Requirements Traceability Matrix (RTM)
Transcript of Requirements Traceability Matrix (RTM)
CLASSIFICATION WAS NOT SELECTED
TEST_2015-01-15-1052[PROJECT ACRONYM NOT PROVIDED]
[ENTER SYSTEM NUMBER]
REQUIREMENTS TRACEABILITY MATRIX
(RTM)
Prepared forDepartment of Homeland Security
16 January 2015
CLASSIFICATION WAS NOT SELECTED
CLASSIFICATION WAS NOT SELECTED
1. Introduction
The Requirements Traceability Matrix (RTM) relates requirements from requirement source documents to the security certification process. It ensures that all security requirements are identified and investigated. Each row of the matrix identifies a specific requirement and provides the details of how it was tested or analyzed and the results.
The table is arranged to display the system security requirements from the applicable regulation documents, which are listed below:
NIST 800-53 w/ DHS 4300A - Department of Homeland Security Sensitive Systems Policy Directive 4300A Version 10
The columns of the RTM are defined as follows:
Control Ref. Refers to the name (short title) of the source document and the ID or paragraph number of the listed control or requirement.
Security Req./Control
Short title describing the security control or requirement (and the text of the control/requirement, which may be paraphrased for brevity).
Security Category
Category and class associated with the security control.
Control Type
Auto populated if the requirement is identified with two security control types: common and system-specific; i.e., a part of the requirement is identified as common type and another part of it is system-specific.
Common. Auto populated if the requirement is designated to one or more information systems.
Hybrid. Auto populated if the requirement is identified with two security control types: common and system-specific; i.e., a part of the requirement is identified as common type and another part of it is system-specific.
System-Specific. Auto populated if the requirement is assigned to a specific information system.
Inherited. Auto populated if the requirement is inherited from another system. Not Specified. Auto populated if the requirement does not require any security
control.
Planned Imp.
Auto populated if the requirement is identified with two security control types: common and system-specific; i.e., a part of the requirement is identified as common type and another part of it is system-specific.
Common. Auto populated if the requirement is designated to one or more information systems.
Hybrid. Auto populated if the requirement is identified with two security control types: common and system-specific; i.e., a part of the requirement is identified as common type and another part of it is system-specific.
System-Specific. Auto populated if the requirement is assigned to a specific information system.
Inherited. Auto populated if the requirement is inherited from another system. Not Specified. Auto populated if the requirement does not require any security
control.CLASSIFICATION WAS NOT SELECTED
i
CLASSIFICATION WAS NOT SELECTED
Actual Imp.
Identification whether the control is in place and how it has been implemented, or differences in how the control was implemented compared to what was planned.
As Planned. Auto populated if Implemented control status is selected and Planned Implementation column does not read Not Entered.
Pending Implementation. Auto populated if Planned control status is selected and Planned Implementation column does not read Not Entered.
Partially Implemented. Auto populated if Partial control status is selected and Planned Implementation column does not read Not Entered.
Not Entered. Auto populated if the Planned Implementation column reads Not Entered.
Not Assigned. Auto populated if the Control Type and/or Control Status were not selected.
Test #(s)The ID number of the specific test procedure(s) that is used to validate the requirement or control.
-. The control is not applicable.
Methods
The evaluation method (or methods) used to assess the requirement. I. Interview. E. Examine. T. Testing. -. The control is not applicable.
Tailored
The tailored control that modifies the control set. In. The control was tailored in. Out. The control was tailored out. - . The control was not affected from tailoring.
Overlays
The controls included or excluded from the controls already in the baseline. In. The control was added in to the controls in the baseline. Out. The control was removed from the controls in the baseline. - . The control was not affected from overlay(s).
Result
The summarized result for the test procedures that cover the requirement/control. Met - Requirement fully satisfied. Not Met - Requirement not satisfied. Not Applicable - Requirement not applicable.
Notes Identifies the factor, and the basis for; any tailoring of controls from the NIST 800-53 w/ DHS 4300A baseline or organizational overlay that was used for the system.
CLASSIFICATION WAS NOT SELECTEDii
CLASSIFICATION WAS NOT SELECTED
2. Requirements Traceability Matrix
Control Ref.
Security Req./
Control
Security Category
ControlType
PlannedImp.
