AC-10,CONCURRENT SESSION CONTROL
AC-11,SESSION LOCK
AC-12,SESSION TERMINATION
AC-14,PERMITTED ACTIONS WITHOUT IDENTIFICATION OR AUTHENTICATION
AC-16,SECURITY ATTRIBUTES
AC-17,REMOTE ACCESS
AC-18,WIRELESS ACCESS
AC-19,ACCESS CONTROL FOR MOBILE DEVICES
AC-2,ACCOUNT MANAGEMENT
AC-20,USE OF EXTERNAL INFORMATION SYSTEMS
AC-21,INFORMATION SHARING
AC-23,DATA MINING PROTECTION
AC-3,ACCESS ENFORCEMENT
AC-4,INFORMATION FLOW ENFORCEMENT
AC-5,SEPARATION OF DUTIES
AC-6,LEAST PRIVILEGE
AC-7,UNSUCCESSFUL LOGON ATTEMPTS
AC-8,SYSTEM USE NOTIFICATION
CA-2,SECURITY ASSESSMENTS
CA-3,SYSTEM INTERCONNECTIONS
CA-7,CONTINUOUS MONITORING
CA-8,PENETRATION TESTING
CM-10,SOFTWARE USAGE RESTRICTIONS
CM-11,USER-INSTALLED SOFTWARE
CM-12,INFORMATION LOCATION
CM-2,BASELINE CONFIGURATION
CM-3,CONFIGURATION CHANGE CONTROL
CM-5,ACCESS RESTRICTIONS FOR CHANGE
CM-6,CONFIGURATION SETTINGS
CM-7,LEAST FUNCTIONALITY
CM-8,INFORMATION SYSTEM COMPONENT INVENTORY
CP-10,INFORMATION SYSTEM RECOVERY AND RECONSTITUTION
CP-2,CONTINGENCY PLAN
CP-6,ALTERNATE STORAGE SITE
CP-7,ALTERNATE PROCESSING SITE
CP-9,INFORMATION SYSTEM BACKUP
IA-11,RE-AUTHENTICATION
IA-12,IDENTITY PROOFING
IA-2,IDENTIFICATION AND AUTHENTICATION (ORGANIZATIONAL USERS)
IA-3,DEVICE IDENTIFICATION AND AUTHENTICATION
IA-4,IDENTIFIER MANAGEMENT
IA-5,AUTHENTICATOR MANAGEMENT
IA-6,AUTHENTICATOR FEEDBACK
IA-7,CRYPTOGRAPHIC MODULE AUTHENTICATION
IA-8,IDENTIFICATION AND AUTHENTICATION (NON-ORGANIZATIONAL USERS)
IA-9,SERVICE IDENTIFICATION AND AUTHENTICATION
MP-7,MEDIA USE
RA-10,THREAT HUNTING
RA-5,VULNERABILITY SCANNING
RA-9,CRITICALITY ANALYSIS
SA-10,DEVELOPER CONFIGURATION MANAGEMENT
SA-11,DEVELOPER SECURITY TESTING AND EVALUATION
SA-15,"DEVELOPMENT PROCESS, STANDARDS, AND TOOLS"
SA-16,DEVELOPER-PROVIDED TRAINING
SA-17,DEVELOPER SECURITY ARCHITECTURE AND DESIGN
SA-22,UNSUPPORTED SYSTEM COMPONENTS
SA-3,SYSTEM DEVELOPMENT LIFE CYCLE
SA-4,ACQUISITION PROCESS
SA-8,SECURITY ENGINEERING PRINCIPLES
SA-9,EXTERNAL INFORMATION SYSTEM SERVICES
SC-10,NETWORK DISCONNECT
SC-12,CRYPTOGRAPHIC KEY ESTABLISHMENT AND MANAGEMENT
SC-13,CRYPTOGRAPHIC PROTECTION
SC-17,PUBLIC KEY INFRASTRUCTURE CERTIFICATES
SC-18,MOBILE CODE
SC-2,APPLICATION PARTITIONING
SC-20,SECURE NAME / ADDRESS RESOLUTION SERVICE (AUTHORITATIVE SOURCE)
