Phone 202 839-5563 

email sustainable@rightexposure.com

NIST 800-171r1 Resources

Protection of Controlled Unclassified Information

The protection of Controlled Unclassified Information (CUI) resident in nonfederal systems and organizations is of paramount importance to federal agencies and can directly impact the ability of the federal government to successfully conduct its assigned missions and business operations.

This publication provides federal agencies with a set of recommended security requirements for protecting the confidentiality of CUI when such information is resident in nonfederal systems and organizations; when the nonfederal organization is not collecting or maintaining information on behalf of a federal agency or using or operating a system on behalf of an agency; and where there are no specific safeguarding requirements for protecting the confidentiality of CUI prescribed by the authorizing law, regulation, or governmentwide policy for the CUI category or subcategory listed in the CUI Registry.

The security requirements apply to all components of nonfederal systems and organizations that process, store, or transmit CUI, or that provide security protection for such components. The requirements are intended for use by federal agencies in contractual vehicles or other agreements established between those agencies and nonfederal organizations.

Download here 800-171r1 PDF

About Controlled Unclassified Information (CUI)

controlled unclassified informaiton

Controlled Unclassified Information (CUI) is information that requires safeguarding or dissemination controls pursuant to and consistent with applicable law, regulations, and government-wide policies but is not classified under Executive Order 13526 or the Atomic Energy Act, as amended.

Executive Order 13556 “Controlled Unclassified Information” (the Order), establishes a program for managing CUI across the Executive branch and designates the National Archives and Records Administration (NARA) as Executive Agent to implement the Order and oversee agency actions to ensure compliance. The Archivist of the United States delegated these responsibilities to the Information Security Oversight Office (ISOO).

32 CFR Part 2002 “Controlled Unclassified Information” was issued by ISOO to establish policy for agencies on designating, safeguarding, disseminating, marking, decontrolling, and disposing of CUI, self-inspection and oversight requirements, and other facets of the Program. The rule affects Federal executive branch agencies that handle CUI and all organizations (sources) that handle, possess, use, share, or receive CUI—or which operate, use, or have access to Federal information and information systems on behalf of an agency.

