800-53r2 800-53r3 Comparison

REV 2 CNTL NO	REV 3 CNTL NO	REV 2 CONTROL NAME	REV 3 CONTROL NAME	PRIORITY	CONTROL BASELINES						STATUS
REV 2 CNTL NO	REV 3 CNTL NO	REV 2 CONTROL NAME	REV 3 CONTROL NAME	PRIORITY	REV 2 LOW	REV 3 LOW	REV 2 MOD	REV 3 MOD	REV 2 HIGH	REV 3 HIGH	STATUS
Access Control
AC-1	AC-1	Access Control Policy and Procedures	Access Control Policy and Procedures	P1	AC-1	AC-1	AC-1	AC-1	AC-1	AC-1
AC-2	AC-2	Account Management	Account Management	P1	AC-2	AC-2	AC-2 (1) (2) (3) (4)	AC-2 (1) (2) (3) (4)	AC-2 (1) (2) (3) (4)	AC-2 (1) (2) (3) (4)
AC-3	AC-3	Access Enforcement	Access Enforcement	P1	AC-3	AC-3	AC-3 (1)	AC-3	AC-3 (1)	AC-3
AC-4	AC-4	Information Flow Enforcement	Information Flow Enforcement	P1	Not Selected	Not Selected	AC-4	AC-4	AC-4	AC-4
AC-5	AC-5	Separation of Duties	Separation of Duties	P1	Not Selected	Not Selected	AC-5	AC-5	AC-5	AC-5
AC-6	AC-6	Least Privilege	Least Privilege	P1	Not Selected	Not Selected	AC-6	AC-6 (1) (2)	AC-6	AC-6 (1) (2)
AC-7	AC-7	Unsuccessful Login Attempts	Unsuccessful Login Attempts	P2	AC-7	AC-7	AC-7	AC-7	AC-7	AC-7
AC-8	AC-8	System Use Notification	System Use Notification	P1	AC-8	AC-8	AC-8	AC-8	AC-8	AC-8
AC-9	AC-9	Previous Logon Notification	Previous Logon (Access) Notification	P0	Not Selected	Not Selected	Not Selected	Not Selected	Not Selected	Not Selected
AC-10	AC-10	Concurrent Session Control	Concurrent Session Control	P2	Not Selected	Not Selected	Not Selected	Not Selected	AC-10	AC-10
AC-11	AC-11	Session Lock	Session Lock	P3	Not Selected	Not Selected	AC-11	AC-11	AC-11	AC-11
AC-12	AC-12	Session Termination	Session Termination (Withdrawn)	---	Not Selected	---	AC-12	---	AC-12 (1)	---	Withdrawn
AC-13	AC-13	Supervision and Review-Access Control	Supervision and Review-Access Control (Withdrawn)	---	AC-13	---	AC-13 (1)	---	AC-13 (1)	---	Withdrawn
AC-14	AC-14	Permitted Actions without Identification or Authentication	Permitted Actions without Identification or Authentication	P1	AC-14	AC-14	AC-14 (1)	AC-14 (1)	AC-14 (1)	AC-14 (1)
AC-15	AC-15	Automated Marking	Automated Marking (Withdrawn)	---	Not Selected	---	Not Selected	---	AC-15	---	Withdrawn
AC-16	AC-16	Automated Labeling	Security Attributes	P0	Not Selected	Not Selected	Not Selected	Not Selected	Not Selected	Not Selected
AC-17	AC-17	Remote Access	Remote Access	P1	AC-17	AC-17	AC-17 (1) (2) (3) (4)	AC-17 (1) (2) (3) (4) (5) (7) (8)	AC-17 (1) (2) (3) (4)	AC-17 (1) (2) (3) (4) (5) (7) (8)
AC-18	AC-18	Wireless Access Restrictions	Wireless Access	P1	AC-18	AC-18	AC-18 (1)	AC-18 (1)	AC-18 (1) (2)	AC-18 (1) (2) (4) (5)
AC-19	AC-19	Access Control for Portable and Mobile Devices	Access Control for Mobile Devices	P1	Not Selected	AC-19	AC-19	AC-19 (1) (2) (3)	AC-19	AC-19 (1) (2) (3)
AC-20	AC-20	Use of External Information Systems	Use of External Information Systems	P1	AC-20	AC-20	AC-20 (1)	AC-20 (1) (2)	AC-20 (1)	AC-20 (1) (2)
	AC-21		User-Based Collaboration and Information Sharing	P0		Not Selected		Not Selected		Not Selected	New
	AC-22		Publicly Accessible Content	P2		AC-22		AC-22		AC-22	New