ActualImp.
Test#(s)
Methods TailoredResult Notes
I E T IN OUT
NIST 800-53 w/ DHS 4300A AC-
1
Access Control
Policy and Procedures
Access Control
Policy and Procedures
(T)
Not Specified Not Entered Not Assigned AC-1.1, AC-1.2 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A AC-
1 (DHS-5.1.1.c)
Sharing of Personal
Passwords
Access Control
Policy and Procedures
(T)
Not Specified Not Entered Not AssignedAC-
1(DHS-5.1.1.c)
- X X - - Not Met None
NIST 800-53 w/ DHS 4300A AC-
2
Account Management
Account Management
(T)Not Specified Not Entered Not Assigned AC-2.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A AC-
2 (1)
Account Management
Account Management
(T)Not Specified Not Entered Not Assigned AC-2(1).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A AC-
2 (2)
Account Management
Account Management
(T)Not Specified Not Entered Not Assigned AC-2(2).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A AC-
2 (3)
Account Management
Account Management
(T)Not Specified Not Entered Not Assigned AC-2(3).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A AC-
2 (4)
Account Management
Account Management
(T)Not Specified Not Entered Not Assigned AC-2(4).1 X X - - - Not Met None
NIST 800- Account Account Not Specified Not Entered Not Assigned AC-2(5).1 X X - - - Not Met None
CLASSIFICATION WAS NOT SELECTED1
CLASSIFICATION WAS NOT SELECTED
Control Ref.
Security Req./
Control
Security Category
ControlType
PlannedImp.
ActualImp.
Test#(s)
Methods Tailored
Result Notes53 w/ DHS 4300A AC-
2 (5)Management Management
(T)
NIST 800-53 w/ DHS 4300A AC-
2 (11)
Account Management
Account Management
(T)Not Specified Not Entered Not Assigned AC-
2(11).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A AC-
3
Access Enforcement
Access Enforcement
(T)Not Specified Not Entered Not Assigned AC-3.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A AC-
3 (DHS-5.1.1.d)
Access Enforcement
Access Enforcement
(T)Not Specified Not Entered Not Assigned
AC-3(DHS-5.1.1.d)
- X X - - Not Met None
NIST 800-53 w/ DHS 4300A AC-
4
Information Flow
Enforcement
Information Flow
Enforcement (T)
Not Specified Not Entered Not Assigned AC-4.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A AC-
5
Separation of Duties
Separation of Duties (T) Not Specified Not Entered Not Assigned AC-5.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A AC-
6
Least Privilege
Least Privilege (T) Not Specified Not Entered Not Assigned AC-6.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A AC-
6 (1)
Least Privilege
Least Privilege (T) Not Specified Not Entered Not Assigned AC-6(1).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A AC-
6 (2)
Least Privilege
Least Privilege (T) Not Specified Not Entered Not Assigned AC-6(2).1 X X - - - Not Met None
NIST 800-53 w/ DHS
Least Privilege
Least Privilege (T)
Not Specified Not Entered Not Assigned AC-6(3).1 X X - - - Not Met None
CLASSIFICATION WAS NOT SELECTED2
CLASSIFICATION WAS NOT SELECTED
Control Ref.
Security Req./
Control
Security Category
ControlType
PlannedImp.
ActualImp.
Test#(s)
Methods TailoredResult Notes4300A AC-
6 (3)NIST 800-53 w/ DHS 4300A AC-
6 (5)
Least Privilege
Least Privilege (T) Not Specified Not Entered Not Assigned AC-6(5).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A AC-
6 (9)
Least Privilege
Least Privilege (T) Not Specified Not Entered Not Assigned AC-6(9).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A AC-
6 (10)
Least Privilege
Least Privilege (T) Not Specified Not Entered Not Assigned AC-
6(10).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A AC-
7
Unsuccessful Logon
Attempts
Unsuccessful Logon
Attempts (T)Not Specified Not Entered Not Assigned AC-7.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A AC-
8
System Use Notification
System Use Notification
(T)Not Specified Not Entered Not Assigned AC-8.1,
AC-8.2 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A AC-
8 (DHS-4.8.5.d)
System Use Notification
System Use Notification
(T)Not Specified Not Entered Not Assigned
AC-8(DHS-4.8.5.d)
- X X - - Not Met None
NIST 800-53 w/ DHS 4300A AC-
10
Concurrent Session Control
Concurrent Session
Control (T)Not Specified Not Entered Not Assigned AC-10.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A AC-
11
Session Lock Session Lock (T) Not Specified Not Entered Not Assigned AC-11.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A AC-
Session Lock Session Lock (T)
Not Specified Not Entered Not Assigned AC-11(1).1
X X - - - Not Met None
CLASSIFICATION WAS NOT SELECTED3
CLASSIFICATION WAS NOT SELECTED
Control Ref.