Mapping

Function - SubcategoryCUI RequirementCUI Requirement Description 
Identify ID.AM-13.4.1Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles.
Identify ID.AM-23.4.1Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles.
Identify ID.AM-33.1.3Control the flow of CUI in accordance with approved authorizations.
Identify ID.AM-33.13.1Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems.
Identify ID.AM-43.1.20Verify and control/limit connections to and use of external systems.
Identify ID.AM-43.1.21Limit use of organizational portable storage devices on external systems.
Identify ID.AM-5No mapping; see Mapping Disclaimer.
Identify ID.AM-6No mapping; see Mapping Disclaimer.
Identify ID.BE-1No mapping; see Mapping Disclaimer.
Identify ID.BE-2No mapping; see Mapping Disclaimer.
Identify ID.BE-3No mapping; see Mapping Disclaimer.
Identify ID.BE-4No mapping; see Mapping Disclaimer.
Identify ID.BE-5No mapping; see Mapping Disclaimer.
Identify ID.GV-1No mapping; see Mapping Disclaimer.
Identify ID.GV-2No mapping; see Mapping Disclaimer.
Identify ID.GV-3No mapping; see Mapping Disclaimer.
Identify ID.GV-4No mapping; see Mapping Disclaimer.
Idenify ID.RA-13.11.1Periodically assess the risk to organizational operations (including mission, functions, image, or reputation), organizational assets, and individuals, resulting from the operation of organizational systems and the associated processing, storage, or transmission of CUI.
Idenify ID.RA-13.11.2Scan for vulnerabilities in organizational systems and applications periodically and when new vulnerabilities affecting the system are identified.
Idenify ID.RA-13.12.1Periodically assess the security controls in organizational systems to determine if the controls are effective in their application.
Idenify ID.RA-13.12.3Monitor security controls on an ongoing basis to ensure the continued effectiveness of the controls.
Idenify ID.RA-13.14.1Identify, report, and correct information and system flaws in a timely manner.
Idenify ID.RA-13.14.3Monitor system security alerts and advisories and take actions in response.
Idenify ID.RA-13.14.6Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks.
Idenify ID.RA-13.14.7Identify unauthorized use of organizational systems.
Idenify ID.RA-23.14.1Identify, report, and correct information and system flaws in a timely manner.
Idenify ID.RA-23.14.3Monitor system security alerts and advisories and take actions in response.
Idenify ID.RA-33.11.1Periodically assess the risk to organizational operations (including mission, functions, image, or reputation), organizational assets, and individuals, resulting from the operation of organizational systems and the associated processing, storage, or transmission of CUI.
Idenify ID.RA-33.14.1Identify, report, and correct information and system flaws in a timely manner.
Idenify ID.RA-33.14.3Monitor system security alerts and advisories and take actions in response.
Idenify ID.RA-43.11.1Periodically assess the risk to organizational operations (including mission, functions, image, or reputation), organizational assets, and individuals, resulting from the operation of organizational systems and the associated processing, storage, or transmission of CUI.
Idenify ID.RA-53.11.1Periodically assess the risk to organizational operations (including mission, functions, image, or reputation), organizational assets, and individuals, resulting from the operation of organizational systems and the associated processing, storage, or transmission of CUI.
Idenify ID.RA-6No mapping; see Mapping Disclaimer.
Identify ID.RM-1No mapping; see Mapping Disclaimer.
Identify ID.RM-2No mapping; see Mapping Disclaimer.
Identify ID.RM-3No mapping; see Mapping Disclaimer.
Protect PR.AC-13.5.1Identify system users, processes acting on behalf of users, and devices.
Protect PR.AC-13.5.2Authenticate (or verify) the identities of those users, processes, or devices, as a prerequisite to allowing access to organizational systems.
Protect PR.AC-13.5.5Prevent reuse of identifiers for a defined period.
Protect PR.AC-13.5.6Disable identifiers after a defined period of inactivity.
Protect PR.AC-13.5.7Enforce a minimum password complexity and change of characters when new passwords are created.
Protect PR.AC-13.5.8Prohibit password reuse for a specified number of generations.
Protect PR.AC-13.5.9Allow temporary password use for system logons with an immediate change to a permanent password.
Protect PR.AC-13.5.10Store and transmit only cryptographically-protected passwords.
Protect PR.AC-13.5.11Obscure feedback of authentication information.
Protect PR.AC-23.10.1Limit physical access to organizational systems, equipment, and the respective operating environments to authorized individuals.
Protect PR.AC-23.10.2Protect and monitor the physical facility and support infrastructure for organizational systems.
Protect PR.AC-23.10.3Escort visitors and monitor visitor activity.
Protect PR.AC-23.10.4Maintain audit logs of physical access.
Protect PR.AC-23.10.5Control and manage physical access devices.
Protect PR.AC-33.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems).