Awareness and Training
AT-1	AT-1	Security Awareness and Training Policy and Procedures	Security Awareness and Training Policy and Procedures	P1	AT-1	AT-1	AT-1	AT-1	AT-1	AT-1
AT-2	AT-2	Security Awareness	Security Awareness	P1	AT-2	AT-2	AT-2	AT-2	AT-2	AT-2
AT-3	AT-3	Security Training	Security Training	P1	AT-3	AT-3	AT-3	AT-3	AT-3	AT-3
AT-4	AT-4	Security Training Records	Security Training Records	P3	AT-4	AT-4	AT-4	AT-4	AT-4	AT-4
AT-5	AT-5	Contacts with Security Groups and Associations	Contacts with Security Groups and Associations	P0	Not Selected	Not Selected	Not Selected	Not Selected	Not Selected	Not Selected
Audit and Accountability
AU-1	AU-1	Audit and Accountability Policy and Procedures	Audit and Accountability Policy and Procedures	P1	AU-1	AU-1	AU-1	AU-1	AU-1	AU-1
AU-2	AU-2	Auditable Events	Auditable Events	P1	AU-2	AU-2	AU-2 (3)	AU-2 (3) (4)	AU-2 (1) (2) (3)	AU-2 (3) (4)
AU-3	AU-3	Content of Audit Records	Content of Audit Records	P1	AU-3	AU-3	AU-3 (1)	AU-3 (1)	AU-3 (1) (2)	AU-3 (1) (2)
AU-4	AU-4	Audit Storage Capacity	Audit Storage Capacity	P1	AU-4	AU-4	AU-4	AU-4	AU-4	AU-4
AU-5	AU-5	Response to Audit Processing Failures	Response to Audit Processing Failures	P1	AU-5	AU-5	AU-5	AU-5	AU-5 (1) (2)	AU-5 (1) (2)
AU-6	AU-6	Audit Monitoring, Analysis, and Reporting	Audit Review, Analysis, and Reporting	P1	Not Selected	AU-6	AU-6 (2)	AU-6	AU-6 (1) (2)	AU-6 (1)
AU-7	AU-7	Audit Reduction and Report Generation	Audit Reduction and Report Generation	P2	Not Selected	Not Selected	AU-7 (1)	AU-7 (1)	AU-7 (1)	AU-7 (1)
AU-8	AU-8	Time Stamps	Time Stamps	P1	AU-8	AU-8	AU-8 (1)	AU-8 (1)	AU-8 (1)	AU-8 (1)
AU-9	AU-9	Protection of Audit Information	Protection of Audit Information	P1	AU-9	AU-9	AU-9	AU-9	AU-9	AU-9
AU-10	AU-10	Non-repudiation	Non-repudiation	P1	Not Selected	Not Selected	Not Selected	Not Selected	Not Selected	AU-10
AU-11	AU-11	Audit Record Retention	Audit Record Retention	P3	AU-11	AU-11	AU-11	AU-11	AU-11	AU-11
	AU-12		Audit Generation	P1		AU-12		AU-12		AU-12 (1)	New
	AU-13		Monitoring for Information Disclosure	P0		Not Selected		Not Selected		Not Selected	New
	AU-14		Session Audit	P0		Not Selected		Not Selected		Not Selected	New
Certification, Accreditation, and Security Assessments / Security Assessment and Authorization
CA-1	CA-1	Certification, Accreditation, and Security Assessment Policies and Procedures	Security Assessment and Authorization Policies and Procedures	P1	CA-1	CA-1	CA-1	CA-1	CA-1	CA-1
CA-2	CA-2	Security Assessments	Security Assessments	P2	CA-2	CA-2	CA-2	CA-2 (1)	CA-2	CA-2 (1) (2)
CA-3	CA-3	Information System Connections	Information System Connections	P1	CA-3	CA-3	CA-3	CA-3	CA-3	CA-3
CA-4	CA-4	Security Certification	Security Certification (Withdrawn)	---	CA-4	---	CA-4 (1)	---	CA-4 (1)	---	Withdrawn
CA-5	CA-5	Plan of Action and Milestones	Plan of Action and Milestones	P3	CA-5	CA-5	CA-5	CA-5	CA-5	CA-5
CA-6	CA-6	Security Accreditation	Security Authorization	P3	CA-6	CA-6	CA-6	CA-6	CA-6	CA-6
