Security Controls Catalog of NIST SP 800-171 (CUI) Required Controls
The Texas A&M Transportation Institute Security Control Standards Catalog (“Controls Catalog”) establishes the minimum standards and controls for agency information security in accordance with the state’s Information Security Standards for Institutions of Higher Education found in Title 1, Chapter 202, Texas Administrative Code (TAC 202). For more information, visit the Policy and Standards page.
| Procedure ID | Procedure Name | NIST Priority |
|---|---|---|
| Access Control | ||
| AC-02-727 | Account Management | P1 |
| AC-03-727 | Access Enforcement | P1 |
| AC-04-727 | Information Flow Enforcement | P1 |
| AC-05-727 | Separation of Duties | P1 |
| AC-06-727 | Least Privilege | P1 |
| AC-07-727 | Unsuccessful Logon Attempts | P2 |
| AC-08-727 | System Use Notification | P1 |
| AC-11-727 | Session Lock | P3 |
| AC-12-727 | Session Termination | P2 |
| AC-17-727 | Remote Access | P1 |
| AC-18-727 | Wireless Access | P1 |
| AC-19-727 | Access Control for Mobile Devices | P1 |
| AC-20-727 | Use of External Information Systems | P1 |
| AC-22-727 | Publicly Accessible Content | P3 |
| Awareness and Training | ||
| AT-02-727 | Security Awareness Training | P1 |
| AT-03-727 | Role-Based Security Training | P1 |
| Audit and Accountability | ||
| AU-02-727 | Audit Events | P1 |
| AU-03-727 | Content of Audit Records | P1 |
| AU-05-727 | Response to Audit Processing Failures | P1 |
| AU-06-727 | Audit Review, Analysis, and Reporting | P1 |
| AU-07-727 | Audit Reduction and Report Generation | P2 |
| AU-08-727 | Time Stamps | P1 |
| AU-09-727 | Protection of Audit Information | P1 |
| AU-12-727 | Audit Generation | P1 |
| Security Assessment and Authorization | ||
| CA-02-727 | Security Assessments | P2 |
| CA-05-727 | Plan of Action and Milestones | P3 |
| CA-07-727 | Continuous Monitoring | P2 |
| Configuration Management | ||
| CM-02-727 | Baseline Configuration | P1 |
| CM-03-727 | Configuration Change Control | P1 |
| CM-04-727 | Security Impact Analysis | P2 |
| CM-05-727 | Access Restrictions for Change | P1 |
| CM-06-727 | Configuration Settings | P1 |
| CM-07-727 | Least Functionality | P1 |
| CM-08-727 | Information System Component Inventory | P1 |
| CM-11-727 | User-Installed Software | P1 |
| Contingency Planning | ||
| CP-09-727 | Information System Backup | P1 |
| Identification and Authentication | ||
| IA-02-727 | Identification and Authentication (Organizational Users) | P1 |
| IA-04-727 | Identifier Management | P1 |
| IA-05-727 | Authenticator Management | P1 |
| IA-06-727 | Authenticator Feedback | P2 |
| Incident Response | ||
| IR-02-727 | Incident Response Training | P2 |
| IR-03-727 | Incident Response Testing | P2 |
| IR-04-727 | Incident Handling | P1 |
| IR-05-727 | Incident Monitoring | P1 |
| IR-06-727 | Incident Reporting | P1 |
| IR-07-727 | Incident Response Assistance | P2 |
| Maintenance | ||
| MA-02-727 | Controlled Maintenance | P2 |
| MA-03-727 | Maintenance Tools | P3 |
| MA-04-727 | Nonlocal Maintenance | P2 |
| MA-05-727 | Maintenance Personnel | P2 |
| Media Protection | ||
| MP-02-727 | Media Access | P1 |
| MP-03-727 | Media Marking | P2 |
| MP-04-727 | Media Storage | P1 |
| MP-05-727 | Media Transport | P1 |
| MP-06-727 | Media Sanitization | P1 |
| MP-07-727 | Media Use | P1 |
| Physical and Environmental Protection | ||
| PE-02-727 | Physical Access Authorizations | P1 |
| PE-03-727 | Physical Access Control | P1 |
| PE-05-727 | Access Control for Output Devices | P2 |
| PE-06-727 | Monitoring Physical Access | P1 |
| PE-17-727 | Alternate Work Site | P2 |
| Personnel Security | ||
| PS-03-727 | Personnel Screening | P1 |
| PS-04-727 | Personnel Termination | P1 |
| PS-05-727 | Personnel Transfer | P2 |
| Risk Assessment | ||
| RA-03-727 | Risk Assessment | P1 |
| RA-05-727 | Vulnerability Scanning | P1 |
| Security Assessment and Authorization | ||
| SA-08-727 | Security Engineering Principles | P1 |
| System and Communications Protection | ||
| SC-02-727 | Application Partitioning | P1 |
| SC-04-727 | Information in Shared Resources | P1 |
| SC-07-727 | Boundary Protection | P1 |
| SC-08-727 | Transmission Confidentiality and Integrity | P1 |
| SC-10-727 | Network Disconnect | P2 |
| SC-12-727 | Cryptographic Key Establishment and Management | P1 |
| SC-13-727 | Cryptographic Protection | P1 |
| SC-15-727 | Collaborative Computing Devices | P1 |
| SC-18-727 | Mobile Code | P2 |
| SC-19-727 | Voice over Internet Protocol | P1 |
| SC-23-727 | Session Authenticity | P1 |
| SC-28-727 | Protection of Information at Rest | P1 |
| System and Information Integrity | ||
| SI-02-727 | Flaw Remediation | P1 |
| SI-03-727 | Malicious Code Protection | P1 |
| SI-04-727 | Information System Monitoring | P1 |
| SI-05-727 | Security Alerts, Advisories, and Directives | P1 |
Disclaimer: NIST SP 800-171 contains many security controls that are enhancements of the security controls listed above, which are not included in the Texas Security Control Standards Catalog. As TTI publishes control enhancements to its controls catalog, they will be reflected in the list above.
Search Control Catalog
Control Audiences
Control Families
- Access Control
- Authority and Purpose
- Accountability, Audit and Risk Management
- Awareness and Training
- Audit and Accountability
- Security Assessment and Authorization
- Configuration Management
- Contingency Planning
- Data Quality and Integrity
- Data Minimization and Retention
- Identification and Authentication
- Individual Participation and Redress
- Incident Response
- Maintenance
- Media Protection
- Physical and Environmental Protection
- Planning
- Program Management
- Personnel Security
- Risk Assessment
- System and Services Acquisition
- System and Communications Protection
- Security
- System and Information Integrity
- Transparency
- Use Limitation