Protect PR.AC-33.1.2Limit system access to the types of transactions and functions that authorized users are permitted to execute.
Protect PR.AC-33.1.14Route remote access via managed access control points.
Protect PR.AC-33.1.15Authorize remote execution of privileged commands and remote access to security-relevant information.
Protect PR.AC-33.1.18Control connection of mobile devices.
Protect PR.AC-33.1.20Verify and control/limit connections to and use of external systems.
Protect PR.AC-33.13.9Terminate network connections associated with communications sessions at the end of the sessions or after a defined period of inactivity.
Protect PR.AC-33.13.12Prohibit remote activation of collaborative computing devices and provide indication of devices in use to users present at the device.
Protect PR.AC-43.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems).
Protect PR.AC-43.1.2Limit system access to the types of transactions and functions that authorized users are permitted to execute.
Protect PR.AC-43.1.4Separate the duties of individuals to reduce the risk of malevolent activity without collusion.
Protect PR.AC-43.1.5Employ the principle of least privilege, including for specific security functions and privileged accounts.
Protect PR.AC-43.1.6Use non-privileged accounts or roles when accessing nonsecurity functions.
Protect PR.AC-43.1.7Prevent non-privileged users from executing privileged functions and audit the execution of such functions.
Protect PR.AC-43.1.8Limit unsuccessful logon attempts.
Protect PR.AC-43.1.10Use session lock with pattern-hiding displays to prevent access and viewing of data after period of inactivity.
Protect PR.AC-43.1.11Terminate (automatically) a user session after a defined condition.
Protect PR.AC-43.5.3Use multifactor authentication for local and network access to privileged accounts and for network access to non-privileged accounts.
Protect PR.AC-43.5.4Employ replay-resistant authentication mechanisms for network access to privileged and non-privileged accounts.
Protect PR.AC-43.13.3Separate user functionality from system management functionality.
Protect PR.AC-43.13.4Prevent unauthorized and unintended information transfer via shared system resources.
Protect PR.AC-53.1.3Control the flow of CUI in accordance with approved authorizations.
Protect PR.AC-53.13.1Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems.
Protect PR.AC-53.13.2Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems.
Protect PR.AC-53.13.5Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks.
Protect PR.AC-53.13.6Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception).
Protect PR.AC-53.13.7Prevent remote devices from simultaneously establishing non-remote connections with organizational systems and communicating via some other connection to resources in external networks. (i.e. split tunneling).
Protect PR.AT-13.2.1Ensure that managers, systems administrators, and users of organizational systems are made aware of the security risks associated with their activities and of the applicable policies, standards, and procedures related to the security of those systems.
Protect PR.AT-13.2.2Ensure that organizational personnel are adequately trained to carry out their assigned information security-related duties and responsibilities.
Protect PR.AT-13.2.3Provide security awareness training on recognizing and reporting potential indicators of insider threat.
Protect PR.AT-23.2.1Ensure that managers, systems administrators, and users of organizational systems are made aware of the security risks associated with their activities and of the applicable policies, standards, and procedures related to the security of those systems.
Protect PR.AT-23.2.2Ensure that organizational personnel are adequately trained to carry out their assigned information security-related duties and responsibilities.
Protect PR.AT-3No mapping; see Mapping Disclaimer.
Protect PR.AT-43.2.1Ensure that managers, systems administrators, and users of organizational systems are made aware of the security risks associated with their activities and of the applicable policies, standards, and procedures related to the security of those systems.
Protect PR.AT-43.2.2Ensure that organizational personnel are adequately trained to carry out their assigned information security-related duties and responsibilities.
Protect PR.AT-53.2.1Ensure that managers, systems administrators, and users of organizational systems are made aware of the security risks associated with their activities and of the applicable policies, standards, and procedures related to the security of those systems.
Protect PR.AT-53.2.2Ensure that organizational personnel are adequately trained to carry out their assigned information security-related duties and responsibilities.
Protect PR.DS-13.1.19Encrypt CUI on mobile devices and mobile computing platforms.
Protect PR.DS-13.8.1Protect (i.e., physically control and securely store) system media containing CUI, both paper and digital.
Protect PR.DS-13.8.9Protect the confidentiality of backup CUI at storage locations.