CA-7	CA-7	Continuous Monitoring	Continuous Monitoring	P3	CA-7	CA-7	CA-7	CA-7	CA-7	CA-7
Configuration Management
CM-1	CM-1	Configuration Management Policy and Procedures	Configuration Management Policy and Procedures	P1	CM-1	CM-1	CM-1	CM-1	CM-1	CM-1
CM-2	CM-2	Baseline Configuration	Baseline Configuration	P1	CM-2	CM-2	CM-2 (1)	CM-2 (1) (3) (4)	CM-2 (1) (2)	CM-2 (1) (2) (3) (5) (6)
CM-3	CM-3	Configuration Change Control	Configuration Change Control	P1	Not Selected	Not Selected	CM-3	CM-3 (2)	CM-3 (1)	CM-3 (1) (2)
CM-4	CM-4	Monitoring Configuration Changes	Security Impact Analysis	P2	Not Selected	CM-4	CM-4	CM-4	CM-4	CM-4 (1)
CM-5	CM-5	Access Restrictions for Change	Access Restrictions for Change	P1	Not Selected	Not Selected	CM-5	CM-5	CM-5 (1)	CM-5 (1) (2) (3)
CM-6	CM-6	Configuration Settings	Configuration Settings	P1	CM-6	CM-6	CM-6	CM-6 (3)	CM-6 (1)	CM-6 (1) (2) (3)
CM-7	CM-7	Least Functionality	Least Functionality	P1	Not Selected	CM-7	CM-7	CM-7 (1)	CM-7 (1)	CM-7 (1) (2)
CM-8	CM-8	Information System Component Inventory	Information System Component Inventory	P1	CM-8	CM-8	CM-8 (1)	CM-8 (1) (5)	CM-8 (1) (2)	CM-8 (1) (2) (3) (4) (5)
	CM-9		Configuration Management Plan	P1		Not Selected		CM-9		CM-9	New
Contingency Planning
CP-1	CP-1	Contingency Planning Policy and Procedures	Contingency Planning Policy and Procedures	P1	CP-1	CP-1	CP-1	CP-1	CP-1	CP-1
CP-2	CP-2	Contingency Plan	Contingency Plan	P1	CP-2	CP-2	CP-2 (1)	CP-2 (1)	CP-2 (1) (2)	CP-2 (1) (2) (3)
CP-3	CP-3	Contingency Training	Contingency Training	P2	Not Selected	CP-3	CP-3	CP-3	CP-3 (1)	CP-3 (1)
CP-4	CP-4	Contingency Plan Testing and Exercises	Contingency Plan Testing and Exercises	P2	CP-4	CP-4	CP-4 (1)	CP-4 (1)	CP-4 (1) (2)	CP-4 (1) (2) (4)
CP-5	CP-5	Contingency Plan Update	Contingency Plan Update (Withdrawn)	---	CP-5	---	CP-5	---	CP-5	---	Withdrawn
CP-6	CP-6	Alternate Storage Site	Alternate Storage Site	P1	Not Selected	Not Selected	CP-6 (1) (3)	CP-6 (1) (3)	CP-6 (1) (2) (3)	CP-6 (1) (2) (3)
CP-7	CP-7	Alternate Processing Site	Alternate Processing Site	P1	Not Selected	Not Selected	CP-7 (1) (2) (3)	CP-7 (1) (2) (3) (5)	CP-7 (1) (2) (3) (4)	CP-7 (1) (2) (3) (4) (5)
CP-8	CP-8	Telecommunications Services	Telecommunications Services	P1	Not Selected	Not Selected	CP-8 (1) (2)	CP-8 (1) (2)	CP-8 (1) (2) (3) (4)	CP-8 (1) (2) (3) (4)
CP-9	CP-9	Information System Backup	Information System Backup	P1	CP-9	CP-9	CP-9 (1) (4)	CP-9 (1)	CP-9 (1) (2) (3) (4)	CP-9 (1) (2) (3)
CP-10	CP-10	Information System Recovery and Reconstitution	Information System Recovery and Reconstitution	P1	CP-10	CP-10	CP-10	CP-10 (2) (3)	CP-10 (1)	CP-10 (2) (3) (4)
Identification and Authentication
IA-1	IA-1	Identification and Authentication Policy and Procedures	Identification and Authentication Policy and Procedures	P1	IA-1	IA-1	IA-1	IA-1	IA-1	IA-1
IA-2	IA-2	User Identification and Authentication	Identification and Authentication (Organizational Users)	P1	IA-2	IA-2 (1)	IA-2 (1)	IA-2 (1) (2) (3) (8)	IA-2 (2) (3)	IA-2 (1) (2) (3) (4) (8) (9)
