
SC-39Process IsolationSX
SC-39(1)HARDWARE SEPARATIONSX
SC-39(2)SEPARATE EXECUTION DOMAIN PER THREADSX
SC-40Wireless Link ProtectionS
SC-40(1)ELECTROMAGNETIC INTERFERENCES
SC-40(2)REDUCE DETECTION POTENTIALS
SC-40(3)IMITATIVE OR MANIPULATIVE COMMUNICATIONS DECEPTIONS
SC-40(4)SIGNAL PARAMETER IDENTIFICATIONS
SC-41Port and I/O Device AccessO/S
SC-42Sensor Capability and DataS
SC-43Usage RestrictionsO/S
SC-44Detonation ChambersS
SC-45System Time SynchronizationS
SC-45(1)SYNCHRONIZATION WITH AUTHORITATIVE TIME SOURCES
SC-45(2)SECONDARY AUTHORITATIVE TIME SOURCES
SC-46Cross Domain Policy EnforcementS
SC-47Alternate Communications PathsO/S
SC-48Sensor RelocationO/S
SC-48(1)DYNAMIC RELOCATION OF SENSORS OR MONITORING CAPABILITIESO/S
SC-49Hardware-Enforced Separation and Policy EnforcementO/SX
SC-50Software-Enforced Separation and Policy EnforcementO/SX
SC-51Hardware-Based ProtectionO/SX
SI-2(4)AUTOMATED PATCH MANAGEMENT TOOLSO/S
SI-2(5)AUTOMATIC SOFTWARE AND FIRMWARE UPDATESO/S
SI-2(6)REMOVAL OF PREVIOUS VERSIONS OF SOFTWARE AND FIRMWAREO/S
SI-3Malicious Code ProtectionO/S
SI-3(4)UPDATES ONLY BY PRIVILEGED USERSO/S
SI-3(8)DETECT UNAUTHORIZED COMMANDSS
SI-4System MonitoringO/SX
SI-4(1)SYSTEM-WIDE INTRUSION DETECTION SYSTEMO/SX
SI-4(2)AUTOMATED TOOLS AND MECHANISMS FOR REAL-TIME ANALYSISSX
SI-4(3)AUTOMATED TOOL AND MECHANISM INTEGRATIONSX
SI-4(4)INBOUND AND OUTBOUND COMMUNICATIONS TRAFFICSX
SI-4(5)SYSTEM-GENERATED ALERTSSX
SI-4(7)AUTOMATED RESPONSE TO SUSPICIOUS EVENTSSX
SI-4(11)ANALYZE COMMUNICATIONS TRAFFIC ANOMALIESO/SX
SI-4(12)AUTOMATED ORGANIZATION-GENERATED ALERTSO/SX
SI-4(13)ANALYZE TRAFFIC AND EVENT PATTERNSO/SX
SI-4(14)WIRELESS INTRUSION DETECTIONSX
SI-4(15)WIRELESS TO WIRELINE COMMUNICATIONSSX
SI-4(16)CORRELATE MONITORING INFORMATIONO/SX
SI-4(18)ANALYZE TRAFFIC AND COVERT EXFILTRATIONO/SX
SI-4(20)PRIVILEGED USERSSX
SI-4(22)UNAUTHORIZED NETWORK SERVICESSX
SI-4(24)INDICATORS OF COMPROMISESX
SI-4(25)OPTIMIZE NETWORK TRAFFIC ANALYSISSX
SI-6Security and Privacy Function VerificationSX
SI-6(2)AUTOMATION SUPPORT FOR DISTRIBUTED TESTINGS
SI-7“Software, Firmware, and Information Integrity”O/SX
SI-7(1)INTEGRITY CHECKSSX
SI-7(2)AUTOMATED NOTIFICATIONS OF INTEGRITY VIOLATIONSSX
SI-7(5)AUTOMATED RESPONSE TO INTEGRITY VIOLATIONSSX
SI-7(6)CRYPTOGRAPHIC PROTECTIONSX
SI-7(8)AUDITING CAPABILITY FOR SIGNIFICANT EVENTSSX
SI-7(9)VERIFY BOOT PROCESSSX
SI-7(10)PROTECTION OF BOOT FIRMWARESX
SI-7(12)INTEGRITY VERIFICATIONO/SX
SI-7(15)CODE AUTHENTICATIONSX
SI-7(17)RUNTIME APPLICATION SELF-PROTECTIONO/SX
SI-8(2)AUTOMATIC UPDATESS
SI-8(3)CONTINUOUS LEARNING CAPABILITYS
SI-10Information Input ValidationSX
SI-10(1)MANUAL OVERRIDE CAPABILITYO/SX
SI-10(3)PREDICTABLE BEHAVIORO/SX
SI-10(4)TIMING INTERACTIONSSX
SI-10(5)RESTRICT INPUTS TO TRUSTED SOURCES AND APPROVED FORMATSSX
SI-10(6)INJECTION PREVENTIONSX
SI-11Error HandlingS
SI-13(4)STANDBY COMPONENT INSTALLATION AND NOTIFICATIONO/SX
SI-15Information Output FilteringSX
SI-16Memory ProtectionSX
SI-17Fail-Safe ProceduresSX
SI-18Personally Identifiable Information Quality OperationsO/S
SI-18(1)AUTOMATION SUPPORTO/S
SI-18(2)DATA TAGSO/S
SI-18(3)COLLECTIONO/S
SI-18(4)INDIVIDUAL REQUESTSO/S
SI-18(5)NOTICE OF CORRECTION OR DELETIONO/S
SI-19De-IdentificationO/S
SI-19(1)COLLECTIONO/S
SI-19(2)ARCHIVINGO/S
SI-19(3)RELEASEO/S
SI-19(4)“REMOVAL, MASKING, ENCRYPTION, HASHING, OR REPLACEMENT OF DIRECT IDENTIFIERS”S
SI-19(5)STATISTICAL DISCLOSURE CONTROLO/S
SI-19(6)DIFFERENTIAL PRIVACYO/S
SI-19(8)MOTIVATED INTRUDERO/S
SI-20TaintingO/SX
SI-21Information RefreshO/SX
SI-22Information DiversityO/SX
SI-23Information FragmentationO/SX
SR-3Supply Chain Controls and ProcessesO/SX