Security Controls
Low-Impact
Moderate-Impact
High-Impact
Other Links
Families
Search

NIST Special Publication 800-53 (Rev. 4)

Security Controls and Assessment Procedures for Federal Information Systems and Organizations

Low Impact Controls

Showing 115 controls:

No. Control Priority Low Moderate High
AC-1 ACCESS CONTROL POLICY AND PROCEDURES P1 AC-1 AC-1 AC-1
AC-2 ACCOUNT MANAGEMENT P1 AC-2 AC-2 (1) (2) (3) (4) AC-2 (1) (2) (3) (4) (5) (11) (12) (13)
AC-3 ACCESS ENFORCEMENT P1 AC-3 AC-3 AC-3
AC-7 UNSUCCESSFUL LOGON ATTEMPTS P2 AC-7 AC-7 AC-7
AC-8 SYSTEM USE NOTIFICATION P1 AC-8 AC-8 AC-8
AC-14 PERMITTED ACTIONS WITHOUT IDENTIFICATION OR AUTHENTICATION P3 AC-14 AC-14 AC-14
AC-17 REMOTE ACCESS P1 AC-17 AC-17 (1) (2) (3) (4) AC-17 (1) (2) (3) (4)
AC-18 WIRELESS ACCESS P1 AC-18 AC-18 (1) AC-18 (1) (4) (5)
AC-19 ACCESS CONTROL FOR MOBILE DEVICES P1 AC-19 AC-19 (5) AC-19 (5)
AC-20 USE OF EXTERNAL INFORMATION SYSTEMS P1 AC-20 AC-20 (1) (2) AC-20 (1) (2)
AC-22 PUBLICLY ACCESSIBLE CONTENT P3 AC-22 AC-22 AC-22
AT-1 SECURITY AWARENESS AND TRAINING POLICY AND PROCEDURES P1 AT-1 AT-1 AT-1
AT-2 SECURITY AWARENESS TRAINING P1 AT-2 AT-2 (2) AT-2 (2)
AT-3 ROLE-BASED SECURITY TRAINING P1 AT-3 AT-3 AT-3
AT-4 SECURITY TRAINING RECORDS P3 AT-4 AT-4 AT-4
AU-1 AUDIT AND ACCOUNTABILITY POLICY AND PROCEDURES P1 AU-1 AU-1 AU-1
AU-2 AUDIT EVENTS P1 AU-2 AU-2 (3) AU-2 (3)
AU-3 CONTENT OF AUDIT RECORDS P1 AU-3 AU-3 (1) AU-3 (1) (2)
AU-4 AUDIT STORAGE CAPACITY P1 AU-4 AU-4 AU-4
AU-5 RESPONSE TO AUDIT PROCESSING FAILURES P1 AU-5 AU-5 AU-5 (1) (2)
AU-6 AUDIT REVIEW, ANALYSIS, AND REPORTING P1 AU-6 AU-6 (1) (3) AU-6 (1) (3) (5) (6)
AU-8 TIME STAMPS P1 AU-8 AU-8 (1) AU-8 (1)
AU-9 PROTECTION OF AUDIT INFORMATION P1 AU-9 AU-9 (4) AU-9 (2) (3) (4)
AU-11 AUDIT RECORD RETENTION P3 AU-11 AU-11 AU-11
AU-12 AUDIT GENERATION P1 AU-12 AU-12 AU-12 (1) (3)
CA-1 SECURITY ASSESSMENT AND AUTHORIZATION POLICY AND PROCEDURES P1 CA-1 CA-1 CA-1
CA-2 SECURITY ASSESSMENTS P2 CA-2 CA-2 (1) CA-2 (1) (2)
CA-3 SYSTEM INTERCONNECTIONS P1 CA-3 CA-3 (5) CA-3 (5)
CA-5 PLAN OF ACTION AND MILESTONES P3 CA-5 CA-5 CA-5
CA-6 SECURITY AUTHORIZATION P2 CA-6 CA-6 CA-6
CA-7 CONTINUOUS MONITORING P2 CA-7 CA-7 (1) CA-7 (1)
CA-9 INTERNAL SYSTEM CONNECTIONS P2 CA-9 CA-9 CA-9
CM-1 CONFIGURATION MANAGEMENT POLICY AND PROCEDURES P1 CM-1 CM-1 CM-1
CM-2 BASELINE CONFIGURATION P1 CM-2 CM-2 (1) (3) (7) CM-2 (1) (2) (3) (7)
CM-4 SECURITY IMPACT ANALYSIS P2 CM-4 CM-4 CM-4 (1)
CM-6 CONFIGURATION SETTINGS P1 CM-6 CM-6 CM-6 (1) (2)