IA-3	IA-3	Device Identification and Authentication	Device Identification and Authentication	P1	Not Selected	Not Selected	IA-3	IA-3	IA-3	IA-3
IA-4	IA-4	Identifier Management	Identifier Management	P1	IA-4	IA-4	IA-4	IA-4	IA-4	IA-4
IA-5	IA-5	Authenticator Management	Authenticator Management	P1	IA-5	IA-5 (1)	IA-5	IA-5 (1) (2) (3)	IA-5	IA-5 (1) (2) (3)
IA-6	IA-6	Authenticator Feedback	Authenticator Feedback	P1	IA-6	IA-6	IA-6	IA-6	IA-6	IA-6
IA-7	IA-7	Cryptographic Module Authentication	Cryptographic Module Authentication	P1	IA-7	IA-7	IA-7	IA-7	IA-7	IA-7
	IA-8		Identification and Authentication (Non-Organizational Users)	P1		IA-8		IA-8		IA-8	New
Incident Response
IR-1	IR-1	Incident Response Policy and Procedures	Incident Response Policy and Procedures	P1	IR-1	IR-1	IR-1	IR-1	IR-1	IR-1
IR-2	IR-2	Incident Response Training	Incident Response Training	P2	Not Selected	IR-2	IR-2	IR-2	IR-2 (1)	IR-2 (1) (2)
IR-3	IR-3	Incident Response Testing and Exercises	Incident Response Testing and Exercises	P2	Not Selected	Not Selected	IR-3	IR-3	IR-3 (1)	IR-3 (1)
IR-4	IR-4	Incident Handling	Incident Handling	P1	IR-4	IR-4	IR-4 (1)	IR-4 (1)	IR-4 (1)	IR-4 (1)
IR-5	IR-5	Incident Monitoring	Incident Monitoring	P1	Not Selected	IR-5	IR-5	IR-5	IR-5 (1)	IR-5 (1)
IR-6	IR-6	Incident Reporting	Incident Reporting	P1	IR-6	IR-6	IR-6 (1)	IR-6 (1)	IR-6 (1)	IR-6 (1)
IR-7	IR-7	Incident Response Assistance	Incident Response Assistance	P3	IR-7	IR-7	IR-7 (1)	IR-7 (1)	IR-7 (1)	IR-7 (1)
	IR-8		Incident Response Plan	P1		IR-8		IR-8		IR-8	New
Maintenance
MA-1	MA-1	System Maintenance Policy and Procedures	System Maintenance Policy and Procedures	P1	MA-1	MA-1	MA-1	MA-1	MA-1	MA-1
MA-2	MA-2	Controlled Maintenance	Controlled Maintenance	P2	MA-2	MA-2	MA-2 (1)	MA-2 (1)	MA-2 (1) (2)	MA-2 (1) (2)
MA-3	MA-3	Maintenance Tools	Maintenance Tools	P2	Not Selected	Not Selected	MA-3	MA-3 (1) (2)	MA-3 (1) (2) (3)	MA-3 (1) (2) (3)
MA-4	MA-4	Remote Maintenance	Non-Local Maintenance	P1	MA-4	MA-4	MA-4 (1) (2)	MA-4 (1) (2)	MA-4 (1) (2) (3)	MA-4 (1) (2) (3)
MA-5	MA-5	Maintenance Personnel	Maintenance Personnel	P1	MA-5	MA-5	MA-5	MA-5	MA-5	MA-5
MA-6	MA-6	Timely Maintenance	Timely Maintenance	P1	Not Selected	Not Selected	MA-6	MA-6	MA-6	MA-6
Media Protection
MP-1	MP-1	Media Protection Policy and Procedures	Media Protection Policy and Procedures	P1	MP-1	MP-1	MP-1	MP-1	MP-1	MP-1
MP-2	MP-2	Media Access	Media Access	P1	MP-2	MP-2	MP-2 (1)	MP-2 (1)	MP-2 (1)	MP-2 (1)
MP-3	MP-3	Media Labeling	Media Marking	P1	Not Selected	Not Selected	Not Selected	MP-3	MP-3	MP-3
MP-4	MP-4	Media Storage	Media Storage	P1	Not Selected	Not Selected	MP-4	MP-4	MP-4	MP-4
MP-5	MP-5	Media Transport	Media Transport	P1	Not Selected	Not Selected	MP-5 (1) (2)	MP-5 (2) (4)	MP-5 (1) (2) (3)	MP-5 (2) (3) (4)
MP-6	MP-6	Media Sanitization and Disposal	Media Sanitization	P1	MP-6	MP-6	MP-6	MP-6	MP-6 (1) (2)	MP-6 (1) (2) (3)
Physical and Environmental Protection
PE-1	PE-1	Physical and Environmental Protection Policy and Procedures	Physical and Environmental Protection Policy and Procedures	P1	PE-1	PE-1	PE-1	PE-1	PE-1	PE-1