SC-21,SECURE NAME / ADDRESS RESOLUTION SERVICE (RECURSIVE OR CACHING RESOLVER)
SC-22,ARCHITECTURE AND PROVISIONING FOR NAME / ADDRESS RESOLUTION SERVICE
SC-23,SESSION AUTHENTICITY
SC-26,HONEYPOTS
SC-28,PROTECTION OF INFORMATION AT REST
SC-29,HETEROGENEITY
SC-3,SECURITY FUNCTION ISOLATION
SC-30,CONCEALMENT AND MISDIRECTION
SC-31,COVERT CHANNEL ANALYSIS
SC-34,NON-MODIFIABLE EXECUTABLE PROGRAMS
SC-35,HONEYCLIENTS
SC-36,DISTRIBUTED PROCESSING AND STORAGE
SC-37,OUT-OF-BAND CHANNELS
SC-38,OPERATIONS SECURITY
SC-39,PROCESS ISOLATION
SC-4,INFORMATION IN SHARED RESOURCES
SC-41,PORT AND I/O DEVICE ACCESS
SC-43,USAGE RESTRICTIONS
SC-44,DETONATION CHAMBERS
SC-46,CROSS DOMAIN POLICY ENFORCEMENT
SC-7,BOUNDARY PROTECTION
SC-8,TRANSMISSION CONFIDENTIALITY AND INTEGRITY
SI-10,INFORMATION INPUT VALIDATION
SI-12,INFORMATION HANDLING AND RETENTION
SI-15,INFORMATION OUTPUT FILTERING
SI-16,MEMORY PROTECTION
SI-2,FLAW REMEDIATION
SI-23,INFORMATION FRAGMENTATIO
SI-3,MALICIOUS CODE PROTECTION
SI-4,INFORMATION SYSTEM MONITORING
SI-5,"SECURITY ALERTS, ADVISORIES, AND DIRECTIVES"
SI-7,"SOFTWARE, FIRMWARE, AND INFORMATION INTEGRITY"
SI-8,SPAM PROTECTION
SR-11,COMPONENT AUTHENTICITY
SR-4,PROVENANCE
SR-5,"ACQUISITION STRATEGIES, TOOLS, AND METHODS"
SR-6,SUPPLIER ASSESSMENTS AND REVIEWS
AC-1,POLICY AND PROCEDURES
AC-22,PUBLICLY ACCESSIBLE CONTENT
AT-1,POLICY AND PROCEDURES
AT-2,LITERACY TRAINING AND AWARENESS
AT-3,ROLE-BASED TRAINING
AU-1,POLICY AND PROCEDURES
AU-11,AUDIT RECORD RETENTION
AU-12,AUDIT RECORD GENERATION
AU-2,EVENT LOGGING
AU-3,CONTENT OF AUDIT RECORDS
AU-4,AUDIT LOG STORAGE CAPACITY
AU-6,"AUDIT RECORD REVIEW, ANALYSIS, AND REPORTING"
AU-7,AUDIT RECORD REDUCTION AND REPORT GENERATION
AU-9,PROTECTION OF AUDIT INFORMATION
CA-5,PLAN OF ACTION AND MILESTONES
CA-9,INTERNAL SYSTEM CONNECTION
CM-1,POLICY AND PROCEDURES
CM-9,CONFIGURATION MANAGEMENT PLAN
CP-4,CONTINGENCY PLAN TESTING
IR-4,INCIDENT HANDLING
MA-3,MAINTENANCE TOOLS
MA-4,NONLOCAL MAINTENANCE
MP-2,MEDIA ACCESS
PL-8,SECURITY AND PRIVACY ARCHITECTURES
PM-13,SECURITY AND PRIVACY WORKFORCE
PM-5,SYSTEM INVENTORY
PM-7,ENTERPRISE ARCHITECTURE
RA-1,POLICY AND PROCEDURES
RA-2,SECURITY CATEGORIZATION
RA-7,RISK RESPONSE
SR-12,COMPONENT DISPOSAL