CM-7 LEAST FUNCTIONALITY P1 CM-7 CM-7 (1) (2) (4) CM-7 (1) (2) (5)
CM-8 INFORMATION SYSTEM COMPONENT INVENTORY P1 CM-8 CM-8 (1) (3) (5) CM-8 (1) (2) (3) (4) (5)
CM-10 SOFTWARE USAGE RESTRICTIONS P2 CM-10 CM-10 CM-10
CM-11 USER-INSTALLED SOFTWARE P1 CM-11 CM-11 CM-11
CP-1 CONTINGENCY PLANNING POLICY AND PROCEDURES P1 CP-1 CP-1 CP-1
CP-2 CONTINGENCY PLAN P1 CP-2 CP-2 (1) (3) (8) CP-2 (1) (2) (3) (4) (5) (8)
CP-3 CONTINGENCY TRAINING P2 CP-3 CP-3 CP-3 (1)
CP-4 CONTINGENCY PLAN TESTING P2 CP-4 CP-4 (1) CP-4 (1) (2)
CP-9 INFORMATION SYSTEM BACKUP P1 CP-9 CP-9 (1) CP-9 (1) (2) (3) (5)
CP-10 INFORMATION SYSTEM RECOVERY AND RECONSTITUTION P1 CP-10 CP-10 (2) CP-10 (2) (4)
IA-1 IDENTIFICATION AND AUTHENTICATION POLICY AND PROCEDURES P1 IA-1 IA-1 IA-1
IA-2 IDENTIFICATION AND AUTHENTICATION (ORGANIZATIONAL USERS) P1 IA-2 (1) (12) IA-2 (1) (2) (3) (8) (11) (12) IA-2 (1) (2) (3) (4) (8) (9) (11) (12)
IA-4 IDENTIFIER MANAGEMENT P1 IA-4 IA-4 IA-4
IA-5 AUTHENTICATOR MANAGEMENT P1 IA-5 (1) (11) IA-5 (1) (2) (3) (11) IA-5 (1) (2) (3) (11)
IA-6 AUTHENTICATOR FEEDBACK P2 IA-6 IA-6 IA-6
IA-7 CRYPTOGRAPHIC MODULE AUTHENTICATION P1 IA-7 IA-7 IA-7
IA-8 IDENTIFICATION AND AUTHENTICATION (NON-ORGANIZATIONAL USERS) P1 IA-8 (1) (2) (3) (4) IA-8 (1) (2) (3) (4) IA-8 (1) (2) (3) (4)
IR-1 INCIDENT RESPONSE POLICY AND PROCEDURES P1 IR-1 IR-1 IR-1
IR-2 INCIDENT RESPONSE TRAINING P2 IR-2 IR-2 IR-2 (1) (2)
IR-4 INCIDENT HANDLING P1 IR-4 IR-4 (1) IR-4 (1) (4)
IR-5 INCIDENT MONITORING P1 IR-5 IR-5 IR-5 (1)
IR-6 INCIDENT REPORTING P1 IR-6 IR-6 (1) IR-6 (1)
IR-7 INCIDENT RESPONSE ASSISTANCE P2 IR-7 IR-7 (1) IR-7 (1)
IR-8 INCIDENT RESPONSE PLAN P1 IR-8 IR-8 IR-8
MA-1 SYSTEM MAINTENANCE POLICY AND PROCEDURES P1 MA-1 MA-1 MA-1
MA-2 CONTROLLED MAINTENANCE P2 MA-2 MA-2 MA-2 (2)
MA-4 NONLOCAL MAINTENANCE P2 MA-4 MA-4 (2) MA-4 (2) (3)
MA-5 MAINTENANCE PERSONNEL P2 MA-5 MA-5 MA-5 (1)
MP-1 MEDIA PROTECTION POLICY AND PROCEDURES P1 MP-1 MP-1 MP-1
MP-2 MEDIA ACCESS P1 MP-2 MP-2 MP-2
MP-6 MEDIA SANITIZATION P1 MP-6 MP-6 MP-6 (1) (2) (3)
MP-7 MEDIA USE P1 MP-7 MP-7 (1) MP-7 (1)
PE-1 PHYSICAL AND ENVIRONMENTAL PROTECTION POLICY AND PROCEDURES P1 PE-1 PE-1 PE-1
PE-2 PHYSICAL ACCESS AUTHORIZATIONS P1 PE-2 PE-2 PE-2
PE-3 PHYSICAL ACCESS CONTROL P1 PE-3 PE-3 PE-3 (1)
PE-6 MONITORING PHYSICAL ACCESS P1 PE-6 PE-6 (1) PE-6 (1) (4)
PE-8 VISITOR ACCESS RECORDS P3 PE-8 PE-8 PE-8 (1)
PE-12 EMERGENCY LIGHTING P1 PE-12 PE-12 PE-12
PE-13 FIRE PROTECTION P1 PE-13 PE-13 (3) PE-13 (1) (2) (3)