Security Req./
Control
Security Category
ControlType
PlannedImp.
ActualImp.
Test#(s)
Methods Tailored Result Notes11 (1)
NIST 800-53 w/ DHS 4300A AC-
12
Session Termination
Session Termination
(T)Not Specified Not Entered Not Assigned AC-12.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A AC-
14
Permitted Actions without
Identification or
Authentication
Permitted Actions without
Identification or
Authentication (T)
Not Specified Not Entered Not Assigned AC-14.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A AC-
17
Remote Access
Remote Access (T) Not Specified Not Entered Not Assigned AC-17.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A AC-
17 (1)
Remote Access
Remote Access (T) Not Specified Not Entered Not Assigned AC-
17(1).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A AC-
17 (2)
Remote Access
Remote Access (T) Not Specified Not Entered Not Assigned AC-
17(2).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A AC-
17 (3)
Remote Access
Remote Access (T) Not Specified Not Entered Not Assigned AC-
17(3).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A AC-
17 (4)
Remote Access
Remote Access (T) Not Specified Not Entered Not Assigned AC-
17(4).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A AC-17 (DHS-5.4.1.b)
Remote Access
Remote Access (T) Not Specified Not Entered Not Assigned
AC-17(DHS-5.4.1.b)
X X X - - Not Met None
NIST 800- Remote Remote Not Specified Not Entered Not Assigned AC- - X X - - Not Met None
CLASSIFICATION WAS NOT SELECTED4
CLASSIFICATION WAS NOT SELECTED
Control Ref.
Security Req./
Control
Security Category
ControlType
PlannedImp.
ActualImp.
Test#(s)
Methods Tailored
Result Notes53 w/ DHS 4300A AC-17 (DHS-5.4.1.c)
Access Access (T) 17(DHS-5.4.1.c)
NIST 800-53 w/ DHS 4300A AC-
18
Wireless Access
Wireless Access (T) Not Specified Not Entered Not Assigned AC-18.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A AC-
18 (1)
Wireless Access
Wireless Access (T) Not Specified Not Entered Not Assigned AC-
18(1).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A AC-
18 (4)
Wireless Access
Wireless Access (T) Not Specified Not Entered Not Assigned AC-
18(4).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A AC-
18 (5)
Wireless Access
Wireless Access (T) Not Specified Not Entered Not Assigned AC-
18(5).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A AC-
19
Access Control for
Mobile Devices
Access Control for
Mobile Devices (T)
Not Specified Not Entered Not Assigned AC-19.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A AC-
19 (5)
Access Control for
Mobile Devices
Access Control for
Mobile Devices (T)
Not Specified Not Entered Not Assigned AC-19(5).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A AC-
20
Use of External
Information Systems
Use of External
Information Systems (T)
Not Specified Not Entered Not Assigned AC-20.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A AC-
20 (1)
Use of External
Information Systems
Use of External
Information Systems (T)
Not Specified Not Entered Not Assigned AC-20(1).1 X X - - - Not Met None
NIST 800-53 w/ DHS
Use of External
Use of External
Not Specified Not Entered Not Assigned AC-20(2).1
X X - - - Not Met None
CLASSIFICATION WAS NOT SELECTED5
CLASSIFICATION WAS NOT SELECTED
Control Ref.
Security Req./
Control
Security Category
ControlType
PlannedImp.
ActualImp.
