|
| Domain | Subdomain |
|
| D.1 Access Control | D.1.2 Account Management |
| D.1.3 Access Enforcement |
| D.1.5 Separation of Duties |
| D.1.6 Least Privilege |
| D.1.7 Unsuccessful Login Attempts |
| D.1.8 System Use Notification |
| D.1.10 Concurrent Session Control |
| D.1.11 Session Lock |
| D.1.17 Remote Access |
| D.1.18 Wireless Access |
| D.1.19 Access Control for Mobile Devices |
| D.1.22 Publicly Accessible Content |
|
| D.2 Awareness and Training | D.2.2 Security Awareness |
| D.2.3 Security Training |
|
|
D.3 Audit and Accountability | D.3.2 Auditable Events |
| D.3.3 Response to Audit Processing Failures |
| D.3.4 Audit Reduction and Report Generation |
| D.3.5 Audit Generation |
|
| D.4 Security Assessment and Authorization | D.4.2 Security Assessments |
| D.4.7 Continuous Monitoring |
|
| D.5 Configuration Management | D.5.3 Configuration Change Control |
| D.5.4 Security Impact Analysis |
| D.5.5 Access Restrictions for Change |
| D.5.6 Configuration setting |
| D.5.7 Least Functionality |
|
|
D.6 Contingency Planning | D.6.2 Contingency Plan |
| D.6.4 Contingency Plan Testing and Exercises |
| D.6.10 Information System Recovery and Reconstitution |
|
|
D.7 Identification and Authentication | D.7.2 Identification and Authentication (Organizational Users) |
| D.7.3 Device Identification and Authentication |
| D.7.4 Identifier Management |
| D.7.5 Authenticator Management |
| D.7.7 Cryptographic Module Authentication |
|
| D.8 Incident Response | D.8.6 Incident Reporting |
|
| D.9 Maintenance | D.9.4 Non-Local Maintenance |
|
| D.10 Media Protection | D.10.5 Media Transport |
|
| D.11 Physical and Environmental Protection | D.11.3 Physical Access Control |
|
| D.12 Planning | D.12.2 System Security Plan |
|
| D.14 Risk Assessment | D.14.2 System Categorization |
| D.14.3 Risk Assessment |
| D.14.5 Vulnerability Scanning |
|
|
D.15 System and Services Acquisition | D.15.4 Acquisitions |
| D.15.8 Security Engineering Principles |
|
| D.16 System and Communications Protection | D.16.2 Application Partitioning |
| D.16.3 Security Function Isolation |
| D.16.7 Boundary Protection |
| D.16.8 Transmission Integrity |
| D.16.9 Transmission Confidentiality |
| D.16.10 Network Disconnect |
| D.16.12 Cryptographic Key Establishment and Management |
| D.16.13 Use of Cryptography |
| D.16.14 Public Access Protections |
| D.16.15 Collaborative Computing Devices |
| D.16.19 Voice Over Internet Protocol |
| D.16.20 Secure Name/Address Resolution Service (Authoritative Source) |
| D.16.21 Secure Name/Address Resolution Service (Recursive or Caching Resolver) |
| D.16.22 Architecture and Provisioning for Name/Address Resolution Service |
| D.16.23 Session Authenticity |
|
| D.17 System and Information Integrity | D.17.2 Flaw Remediation |
| D.17.3 Malicious Code Protection |
| D.17.4 Information System Monitoring |
| D.17.6 Security Functionality Verification |
| D.17.7 Software and Information Integrity |
| D.17.8 Spam Protection |
|
