control_freak | Families | sc - System and Communications Protection

Inventory

Number	Title	Low
SC-01	Policy and Procedures
SC-02	Separation of System and User Functionality
SC-02(01)	Interfaces for Non-privileged Users
SC-02(02)	Disassociability
SC-03	Security Function Isolation
SC-03(01)	Hardware Separation
SC-03(02)	Access and Flow Control Functions
SC-03(03)	Minimize Nonsecurity Functionality
SC-03(04)	Module Coupling and Cohesiveness
SC-03(05)	Layered Structures
SC-04	Information in Shared System Resources
SC-04(01)	Security Levels	Incorporated into SC-4.
SC-04(02)	Multilevel or Periods Processing
SC-05	Denial-of-service Protection
SC-05(01)	Restrict Ability to Attack Other Systems
SC-05(02)	Capacity, Bandwidth, and Redundancy
SC-05(03)	Detection and Monitoring
SC-06	Resource Availability
SC-07	Boundary Protection
SC-07(01)	Physically Separated Subnetworks	Incorporated into SC-7.
SC-07(02)	Public Access	Incorporated into SC-7.
SC-07(03)	Access Points
SC-07(04)	External Telecommunications Services
SC-07(05)	Deny by Default — Allow by Exception
SC-07(06)	Response to Recognized Failures	Incorporated into SC-7.18.
SC-07(07)	Split Tunneling for Remote Devices
SC-07(08)	Route Traffic to Authenticated Proxy Servers
SC-07(09)	Restrict Threatening Outgoing Communications Traffic
SC-07(10)	Prevent Exfiltration
SC-07(11)	Restrict Incoming Communications Traffic
SC-07(12)	Host-based Protection
SC-07(13)	Isolation of Security Tools, Mechanisms, and Support Components
SC-07(14)	Protect Against Unauthorized Physical Connections
SC-07(15)	Networked Privileged Accesses
SC-07(16)	Prevent Discovery of System Components
SC-07(17)	Automated Enforcement of Protocol Formats
SC-07(18)	Fail Secure
SC-07(19)	Block Communication from Non-organizationally Configured Hosts
SC-07(20)	Dynamic Isolation and Segregation
SC-07(21)	Isolation of System Components
SC-07(22)	Separate Subnets for Connecting to Different Security Domains
SC-07(23)	Disable Sender Feedback on Protocol Validation Failure
SC-07(24)	Personally Identifiable Information
SC-07(25)	Unclassified National Security System Connections
SC-07(26)	Classified National Security System Connections
SC-07(27)	Unclassified Non-national Security System Connections
SC-07(28)	Connections to Public Networks
SC-07(29)	Separate Subnets to Isolate Functions
SC-08	Transmission Confidentiality and Integrity
SC-08(01)	Cryptographic Protection
SC-08(02)	Pre- and Post-transmission Handling
SC-08(03)	Cryptographic Protection for Message Externals
SC-08(04)	Conceal or Randomize Communications
SC-08(05)	Protected Distribution System
SC-09	Transmission Confidentiality	Incorporated into SC-8.
SC-10	Network Disconnect
SC-11	Trusted Path
SC-11(01)	Irrefutable Communications Path
SC-12	Cryptographic Key Establishment and Management
SC-12(01)	Availability
SC-12(02)	Symmetric Keys
SC-12(03)	Asymmetric Keys
SC-12(04)	PKI Certificates	Incorporated into SC-12.3.
SC-12(05)	PKI Certificates / Hardware Tokens	Incorporated into SC-12.3.
SC-12(06)	Physical Control of Keys
SC-13	Cryptographic Protection
SC-13(01)	FIPS-validated Cryptography	Incorporated into SC-13.
SC-13(02)	NSA-approved Cryptography	Incorporated into SC-13.
SC-13(03)	Individuals Without Formal Access Approvals	Incorporated into SC-13.
SC-13(04)	Digital Signatures	Incorporated into SC-13.
SC-14	Public Access Protections	Incorporated into AC-2, AC-3, AC-5, AC-6, SI-3, SI-4, SI-5, SI-7, AND SI-10.
SC-15	Collaborative Computing Devices and Applications
SC-15(01)	Physical or Logical Disconnect
SC-15(02)	Blocking Inbound and Outbound Communications Traffic	Incorporated into SC-7.
SC-15(03)	Disabling and Removal in Secure Work Areas
