Sign In   Become a Member
HomeIA ControlsDocumentsC&A DocWriterOrder OnlineSearch

Information Assurance Controls

Available IA Controls
Purchase our control packs online in convenient XML or Microsoft Access formats for use in your own internal C & A tools.
NIST
NIST 800-53 July 2009 High
July 2009
NIST 800-53 July 2009 Low
July 2009
NIST 800-53 July 2009 Moderate
July 2009
DoD8500.2
DoD8500.2 Attachment A2 with Validation
DoD8500.2 Attachment A2
DoD8500.2 Attachment A3 with Validation
DoD8500.2 Attachment A3
DoD8500.2 Attachment A4 with Validation
DoD8500.2 Attachment A4
DoD8500.2 Attachment A5 with Validation
DoD8500.2 Attachment A5
DCID
DCID 6/3 May 24, 2000
5/24/2000
JAFAN
JAFAN October 15, 2004
Oct 15 2004
DoD5220.22
DoD 5220.22-M, February 28, 2006
2/28/06
Army R-25
Army Regulation 25-2, August 3, 2007
August 3 2007v5
Top Viewed Controls (Last 30 Days)
AC-1
NIST 800-53 July 2009 High July 2009
The organization develops, disseminates, and reviews/updates [Assignment: organization-defined frequency]: a. A formal, documented access control policy that addresses purpose, scope, roles,...
CM-3
NIST 800-53 July 2009 High July 2009
The organization: a. Determines the types of changes to the information system that are configuration controlled; b. Approves configuration-controlled changes to the system with explicit...
SA-1
NIST 800-53 July 2009 High July 2009
The organization develops, disseminates, and reviews/updates [Assignment: organization-defined frequency]: a. A formal, documented system and services acquisition policy that includes information...
CA-6
NIST 800-53 July 2009 High July 2009
The organization: a. Assigns a senior-level executive or manager to the role of authorizing official for the information system; b. Ensures that the authorizing official authorizes the information...
RA-3
NIST 800-53 July 2009 High July 2009
The organization: a. Conducts an assessment of risk, including the likelihood and magnitude of harm, from the unauthorized access, use, disclosure, disruption, modification, or destruction of the...
DCAR-1
DoD8500.2 Attachment A2 with Validation DoD8500.2 Attachment A2
An annual IA review is conducted that comprehensively evaluates existing policies and processes to ensure procedural consistency and to ensure that they fully support the goal of uninterrupted...
4.B.3.a(1)
DCID 6/3 May 24, 2000 5/24/2000
Access control, including:
AC-2
NIST 800-53 July 2009 High July 2009
The organization manages information system accounts, including: a. Identifying account types (i.e., individual, group, system, application, guest/anonymous, and temporary); b. Establishing...
4.B.5.a(17)
JAFAN October 15, 2004 Oct 15 2004
Least Privilege procedures, including the assurance that each user or process is granted the most restrictive set of privileges or accesses needed for the performance of authorized tasks.
PM-9
NIST 800-53 July 2009 High July 2009
The organization: a. Develops a comprehensive strategy to manage risk to organizational operations and assets, individuals, other organizations, and the Nation associated with the operation and use...
AU-6
NIST 800-53 July 2009 Moderate July 2009
The organization: a. Reviews and analyzes information system audit records [Assignment: organization-defined frequency] for indications of inappropriate or unusual activity, and reports findings to...
MA-5
NIST 800-53 July 2009 High July 2009
The organization: a. Establishes a process for maintenance personnel authorization and maintains a current list of authorized maintenance organizations or personnel; and b. Ensures that personnel...
SC-24
NIST 800-53 July 2009 High July 2009
The information system fails to a [Assignment: organization-defined known-state] for [Assignment: organization-defined types of failures] preserving [Assignment: organization-defined system state...
4.B.1.b(1)(c)
DCID 6/3 May 24, 2000 5/24/2000
Activating an account.
4.B.1.a(1)(a)
JAFAN October 15, 2004 Oct 15 2004
Denial of physical access by unauthorized individuals unless under constant supervision of technically qualified, authorized personnel.