Security Controls Catalog for Owners of Unmanaged Information Resources

The Texas A&M Transportation Institute Security Control Standards Catalog (“Controls Catalog”) establishes the minimum standards and controls for agency information security in accordance with the state’s Information Security Standards for Institutions of Higher Education found in Title 1, Chapter 202, Texas Administrative Code (TAC 202). For more information, visit the Policy and Standards page.


Procedure ID Procedure Name NIST Priority
Access Control
AC-01-727 Access Control Policy and Procedures P1
AC-02-727 Account Management P1
AC-03-727 Access Enforcement P1
AC-05-727 Separation of Duties P1
AC-07-727 Unsuccessful Logon Attempts P2
AC-08-727 System Use Notification P1
AC-14-727 Permitted Actions without Identification or Authentication P3
AC-17-727 Remote Access P1
AC-18-727 Wireless Access P1
AC-20-727 Use of External Information Systems P1
Audit and Accountability
AU-01-727 Audit and Accountability Policy and Procedures P1
AU-02-727 Audit Events P1
AU-03-727 Content of Audit Records P1
AU-04-727 Audit Storage Capacity P1
AU-05-727 Response to Audit Processing Failures P1
AU-06-727 Audit Review, Analysis, and Reporting P1
AU-08-727 Time Stamps P1
AU-09-727 Protection of Audit Information P1
AU-11-727 Audit Record Retention P3
AU-12-727 Audit Generation P1
Security Assessment and Authorization
CA-01-727 Security Assessment and Authorization Policy and Procedures P1
CA-02-727 Security Assessments P2
CA-03-727 System Interconnections P1
CA-05-727 Plan of Action and Milestones P3
CA-06-727 Security Authorization P2
CA-09-727 Internal System Connections P2
Configuration Management
CM-01-727 Configuration Management Policy and Procedures P1
CM-02-727 Baseline Configuration P1
CM-04-727 Security Impact Analysis P2
CM-06-727 Configuration Settings P1
CM-07-727 Least Functionality P1
CM-08-727 Information System Component Inventory P1
CM-11-727 User-Installed Software P1
Contingency Planning
CP-09-727 Information System Backup P1
Identification and Authentication
IA-01-727 Identification and Authentication Policy and Procedures P1
IA-02-727 Identification and Authentication (Organizational Users) P1
IA-04-727 Identifier Management P1
IA-05-727 Authenticator Management P1
IA-06-727 Authenticator Feedback P2
IA-07-727 Cryptographic Module Authentication P1
IA-08-727 Identification and Authentication (Non-Organizational Users) P1
Incident Response
IR-06-727 Incident Reporting P1
Maintenance
MA-01-727 System Maintenance Policy and Procedures P1
MA-02-727 Controlled Maintenance P2
MA-04-727 Nonlocal Maintenance P2
Media Protection
MP-01-727 Media Protection Policy and Procedures P1
MP-02-727 Media Access P1
MP-06-727 Media Sanitization P1
MP-07-727 Media Use P1
Risk Assessment
RA-01-727 Risk Assessment Policy and Procedures P1
RA-03-727 Risk Assessment P1
RA-05-727 Vulnerability Scanning P1
Security Assessment and Authorization
SA-05-727 Information System Documentation P2
System and Communications Protection
SC-01-727 System and Communications Protection Policy and Procedures P1
SC-12-727 Cryptographic Key Establishment and Management P1
System and Information Integrity
SI-01-727 System and Information Integrity Policy and Procedures P1
SI-02-727 Flaw Remediation P1
SI-03-727 Malicious Code Protection P1