Protect PR.DS-13.13.10Establish and manage cryptographic keys for cryptography employed in organizational systems.
Protect PR.DS-13.13.16Protect the confidentiality of CUI at rest.
Protect PR.DS-23.1.13Employ cryptographic mechanisms to protect the confidentiality of remote access sessions.
Protect PR.DS-23.1.17Protect wireless access using authentication and encryption.
Protect PR.DS-23.8.5Control access to media containing CUI and maintain accountability for media during transport outside of controlled areas.
Protect PR.DS-23.13.8Implement cryptographic mechanisms to prevent unauthorized disclosure of CUI during transmission unless otherwise protected by alternative physical safeguards.
Protect PR.DS-23.13.10Establish and manage cryptographic keys for cryptography employed in organizational systems.
Protect PR.DS-33.4.1Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles.
Protect PR.DS-33.8.1Protect (i.e., physically control and securely store) system media containing CUI, both paper and digital.
Protect PR.DS-33.8.2Limit access to CUI on system media to authorized users.
Protect PR.DS-33.8.3Sanitize or destroy system media containing CUI before disposal or release for reuse.
Protect PR.DS-33.8.5Control access to media containing CUI and maintain accountability for media during transport outside of controlled areas.
Protect PR.DS-4No mapping; see Mapping Disclaimer.
Protect PR.DS-53.1.4Separate the duties of individuals to reduce the risk of malevolent activity without collusion.
Protect PR.DS-53.1.13Employ cryptographic mechanisms to protect the confidentiality of remote access sessions.
Protect PR.DS-53.2.3Provide security awareness training on recognizing and reporting potential indicators of insider threat.
Protect PR.DS-53.9.2Ensure that CUI and organizational systems containing CUI are protected during and after personnel actions such as terminations and transfers.
Protect PR.DS-53.13.1Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems.
Protect PR.DS-53.13.5Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks.
Protect PR.DS-53.13.6Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception).
Protect PR.DS-53.13.7Prevent remote devices from simultaneously establishing non-remote connections with organizational systems and communicating via some other connection to resources in external networks. (i.e. split tunneling).
Protect PR.DS-53.13.8Implement cryptographic mechanisms to prevent unauthorized disclosure of CUI during transmission unless otherwise protected by alternative physical safeguards.
Protect PR.DS-53.13.11Employ FIPS-validated cryptography when used to protect the confidentiality of CUI.
Protect PR.DS-53.13.16Protect the confidentiality of CUI at rest.
Protect PR.DS-53.14.6Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks.
Protect PR.DS-6No mapping; see Mapping Disclaimer.
Protect PR.DS-7No mapping; see Mapping Disclaimer.
Protect PR.IP-13.4.1Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles.
Protect PR.IP-13.4.2Establish and enforce security configuration settings for information technology products employed in organizational systems.
Protect PR.IP-13.4.6Employ the principle of least functionality by configuring organizational systems to provide only essential capabilities.
Protect PR.IP-13.4.7Restrict, disable, and prevent the use of nonessential, functions, ports, protocols, or services.
Protect PR.IP-13.4.8Apply deny-by-exception (blacklist) policy to prevent the use of unauthorized software or deny- all, permit-by-exception (whitelisting) policy to allow the execution of authorized software.
Protect PR.IP-2No mapping; see Mapping Disclaimer.
Protect PR.IP-33.4.3Track, review, approve or disapprove, and audit changes to organizational systems.
Protect PR.IP-33.4.4Analyze the security impact of changes prior to implementation.
Protect PR.IP-33.4.5Define, document, approve, and enforce physical and logical access restrictions associated with changes to organizational system.
Protect PR.IP-3No mapping; see Mapping Disclaimer.
Protect PR.IP-4No mapping; see Mapping Disclaimer.
Protect PR.IP-53.8.3Sanitize or destroy system media containing CUI before disposal or release for reuse.
Protect PR.IP-6No mapping; see Mapping Disclaimer.
Protect PR.IP-7No mapping; see Mapping Disclaimer.
Protect PR.IP-83.6.1Establish an operational incident-handling capability for organizational systems that includes preparation, detection, analysis, containment, recovery, and user response activities.
Protect PR.IP-93.6.2Track, document, and report incidents to appropriate organizational officials and/or authorities.
Protect PR.IP-93.6.3Test the organizational incident response capability.
Protect PR.IP-113.9.1Screen individuals prior to authorizing access to organizational systems containing CUI.
Protect PR.IP-113.9.2Ensure that CUI and organizational systems containing CUI are protected during and after personnel actions such as terminations and transfers.
Protect PR.IP-123.11.2Scan for vulnerabilities in organizational systems and applications periodically and when new vulnerabilities affecting the system are identified.