PE-14 TEMPERATURE AND HUMIDITY CONTROLS P1 PE-14 PE-14 PE-14
PE-15 WATER DAMAGE PROTECTION P1 PE-15 PE-15 PE-15 (1)
PE-16 DELIVERY AND REMOVAL P2 PE-16 PE-16 PE-16
PL-1 SECURITY PLANNING POLICY AND PROCEDURES P1 PL-1 PL-1 PL-1
PL-2 SYSTEM SECURITY PLAN P1 PL-2 PL-2 (3) PL-2 (3)
PL-4 RULES OF BEHAVIOR P2 PL-4 PL-4 (1) PL-4 (1)
PS-1 PERSONNEL SECURITY POLICY AND PROCEDURES P1 PS-1 PS-1 PS-1
PS-2 POSITION RISK DESIGNATION P1 PS-2 PS-2 PS-2
PS-3 PERSONNEL SCREENING P1 PS-3 PS-3 PS-3
PS-4 PERSONNEL TERMINATION P1 PS-4 PS-4 PS-4 (2)
PS-5 PERSONNEL TRANSFER P2 PS-5 PS-5 PS-5
PS-6 ACCESS AGREEMENTS P3 PS-6 PS-6 PS-6
PS-7 THIRD-PARTY PERSONNEL SECURITY P1 PS-7 PS-7 PS-7
PS-8 PERSONNEL SANCTIONS P3 PS-8 PS-8 PS-8
RA-1 RISK ASSESSMENT POLICY AND PROCEDURES P1 RA-1 RA-1 RA-1
RA-2 SECURITY CATEGORIZATION P1 RA-2 RA-2 RA-2
RA-3 RISK ASSESSMENT P1 RA-3 RA-3 RA-3
RA-5 VULNERABILITY SCANNING P1 RA-5 RA-5 (1) (2) (5) RA-5 (1) (2) (4) (5)
SA-1 SYSTEM AND SERVICES ACQUISITION POLICY AND PROCEDURES P1 SA-1 SA-1 SA-1
SA-2 ALLOCATION OF RESOURCES P1 SA-2 SA-2 SA-2
SA-3 SYSTEM DEVELOPMENT LIFE CYCLE P1 SA-3 SA-3 SA-3
SA-4 ACQUISITION PROCESS P1 SA-4 (10) SA-4 (1) (2) (9) (10) SA-4 (1) (2) (9) (10)
SA-5 INFORMATION SYSTEM DOCUMENTATION P2 SA-5 SA-5 SA-5
SA-9 EXTERNAL INFORMATION SYSTEM SERVICES P1 SA-9 SA-9 (2) SA-9 (2)
SC-1 SYSTEM AND COMMUNICATIONS PROTECTION POLICY AND PROCEDURES P1 SC-1 SC-1 SC-1
SC-5 DENIAL OF SERVICE PROTECTION P1 SC-5 SC-5 SC-5
SC-7 BOUNDARY PROTECTION P1 SC-7 SC-7 (3) (4) (5) (7) SC-7 (3) (4) (5) (7) (8) (18) (21)
SC-12 CRYPTOGRAPHIC KEY ESTABLISHMENT AND MANAGEMENT P1 SC-12 SC-12 SC-12 (1)
SC-13 CRYPTOGRAPHIC PROTECTION P1 SC-13 SC-13 SC-13
SC-15 COLLABORATIVE COMPUTING DEVICES P1 SC-15 SC-15 SC-15
SC-20 SECURE NAME / ADDRESS RESOLUTION SERVICE (AUTHORITATIVE SOURCE) P1 SC-20 SC-20 SC-20
SC-21 SECURE NAME / ADDRESS RESOLUTION SERVICE (RECURSIVE OR CACHING RESOLVER) P1 SC-21 SC-21 SC-21
SC-22 ARCHITECTURE AND PROVISIONING FOR NAME / ADDRESS RESOLUTION SERVICE P1 SC-22 SC-22 SC-22
SC-39 PROCESS ISOLATION P1 SC-39 SC-39 SC-39
SI-1 SYSTEM AND INFORMATION INTEGRITY POLICY AND PROCEDURES P1 SI-1 SI-1 SI-1
SI-2 FLAW REMEDIATION P1 SI-2 SI-2 (2) SI-2 (1) (2)
SI-3 MALICIOUS CODE PROTECTION P1 SI-3 SI-3 (1) (2) SI-3 (1) (2)
SI-4 INFORMATION SYSTEM MONITORING P1 SI-4 SI-4 (2) (4) (5) SI-4 (2) (4) (5)
SI-5 SECURITY ALERTS, ADVISORIES, AND DIRECTIVES P1 SI-5 SI-5 SI-5 (1)
SI-12 INFORMATION HANDLING AND RETENTION P2 SI-12 SI-12 SI-12