PE-2	PE-2	Physical Access Authorizations	Physical Access Authorizations	P1	PE-2	PE-2	PE-2	PE-2	PE-2	PE-2
PE-3	PE-3	Physical Access Control	Physical Access Control	P1	PE-3	PE-3	PE-3	PE-3	PE-3 (1)	PE-3 (1)
PE-4	PE-4	Access Control for Transmission Medium	Access Control for Transmission Medium	P1	Not Selected	Not Selected	Not Selected	PE-4	PE-4	PE-4
PE-5	PE-5	Access Control for Display Medium	Access Control for Output Devices	P1	Not Selected	Not Selected	PE-5	PE-5	PE-5	PE-5
PE-6	PE-6	Monitoring Physical Access	Monitoring Physical Access	P1	PE-6	PE-6	PE-6 (1)	PE-6 (1)	PE-6 (1) (2)	PE-6 (1) (2)
PE-7	PE-7	Visitor Control	Visitor Control	P1	PE-7	PE-7	PE-7 (1)	PE-7 (1)	PE-7 (1)	PE-7 (1)
PE-8	PE-8	Access Records	Access Records	P3	PE-8	PE-8	PE-8	PE-8	PE-8 (1) (2)	PE-8 (1) (2)
PE-9	PE-9	Power Equipment and Power Cabling	Power Equipment and Power Cabling	P1	Not Selected	Not Selected	PE-9	PE-9	PE-9	PE-9
PE-10	PE-10	Emergency Shutoff	Emergency Shutoff	P1	Not Selected	Not Selected	PE-10	PE-10	PE-10 (1)	PE-10
PE-11	PE-11	Emergency Power	Emergency Power	P1	Not Selected	Not Selected	PE-11	PE-11	PE-11 (1)	PE-11 (1)
PE-12	PE-12	Emergency Lighting	Emergency Lighting	P1	PE-12	PE-12	PE-12	PE-12	PE-12	PE-12
PE-13	PE-13	Fire Protection	Fire Protection	P1	PE-13	PE-13	PE-13 (1) (2) (3)	PE-13 (1) (2) (3)	PE-13 (1) (2) (3)	PE-13 (1) (2) (3)
PE-14	PE-14	Temperature and Humidity Controls	Temperature and Humidity Controls	P1	PE-14	PE-14	PE-14	PE-14	PE-14	PE-14
PE-15	PE-15	Water Damage Protection	Water Damage Protection	P1	PE-15	PE-15	PE-15	PE-15	PE-15 (1)	PE-15 (1)
PE-16	PE-16	Delivery and Removal	Delivery and Removal	P1	PE-16	PE-16	PE-16	PE-16	PE-16	PE-16
PE-17	PE-17	Alternate Work Site	Alternate Work Site	P1	Not Selected	Not Selected	PE-17	PE-17	PE-17	PE-17
PE-18	PE-18	Location of Information System Components	Location of Information System Components	P2	Not Selected	Not Selected	PE-18	PE-18	PE-18 (1)	PE-18 (1)
PE-19	PE-19	Information Leakage	Information Leakage	P0	Not Selected	Not Selected	Not Selected	Not Selected	Not Selected	Not Selected
Planning
PL-1	PL-1	Security Planning Policy and Procedures	Security Planning Policy and Procedures	P1	PL-1	PL-1	PL-1	PL-1	PL-1	PL-1
PL-2	PL-2	System Security Plan	System Security Plan	P1	PL-2	PL-2	PL-2	PL-2	PL-2	PL-2
PL-3	PL-3	System Security Plan Update	System Security Plan Update (Withdrawn)	---	PL-3	---	PL-3	---	PL-3	---	Withdrawn
PL-4	PL-4	Rules of Behavior	Rules of Behavior	P1	PL-4	PL-4	PL-4	PL-4	PL-4	PL-4
PL-5	PL-5	Privacy Impact Assessment	Privacy Impact Assessment	P1	PL-5	PL-5	PL-5	PL-5	PL-5	PL-5
PL-6	PL-6	Security-Related Activity Planning	Security-Related Activity Planning	P3	Not Selected	Not Selected	PL-6	PL-6	PL-6	PL-6
Personnel Security
PS-1	PS-1	Personnel Security Policy and Procedures	Personnel Security Policy and Procedures	P1	PS-1	PS-1	PS-1	PS-1	PS-1	PS-1
PS-2	PS-2	Position Categorization	Position Categorization	P1	PS-2	PS-2	PS-2	PS-2	PS-2	PS-2