Protect PR.IP-123.11.3Remediate vulnerabilities in accordance with assessments of risk.
Protect PR.IP-123.12.2Develop and implement plans of action designed to correct deficiencies and reduce or eliminate vulnerabilities in organizational systems.
Protect PR.IP-123.12.3Monitor security controls on an ongoing basis to ensure the continued effectiveness of the controls.
Protect PR.IP-123.14.1Identify, report, and correct system flaws in a timely manner.
Protect PR.IP-123.14.2Provide protection from malicious code at appropriate locations within organizational systems.
Protect PR.IP-123.14.3Monitor system security alerts and advisories and take actions in response.
Protect PR.MA-13.7.1Perform maintenance on organizational systems.
Protect PR.MA-13.7.2Provide controls on the tools, techniques, mechanisms, and personnel used to conduct system maintenance.
Protect PR.MA-13.7.3Ensure equipment removed for off-site maintenance is sanitized of any CUI.
Protect PR.MA-13.7.4Check media containing diagnostic and test programs for malicious code before the media are used in organizational systems.
Protect PR.MA-13.7.6Supervise the maintenance activities of maintenance personnel without required access authorization.
Protect PR.MA-23.7.5Require multifactor authentication to establish nonlocal maintenance sessions via external network connections and terminate such connections when nonlocal maintenance is complete.
Protect PR.PT-13.3.1Create and retain system audit records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful, unauthorized, or inappropriate system activity.
Protect PR.PT-13.3.2Ensure that the actions of individual system users can be uniquely traced to those users so they can be held accountable for their actions.
Protect PR.PT-13.3.3Review and update audited events.
Protect PR.PT-13.3.4Alert in the event of an audit process failure.
Protect PR.PT-13.3.5Correlate audit review, analysis, and reporting processes for investigation and response to indications of inappropriate, suspicious, or unusual activity.
Protect PR.PT-13.3.6Provide audit reduction and report generation to support on-demand analysis and reporting.
Protect PR.PT-13.3.7Provide a system capability that compares and synchronizes internal system clocks with an authoritative source to generate time stamps for audit records.
Protect PR.PT-13.3.8Protect audit information and audit tools from unauthorized access, modification, and deletion.
Protect PR.PT-13.3.9Limit management of audit functionality to a subset of privileged users.
Protect PR.PT-23.8.1Protect (i.e., physically control and securely store) system media containing CUI, both paper and digital.
Protect PR.PT-23.8.2Limit access to CUI on system media to authorized users.
Protect PR.PT-23.8.3Sanitize or destroy system media containing CUI before disposal or release for reuse.
Protect PR.PT-23.8.4Mark media with necessary CUI markings and distribution limitations.
Protect PR.PT-23.8.5Control access to media containing CUI and maintain accountability for media during transport outside of controlled areas.
Protect PR.PT-23.8.6Implement cryptographic mechanisms to protect the confidentiality of CUI stored on digital media during transport outside of controlled areas unless otherwise protected by alternative physical safeguards.
Protect PR.PT-23.8.7Control the use of removable media on system components.
Protect PR.PT-23.8.8Prohibit the use of portable storage devices when such devices have no identifiable owner.
Protect PR.PT-33.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems).
Protect PR.PT-33.1.2Limit system access to the types of transactions and functions that authorized users are permitted to execute.
Protect PR.PT-33.4.6Employ the principle of least functionality by configuring organizational systems to provide only essential capabilities.
Protect PR.PT-33.4.7Restrict, disable, and prevent the use of nonessential, functions, ports, protocols, or services.
Protect PR.PT-33.4.8Apply deny-by-exception (blacklist) policy to prevent the use of unauthorized software or deny- all, permit-by-exception (whitelisting) policy to allow the execution of authorized software.
Protect PR.PT-43.1.16Authorize wireless access prior to allowing such connections.
Protect PR.PT-43.1.17Protect wireless access using authentication and encryption.
Protect PR.PT-43.13.1Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems.
Protect PR.PT-43.13.2Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems.
Protect PR.PT-43.13.5Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks.
Protect PR.PT-43.13.6Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception).
Protect PR.PT-43.13.7Prevent remote devices from simultaneously establishing non-remote connections with organizational systems and communicating via some other connection to resources in external networks. (i.e. split tunneling).
Protect PR.PT-43.13.15Protect the authenticity of communications sessions.
Detect DE.AE-1No mapping; see Mapping Disclaimer.
Detect DE.AE-23.3.1Create and retain system audit records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful, unauthorized, or inappropriate system activity.