SC-15(04)	Explicitly Indicate Current Participants
SC-16	Transmission of Security and Privacy Attributes
SC-16(01)	Integrity Verification
SC-16(02)	Anti-spoofing Mechanisms
SC-16(03)	Cryptographic Binding
SC-17	Public Key Infrastructure Certificates
SC-18	Mobile Code
SC-18(01)	Identify Unacceptable Code and Take Corrective Actions
SC-18(02)	Acquisition, Development, and Use
SC-18(03)	Prevent Downloading and Execution
SC-18(04)	Prevent Automatic Execution
SC-18(05)	Allow Execution Only in Confined Environments
SC-19	Voice Over Internet Protocol
SC-20	Secure Name/Address Resolution Service (Authoritative Source)
SC-20(01)	Child Subspaces	Incorporated into SC-20.
SC-20(02)	Data Origin and Integrity
SC-21	Secure Name/Address Resolution Service (Recursive or Caching Resolver)
SC-21(01)	Data Origin and Integrity	Incorporated into SC-21.
SC-22	Architecture and Provisioning for Name/Address Resolution Service
SC-23	Session Authenticity
SC-23(01)	Invalidate Session Identifiers at Logout
SC-23(02)	User-initiated Logouts and Message Displays	Incorporated into AC-12.1.
SC-23(03)	Unique System-generated Session Identifiers
SC-23(04)	Unique Session Identifiers with Randomization	Incorporated into SC-23.3.
SC-23(05)	Allowed Certificate Authorities
SC-24	Fail in Known State
SC-25	Thin Nodes
SC-26	Decoys
SC-26(01)	Detection of Malicious Code	Incorporated into SC-35.
SC-27	Platform-independent Applications
SC-28	Protection of Information at Rest
SC-28(01)	Cryptographic Protection
SC-28(02)	Offline Storage
SC-28(03)	Cryptographic Keys
SC-29	Heterogeneity
SC-29(01)	Virtualization Techniques
SC-30	Concealment and Misdirection
SC-30(01)	Virtualization Techniques	Incorporated into SC-29.1.
SC-30(02)	Randomness
SC-30(03)	Change Processing and Storage Locations
SC-30(04)	Misleading Information
SC-30(05)	Concealment of System Components
SC-31	Covert Channel Analysis
SC-31(01)	Test Covert Channels for Exploitability
SC-31(02)	Maximum Bandwidth
SC-31(03)	Measure Bandwidth in Operational Environments
SC-32	System Partitioning
SC-32(01)	Separate Physical Domains for Privileged Functions
SC-33	Transmission Preparation Integrity	Incorporated into SC-8.
SC-34	Non-modifiable Executable Programs
SC-34(01)	No Writable Storage
SC-34(02)	Integrity Protection on Read-only Media
SC-34(03)	Hardware-based Protection	Moved to SC-51.
SC-35	External Malicious Code Identification
SC-36	Distributed Processing and Storage
SC-36(01)	Polling Techniques
SC-36(02)	Synchronization
SC-37	Out-of-band Channels
SC-37(01)	Ensure Delivery and Transmission
SC-38	Operations Security
SC-39	Process Isolation
SC-39(01)	Hardware Separation
SC-39(02)	Separate Execution Domain Per Thread
SC-40	Wireless Link Protection
SC-40(01)	Electromagnetic Interference
SC-40(02)	Reduce Detection Potential
SC-40(03)	Imitative or Manipulative Communications Deception
SC-40(04)	Signal Parameter Identification
SC-41	Port and I/O Device Access
SC-42	Sensor Capability and Data
SC-42(01)	Reporting to Authorized Individuals or Roles
SC-42(02)	Authorized Use
SC-42(03)	Prohibit Use of Devices	Incorporated into SC-42.
SC-42(04)	Notice of Collection
SC-42(05)	Collection Minimization
SC-43	Usage Restrictions
SC-44	Detonation Chambers
SC-45	System Time Synchronization
SC-45(01)	Synchronization with Authoritative Time Source
SC-45(02)	Secondary Authoritative Time Source
SC-46	Cross Domain Policy Enforcement
SC-47	Alternate Communications Paths
SC-48	Sensor Relocation
SC-48(01)	Dynamic Relocation of Sensors or Monitoring Capabilities
SC-49	Hardware-enforced Separation and Policy Enforcement
SC-50	Software-enforced Separation and Policy Enforcement
SC-51	Hardware-based Protection

SC - System and Communications Protection

Inventory