PS-3	PS-3	Personnel Screening	Personnel Screening	P1	PS-3	PS-3	PS-3	PS-3	PS-3	PS-3
PS-4	PS-4	Personnel Termination	Personnel Termination	P2	PS-4	PS-4	PS-4	PS-4	PS-4	PS-4
PS-5	PS-5	Personnel Transfer	Personnel Transfer	P2	PS-5	PS-5	PS-5	PS-5	PS-5	PS-5
PS-6	PS-6	Access Agreements	Access Agreements	P3	PS-6	PS-6	PS-6	PS-6	PS-6	PS-6
PS-7	PS-7	Third-Party Personnel Security	Third-Party Personnel Security	P1	PS-7	PS-7	PS-7	PS-7	PS-7	PS-7
PS-8	PS-8	Personnel Sanctions	Personnel Sanctions	P3	PS-8	PS-8	PS-8	PS-8	PS-8	PS-8
Risk Assessment
RA-1	RA-1	Risk Assessment Policy and Procedures	Risk Assessment Policy and Procedures	P1	RA-1	RA-1	RA-1	RA-1	RA-1	RA-1
RA-2	RA-2	Security Categorization	Security Categorization	P1	RA-2	RA-2	RA-2	RA-2	RA-2	RA-2
RA-3	RA-3	Risk Assessment	Risk Assessment	P1	RA-3	RA-3	RA-3	RA-3	RA-3	RA-3
RA-4	RA-4	Risk Assessment Update	Risk Assessment Update (Withdrawn)	---	RA-4	---	RA-4	---	RA-4	---	Withdrawn
RA-5	RA-5	Vulnerability Scanning	Vulnerability Scanning	P1	Not Selected	RA-5	RA-5	RA-5 (1)	RA-5 (1) (2)	RA-5 (1) (2) (3) (4) (5) (7)
System and Services Acquisition
SA-1	SA-1	System and Services Acquisition Policy and Procedures	System and Services Acquisition Policy and Procedures	P1	SA-1	SA-1	SA-1	SA-1	SA-1	SA-1
SA-2	SA-2	Allocation of Resources	Allocation of Resources	P1	SA-2	SA-2	SA-2	SA-2	SA-2	SA-2
SA-3	SA-3	Life Cycle Support	Life Cycle Support	P1	SA-3	SA-3	SA-3	SA-3	SA-3	SA-3
SA-4	SA-4	Acquisitions	Acquisitions	P1	SA-4	SA-4	SA-4 (1)	SA-4 (1) (4)	SA-4 (1)	SA-4 (1) (2) (4)
SA-5	SA-5	Information System Documentation	Information System Documentation	P2	SA-5	SA-5	SA-5 (1)	SA-5 (1) (3)	SA-5 (1) (2)	SA-5 (1) (2) (3)
SA-6	SA-6	Software Usage Restrictions	Software Usage Restrictions	P1	SA-6	SA-6	SA-6	SA-6	SA-6	SA-6
SA-7	SA-7	User Installed Software	User-Installed Software	P1	SA-7	SA-7	SA-7	SA-7	SA-7	SA-7
SA-8	SA-8	Security Engineering Principles	Security Engineering Principles	P1	Not Selected	Not Selected	SA-8	SA-8	SA-8	SA-8
SA-9	SA-9	External Information System Services	External Information System Services	P1	SA-9	SA-9	SA-9	SA-9	SA-9	SA-9
SA-10	SA-10	Developer Configuration Management	Developer Configuration Management	P1	Not Selected	Not Selected	Not Selected	SA-10	SA-10	SA-10
SA-11	SA-11	Developer Security Testing	Developer Security Testing	P2	Not Selected	Not Selected	SA-11	SA-11	SA-11	SA-11
	SA-12		Supply Chain Protection	P1		Not Selected		Not Selected		SA-12	New
	SA-13		Trustworthiness	P1		Not Selected		Not Selected		SA-13	New
	SA-14		Critical Information System Components	P0		Not Selected		Not Selected		Not Selected	New
System and Communications Protection
SC-1	SC-1	System and Communications Protection Policy and Procedures	System and Communications Protection Policy and Procedures	P1	SC-1	SC-1	SC-1	SC-1	SC-1	SC-1
SC-2	SC-2	Application Partitioning	Application Partitioning	P1	Not Selected	Not Selected	SC-2	SC-2	SC-2	SC-2
SC-3	SC-3	Security Function Isolation	Security Function Isolation	P1	Not Selected	Not Selected	Not Selected	Not Selected	SC-3	SC-3