Detect DE.AE-23.3.2Ensure that the actions of individual system users can be uniquely traced to those users so they can be held accountable for their actions.
Detect DE.AE-23.3.5Correlate audit review, analysis, and reporting processes for investigation and response to indications of inappropriate, suspicious, or unusual activity.
Detect DE.AE-23.6.1Establish an operational incident-handling capability for organizational systems that includes preparation, detection, analysis, containment, recovery, and user response activities.
Detect DE.AE-23.14.6Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks.
Detect DE.AE-23.14.7Identify unauthorized use of organizational systems.
Detect DE.AE-33.3.5Correlate audit review, analysis, and reporting processes for investigation and response to indications of inappropriate, suspicious, or unusual activity.
Detect DE.AE-43.11.1Periodically assess the risk to organizational operations (including mission, functions, image, or reputation), organizational assets, and individuals, resulting from the operation of organizational systems and the associated processing, storage, or transmission of CUI.
Detect DE.AE-53.6.1Establish an operational incident-handling capability for organizational systems that includes adequate preparation, detection, analysis, containment, recovery, and user response activities.
Detect DE.AE-53.6.2Track, document, and report incidents to appropriate organizational officials and/or authorities.
Detect DE.CM-13.13.1Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems.
Detect DE.CM-13.14.6Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks.
Detect DE.CM-13.14.7Identify unauthorized use of organizational systems.
Detect DE.CM-23.10.2Protect and monitor the physical facility and support infrastructure for organizational systems.
Detect DE.CM-23.10.3Escort visitors and monitor visitor activity.
Detect DE.CM-33.1.12Monitor and control remote access sessions.
Detect DE.CM-33.3.1Create, protect, and retain system audit records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful, unauthorized, or inappropriate system activity.
Detect DE.CM-33.3.2Ensure that the actions of individual system users can be uniquely traced to those users so they can be held accountable for their actions.
Detect DE.CM-33.4.9Control and monitor user-installed software.
Detect DE.CM-43.14.1Identify, report, and correct system flaws in a timely manner.
Detect DE.CM-43.14.2Provide protection from malicious code at appropriate locations within organizational systems.
Detect DE.CM-43.14.3Monitor system security alerts and advisories and take actions in response.
Detect DE.CM-43.14.4Update malicious code protection mechanisms when new releases are available.
Detect DE.CM-43.14.5Perform periodic scans of organizational systems and real-time scans of files from external sources as files are downloaded, opened, or executed.
Detect DE.CM-53.13.13Control and monitor the use of mobile code.
Detect DE.CM-63.14.6Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks.
Detect DE.CM-63.14.7Identify unauthorized use of organizational systems.
Detect DE.CM-73.1.12Monitor and control remote access sessions.
Detect DE.CM-73.3.1Create, protect, and retain system audit records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful, unauthorized, or inappropriate system activity.
Detect DE.CM-73.10.2Protect and monitor the physical facility and support infrastructure for organizational systems.
Detect DE.CM-73.10.3Escort visitors and monitor visitor activity.
Detect DE.CM-73.14.6Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks.
Detect DE.CM-73.14.7Identify unauthorized use of organizational systems.
Detect DE.CM-83.11.2Scan for vulnerabilities in organizational systems and applications periodically and when new vulnerabilities affecting the system are identified.
Detect DE.DP-1No mapping; see Mapping Disclaimer.
Detect DE.DP-23.12.1Periodically assess the security controls in organizational systems to determine if the controls are effective in their application.
Detect DE.DP-23.12.3Monitor security controls on an ongoing basis to ensure the continued effectiveness of the controls.
Detect DE.DP-23.14.6Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks.
Detect DE.DP-23.14.7Identify unauthorized use of organizational systems.
Detect DE.DP-33.10.4Maintain audit logs of physical access.
Detect DE.DP-33.12.1Periodically assess the security controls in organizational systems to determine if the controls are effective in their application.
Detect DE.DP-33.12.3Monitor security controls on an ongoing basis to ensure the continued effectiveness of the controls.
Detect DE.DP-4No mapping; see Mapping Disclaimer.
Detect DE.DP-5No mapping; see Mapping Disclaimer.
Respond RS.RP-13.6.2Track, document, and report incidents to appropriate organizational officials and/or authorities.
Respond RS.CO-13.6.3Test the organizational incident response capability.
Respond RS.CO-23.6.2Track, document, and report incidents to appropriate organizational officials and/or authorities.
