Security Controls Catalog for Owners of Unmanaged Information Resources

The Texas A&M Transportation Institute Security Control Standards Catalog (“Controls Catalog”) establishes the minimum standards and controls for agency information security in accordance with the state’s Information Security Standards for Institutions of Higher Education found in Title 1, Chapter 202, Texas Administrative Code (TAC 202). For more information, visit the Policy and Standards page.

Procedure ID	Procedure Name	NIST Priority
Access Control
AC-01-727	Access Control Policy and Procedures	P1
AC-02-727	Account Management	P1
AC-03-727	Access Enforcement	P1
AC-05-727	Separation of Duties	P1
AC-07-727	Unsuccessful Logon Attempts	P2
AC-08-727	System Use Notification	P1
AC-14-727	Permitted Actions without Identification or Authentication	P3
AC-17-727	Remote Access	P1
AC-18-727	Wireless Access	P1
AC-20-727	Use of External Information Systems	P1
Audit and Accountability
AU-01-727	Audit and Accountability Policy and Procedures	P1
AU-02-727	Audit Events	P1
AU-03-727	Content of Audit Records	P1
AU-04-727	Audit Storage Capacity	P1
AU-05-727	Response to Audit Processing Failures	P1
AU-06-727	Audit Review, Analysis, and Reporting	P1
AU-08-727	Time Stamps	P1
AU-09-727	Protection of Audit Information	P1
AU-11-727	Audit Record Retention	P3
AU-12-727	Audit Generation	P1
Security Assessment and Authorization
CA-01-727	Security Assessment and Authorization Policy and Procedures	P1
CA-02-727	Security Assessments	P2
CA-03-727	System Interconnections	P1
CA-05-727	Plan of Action and Milestones	P3
CA-06-727	Security Authorization	P2
CA-09-727	Internal System Connections	P2
Configuration Management
CM-01-727	Configuration Management Policy and Procedures	P1
CM-02-727	Baseline Configuration	P1
CM-04-727	Security Impact Analysis	P2
CM-06-727	Configuration Settings	P1
CM-07-727	Least Functionality	P1
CM-08-727	Information System Component Inventory	P1
CM-11-727	User-Installed Software	P1
Contingency Planning
CP-09-727	Information System Backup	P1
Identification and Authentication
IA-01-727	Identification and Authentication Policy and Procedures	P1
IA-02-727	Identification and Authentication (Organizational Users)	P1
IA-04-727	Identifier Management	P1
IA-05-727	Authenticator Management	P1
IA-06-727	Authenticator Feedback	P2
IA-07-727	Cryptographic Module Authentication	P1
IA-08-727	Identification and Authentication (Non-Organizational Users)	P1
Incident Response
IR-06-727	Incident Reporting	P1
Maintenance
MA-01-727	System Maintenance Policy and Procedures	P1
MA-02-727	Controlled Maintenance	P2
MA-04-727	Nonlocal Maintenance	P2
Media Protection
MP-01-727	Media Protection Policy and Procedures	P1
MP-02-727	Media Access	P1
MP-06-727	Media Sanitization	P1
MP-07-727	Media Use	P1
Risk Assessment
RA-01-727	Risk Assessment Policy and Procedures	P1
RA-03-727	Risk Assessment	P1
RA-05-727	Vulnerability Scanning	P1
Security Assessment and Authorization
SA-05-727	Information System Documentation	P2
System and Communications Protection
SC-01-727	System and Communications Protection Policy and Procedures	P1
SC-12-727	Cryptographic Key Establishment and Management	P1
System and Information Integrity
SI-01-727	System and Information Integrity Policy and Procedures	P1
SI-02-727	Flaw Remediation	P1
SI-03-727	Malicious Code Protection	P1

Security Controls Catalog for Owners of Unmanaged Information Resources

Search Control Catalog

Control Audiences

Control Baselines

Control Families