SC-4	SC-4	Information Remnance	Information in Shared Resources	P1	Not Selected	Not Selected	SC-4	SC-4	SC-4	SC-4
SC-5	SC-5	Denial of Service Protection	Denial of Service Protection	P1	SC-5	SC-5	SC-5	SC-5	SC-5	SC-5
SC-6	SC-6	Resource Priority	Resource Priority	P0	Not Selected	Not Selected	Not Selected	Not Selected	Not Selected	Not Selected
SC-7	SC-7	Boundary Protection	Boundary Protection	P1	SC-7	SC-7	SC-7 (1) (2) (3) (4) (5)	SC-7 (1) (2) (3) (4) (5) (7)	SC-7 (1) (2) (3) (4) (5) (6)	SC-7 (1) (2) (3) (4) (5) (6) (7) (8)
SC-8	SC-8	Transmission Integrity	Transmission Integrity	P1	Not Selected	Not Selected	SC-8	SC-8 (1)	SC-8 (1)	SC-8 (1)
SC-9	SC-9	Transmission Confidentiality	Transmission Confidentiality	P1	Not Selected	Not Selected	SC-9	SC-9 (1)	SC-9 (1)	SC-9 (1)
SC-10	SC-10	Network Disconnect	Network Disconnect	P2	Not Selected	Not Selected	SC-10	SC-10	SC-10	SC-10
SC-11	SC-11	Trusted Path	Trusted Path	P0	Not Selected	Not Selected	Not Selected	Not Selected	Not Selected	Not Selected
SC-12	SC-12	Cryptographic Key Establishment and Management	Cryptographic Key Establishment and Management	P1	Not Selected	SC-12	SC-12	SC-12	SC-12	SC-12 (1)
SC-13	SC-13	Use of Cryptography	Use of Cryptography	P1	SC-13	SC-13	SC-13	SC-13	SC-13	SC-13
SC-14	SC-14	Public Access Protections	Public Access Protections	P1	SC-14	SC-14	SC-14	SC-14	SC-14	SC-14
SC-15	SC-15	Collaborative Computing	Collaborative Computing Devices	P1	Not Selected	SC-15	SC-15	SC-15	SC-15	SC-15
SC-16	SC-16	Transmission of Security Parameters	Transmission of Security Attributes	P0	Not Selected	Not Selected	Not Selected	Not Selected	Not Selected	Not Selected
SC-17	SC-17	Public Key Infrastructure Certificates	Public Key Infrastructure Certificates	P1	Not Selected	Not Selected	SC-17	SC-17	SC-17	SC-17
SC-18	SC-18	Mobile Code	Mobile Code	P1	Not Selected	Not Selected	SC-18	SC-18	SC-18	SC-18
SC-19	SC-19	Voice Over Internet Protocol	Voice Over Internet Protocol	P1	Not Selected	Not Selected	SC-19	SC-19	SC-19	SC-19
SC-20	SC-20	Secure Name /Address Resolution Service (Authoritative Source)	Secure Name /Address Resolution Service (Authoritative Source)	P1	Not Selected	SC-20 (1)	SC-20	SC-20 (1)	SC-20	SC-20 (1)
SC-21	SC-21	Secure Name /Address Resolution Service (Recursive or Caching Resolver)	Secure Name /Address Resolution Service (Recursive or Caching Resolver)	P1	Not Selected	Not Selected	Not Selected	Not Selected	SC-21	SC-21
SC-22	SC-22	Architecture and Provisioning for Name/Address Resolution Service	Architecture and Provisioning for Name/Address Resolution Service	P1	Not Selected	Not Selected	SC-22	SC-22	SC-22	SC-22
SC-23	SC-23	Session Authenticity	Session Authenticity	P1	Not Selected	Not Selected	SC-23	SC-23	SC-23	SC-23
	SC-24		Fail in Known State	P1		Not Selected		Not Selected		SC-24	New
	SC-25		Thin Nodes	P0		Not Selected		Not Selected		Not Selected	New
	SC-26		Honeypots	P0		Not Selected		Not Selected		Not Selected	New
	SC-27		Operating System-Independent Applications	P0		Not Selected		Not Selected		Not Selected	New
