Security Controls Catalog of NIST SP 800-171 (CUI) Required Controls

The Texas A&M Transportation Institute Security Control Standards Catalog (“Controls Catalog”) establishes the minimum standards and controls for agency information security in accordance with the state’s Information Security Standards for Institutions of Higher Education found in Title 1, Chapter 202, Texas Administrative Code (TAC 202). For more information, visit the Policy and Standards page.

Procedure ID Procedure Name NIST Priority
Access Control
AC-02-727 Account Management P1
AC-03-727 Access Enforcement P1
AC-04-727 Information Flow Enforcement P1
AC-05-727 Separation of Duties P1
AC-06-727 Least Privilege P1
AC-07-727 Unsuccessful Logon Attempts P2
AC-08-727 System Use Notification P1
AC-11-727 Session Lock P3
AC-12-727 Session Termination P2
AC-17-727 Remote Access P1
AC-18-727 Wireless Access P1
AC-19-727 Access Control for Mobile Devices P1
AC-20-727 Use of External Information Systems P1
AC-22-727 Publicly Accessible Content P3
Awareness and Training
AT-02-727 Security Awareness Training P1
AT-03-727 Role-Based Security Training P1
Audit and Accountability
AU-02-727 Audit Events P1
AU-03-727 Content of Audit Records P1
AU-05-727 Response to Audit Processing Failures P1
AU-06-727 Audit Review, Analysis, and Reporting P1
AU-07-727 Audit Reduction and Report Generation P2
AU-08-727 Time Stamps P1
AU-09-727 Protection of Audit Information P1
AU-12-727 Audit Generation P1
Security Assessment and Authorization
CA-02-727 Security Assessments P2
CA-05-727 Plan of Action and Milestones P3
CA-07-727 Continuous Monitoring P2
Configuration Management
CM-02-727 Baseline Configuration P1
CM-03-727 Configuration Change Control P1
CM-04-727 Security Impact Analysis P2
CM-05-727 Access Restrictions for Change P1
CM-06-727 Configuration Settings P1
CM-07-727 Least Functionality P1
CM-08-727 Information System Component Inventory P1
CM-11-727 User-Installed Software P1
Contingency Planning
CP-09-727 Information System Backup P1
Identification and Authentication
IA-02-727 Identification and Authentication (Organizational Users) P1
IA-04-727 Identifier Management P1
IA-05-727 Authenticator Management P1
IA-06-727 Authenticator Feedback P2
Incident Response
IR-02-727 Incident Response Training P2
IR-03-727 Incident Response Testing P2
IR-04-727 Incident Handling P1
IR-05-727 Incident Monitoring P1
IR-06-727 Incident Reporting P1
IR-07-727 Incident Response Assistance P2
MA-02-727 Controlled Maintenance P2
MA-03-727 Maintenance Tools P3
MA-04-727 Nonlocal Maintenance P2
MA-05-727 Maintenance Personnel P2
Media Protection
MP-02-727 Media Access P1
MP-03-727 Media Marking P2
MP-04-727 Media Storage P1
MP-05-727 Media Transport P1
MP-06-727 Media Sanitization P1
MP-07-727 Media Use P1
Physical and Environmental Protection
PE-02-727 Physical Access Authorizations P1
PE-03-727 Physical Access Control P1
PE-05-727 Access Control for Output Devices P2
PE-06-727 Monitoring Physical Access P1
PE-17-727 Alternate Work Site P2
Personnel Security
PS-03-727 Personnel Screening P1
PS-04-727 Personnel Termination P1
PS-05-727 Personnel Transfer P2
Risk Assessment
RA-03-727 Risk Assessment P1
RA-05-727 Vulnerability Scanning P1
Security Assessment and Authorization
SA-08-727 Security Engineering Principles P1
System and Communications Protection
SC-02-727 Application Partitioning P1
SC-04-727 Information in Shared Resources P1
SC-07-727 Boundary Protection P1
SC-08-727 Transmission Confidentiality and Integrity P1
SC-10-727 Network Disconnect P2
SC-12-727 Cryptographic Key Establishment and Management P1
SC-13-727 Cryptographic Protection P1
SC-15-727 Collaborative Computing Devices P1
SC-18-727 Mobile Code P2
SC-19-727 Voice over Internet Protocol P1
SC-23-727 Session Authenticity P1
SC-28-727 Protection of Information at Rest P1
System and Information Integrity
SI-02-727 Flaw Remediation P1
SI-03-727 Malicious Code Protection P1
SI-04-727 Information System Monitoring P1
SI-05-727 Security Alerts, Advisories, and Directives P1

Disclaimer: NIST SP 800-171 contains many security controls that are enhancements of the security controls listed above, which are not included in the Texas Security Control Standards Catalog. As TTI publishes control enhancements to its controls catalog, they will be reflected in the list above.