Respond RS.CO-3No mapping; see Mapping Disclaimer.
Respond RS.CO-43.6.1Establish an operational incident-handling capability for organizational systems that includes adequate preparation, detection, analysis, containment, recovery, and user response activities.
Respond RS.CO-5No mapping; see Mapping Disclaimer.
Rspond RS.AN-13.3.5Correlate audit review, analysis, and reporting processes for investigation and response to indications of inappropriate, suspicious, or unusual activity.
Rspond RS.AN-13.6.1Establish an operational incident-handling capability for organizational systems that includes adequate preparation, detection, analysis, containment, recovery, and user response activities.
Rspond RS.AN-13.6.2Track, document, and report incidents to appropriate organizational officials and/or authorities.
Rspond RS.AN-23.11.1Periodically assess the risk to organizational operations (including mission, functions, image, or reputation), organizational assets, and individuals, resulting from the operation of organizational systems and the associated processing, storage, or transmission of CUI.
Rspond RS.AN-3No mapping; see Mapping Disclaimer.
Rspond RS.AN-43.6.1Establish an operational incident-handling capability for organizational systems that includes adequate preparation, detection, analysis, containment, recovery, and user response activities.
Rspond RS.AN-43.6.2Track, document, and report incidents to appropriate organizational officials and/or authorities.
Respond RS.MI-13.6.1Establish an operational incident-handling capability for organizational systems that includes adequate preparation, detection, analysis, containment, recovery, and user response activities.
Respond RS.MI-13.6.2Track, document, and report incidents to appropriate organizational officials and/or authorities.
Respond RS.MI-23.6.1Establish an operational incident-handling capability for organizational systems that includes adequate preparation, detection, analysis, containment, recovery, and user response activities.
Respond RS.MI-23.6.2Track, document, and report incidents to appropriate organizational officials and/or authorities.
Respond RS.MI-33.11.1Periodically assess the risk to organizational operations (including mission, functions, image, or reputation), organizational assets, and individuals, resulting from the operation of organizational systems and the associated processing, storage, or transmission of CUI.
Respond RS.MI-33.11.2Scan for vulnerabilities in organizational systems and applications periodically and when new vulnerabilities affecting the system are identified.
Respond RS.MI-33.11.3Remediate vulnerabilities in accordance with assessments of risk.
Respond RS.MI-33.12.2Develop and implement plans of action designed to correct deficiencies and reduce or eliminate vulnerabilities in organizational systems.
Respond RS.MI-33.12.4Develop, document, and periodically update system security plans that describe system boundaries, system environments of operation, how security requirements are implemented, and the relationships with or connections to other systems.
Respond RS.MI-33.14.1Identify, report, and correct information and system flaws in a timely manner.
Respond RS.IM-13.6.1Establish an operational incident-handling capability for organizational systems that includes adequate preparation, detection, analysis, containment, recovery, and user response activities.
Respond RS.IM-13.6.2Track, document, and report incidents to appropriate organizational officials and/or authorities.
Respond RS.IM-23.6.2Track, document, and report incidents to appropriate organizational officials and/or authorities.
Recover RC.RP-13.6.1Establish an operational incident-handling capability for organizational systems that includes adequate preparation, detection, analysis, containment, recovery, and user response activities.
Recover RC.RP-13.6.2Track, document, and report incidents to appropriate organizational officials and/or authorities.
Recover RC.RP-13.6.1Establish an operational incident-handling capability for organizational systems that includes adequate preparation, detection, analysis, containment, recovery, and user response activities.
Recover RC.RP-13.6.2Track, document, and report incidents to appropriate organizational officials and/or authorities.
Recover RC.RP-23.6.1Establish an operational incident-handling capability for organizational systems that includes adequate preparation, detection, analysis, containment, recovery, and user response activities.
Recover RC.RP-23.6.2Track, document, and report incidents to appropriate organizational officials and/or authorities.
Recover RC.CO-1No mapping; see Mapping Disclaimer.
Recover RC.CO-2No mapping; see Mapping Disclaimer.
Recover RC.CO-33.6.1Establish an operational incident-handling capability for organizational systems that includes adequate preparation, detection, analysis, containment, recovery, and user response activities.
Recover RC.CO-33.6.2Track, document, and report incidents to appropriate organizational officials and/or authorities.

contact us

We look forward to connecting!