	SC-28		Protection of Information at Rest	P1		Not Selected		SC-28		SC-28	New
	SC-29		Heterogeneity	P0		Not Selected		Not Selected		Not Selected	New
	SC-30		Virtualization Techniques	P0		Not Selected		Not Selected		Not Selected	New
	SC-31		Covert Channel Analysis	P0		Not Selected		Not Selected		Not Selected	New
	SC-32		Information System Partitioning	P0		Not Selected		SC-32		SC-32	New
	SC-33		Transmission Preparation Integrity	P0		Not Selected		Not Selected		Not Selected	New
	SC-34		Non-Modifiable Executable Programs	P0		Not Selected		Not Selected		Not Selected	New
System and Information Integrity
SI-1	SI-1	System and Information Integrity Policy and Procedures	System and Information Integrity Policy and Procedures	P1	SI-1	SI-1	SI-1	SI-1	SI-1	SI-1
SI-2	SI-2	Flaw Remediation	Flaw Remediation	P1	SI-2	SI-2	SI-2 (2)	SI-2 (2)	SI-2 (1) (2)	SI-2 (1) (2)
SI-3	SI-3	Malicious Code Protection	Malicious Code Protection	P1	SI-3	SI-3	SI-3 (1) (2)	SI-3 (1) (2) (3)	SI-3 (1) (2)	SI-3 (1) (2) (3)
SI-4	SI-4	Information System Monitoring Tools and Techniques	Information System Monitoring	P1	Not Selected	Not Selected	SI-4 (4)	SI-4 (2) (4) (5) (6)	SI-4 (2) (4) (5)	SI-4 (2) (4) (5) (6)
SI-5	SI-5	Security Alerts and Advisories	Security Alerts, Advisories, and Directives	P1	SI-5	SI-5	SI-5	SI-5	SI-5 (1)	SI-5 (1)
SI-6	SI-6	Security Functionality Verification	Security Functionality Verification	P1	Not Selected	Not Selected	Not Selected	Not Selected	SI-6	SI-6
SI-7	SI-7	Software and Information Integrity	Software and Information Integrity	P1	Not Selected	Not Selected	Not Selected	SI-7 (1)	SI-7 (1) (2)	SI-7 (1) (2)
SI-8	SI-8	Spam Protection	Spam Protection	P1	Not Selected	Not Selected	SI-8	SI-8	SI-8 (1)	SI-8 (1)
SI-9	SI-9	Information Input Restrictions	Information Input Restrictions	P2	Not Selected	Not Selected	SI-9	SI-9	SI-9	SI-9
SI-10	SI-10	Information Accuracy, Completeness, Validity, and Authenticity	Information Input Validation	P1	Not Selected	Not Selected	SI-10	SI-10	SI-10	SI-10
SI-11	SI-11	Error Handling	Error Handling	P2	Not Selected	Not Selected	SI-11	SI-11	SI-11	SI-11
SI-12	SI-12	Information Output Handling and Retention	Information Output Handling and Retention	P2	Not Selected	SI-12	SI-12	SI-12	SI-12	SI-12
	SI-13		Predictable Failure Prevention	P0		Not Selected		Not Selected		Not Selected	New
Program Management
	PM-1		Information Security Program Plan	P1							New
	PM-2		Senior Information Security Officer	P1							New
	PM-3		Information Security Resources	P1							New
	PM-4		Plan of Action and Milestones Process	P1							New
	PM-5		Information System Inventory	P1							New
	PM-6		Information Security Measures of Performance	P1							New
	PM-7		Enterprise Architecture	P1							New
	PM-8		Critical Infrastructure Plan	P1							New
	PM-9		Risk Management Strategy	P1							New
	PM-10		Security Authorization Process	P1							New
	PM-11		Mission/Business Process Definition	P1							New

800-53r2 800-53r3 Comparison

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Tools