Test#(s)
Methods TailoredResult Notes4300A AC-
20 (2)Information
SystemsInformation Systems (T)
NIST 800-53 w/ DHS 4300A AC-
21
User-Based Collaboration
and Information
Sharing
Information Sharing (T) Not Specified Not Entered Not Assigned AC-21.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A AC-
22
Publicly Accessible
Content
Publicly Accessible Content (T)
Not Specified Not Entered Not Assigned AC-22.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A AT-
1
Security Awareness
and Training Policy and Procedures
Security Awareness
and Training Policy and Procedures
(O)
Not Specified Not Entered Not Assigned AT-1.1, AT-1.2 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A AT-
2
Security Awareness
Security Awareness
Training (O)Not Specified Not Entered Not Assigned AT-2.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A AT-
2 (2)
Security Awareness
Security Awareness
Training (O)Not Specified Not Entered Not Assigned
AT-2(2).1, AT-
2(2).1, AT-2(2).1
X X - - - Not Met None
NIST 800-53 w/ DHS 4300A AT-
3
Security Training
Role-Based Security
Training (O)Not Specified Not Entered Not Assigned AT-3.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A AT-
4
Security Training Records
Security Training
Records (O)Not Specified Not Entered Not Assigned AT-4.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A AU-
1
Audit and Accountability Policy and Procedures
Audit and Accountability Policy and Procedures
Not Specified Not Entered Not Assigned AU-1.1, AU-1.2
X X - - - Not Met None
CLASSIFICATION WAS NOT SELECTED6
CLASSIFICATION WAS NOT SELECTED
Control Ref.
Security Req./
Control
Security Category
ControlType
PlannedImp.
ActualImp.
Test#(s)
Methods Tailored Result Notes(T)
NIST 800-53 w/ DHS 4300A AU-
2
Audit Events Audit Events (T) Not Specified Not Entered Not Assigned AU-2.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A AU-
2 (3)
Auditable Events
Audit Events (T) Not Specified Not Entered Not Assigned AU-2(3).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A AU-
3
Content of Audit
Records
Content of Audit
Records (T)Not Specified Not Entered Not Assigned AU-3.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A AU-
3 (1)
Content of Audit
Records
Content of Audit
Records (T)Not Specified Not Entered Not Assigned AU-3(1).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A AU-
3 (2)
Content of Audit
Records
Content of Audit
Records (T)Not Specified Not Entered Not Assigned AU-3(2).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A AU-
4
Audit Storage Capacity
Audit Storage Capacity (T) Not Specified Not Entered Not Assigned AU-4.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A AU-
5
Response to Audit
Processing Failures
Response to Audit
Processing Failures (T)
Not Specified Not Entered Not Assigned AU-5.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A AU-
5 (1)
Response to Audit
Processing Failures
Response to Audit
Processing Failures (T)
Not Specified Not Entered Not Assigned AU-5(1).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A AU-
5 (2)
Response to Audit
Processing Failures
Response to Audit
Processing Failures (T)
Not Specified Not Entered Not Assigned AU-5(2).1 X X - - - Not Met None
NIST 800- Audit Audit Not Specified Not Entered Not Assigned AU-6.1, X X - - - Not Met None
CLASSIFICATION WAS NOT SELECTED7
CLASSIFICATION WAS NOT SELECTED
Control Ref.
Security Req./
Control
Security Category
ControlType
PlannedImp.
ActualImp.
Test#(s)
Methods Tailored
Result Notes53 w/ DHS 4300A AU-
6
Review, Analysis, and
Reporting
Review, Analysis, and Reporting (T)
AU-6.2
NIST 800-53 w/ DHS 4300A AU-
6 (1)
Audit Review,
Analysis, and Reporting
Audit Review,
Analysis, and Reporting (T)
Not Specified Not Entered Not Assigned AU-6(1).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A AU-
6 (3)
Audit Review,
Analysis, and Reporting
Audit Review,
Analysis, and Reporting (T)
Not Specified Not Entered Not Assigned AU-6(3).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A AU-
6 (5)
Audit Review,
Analysis, and Reporting
Audit Review,
Analysis, and Reporting (T)
Not Specified Not Entered Not Assigned AU-6(5).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A AU-
6 (6)
Audit Review,
Analysis, and Reporting
Audit Review,
Analysis, and Reporting (T)
Not Specified Not Entered Not Assigned AU-6(6).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A AU-
6 (DHS-5.3.b)
Audit Review,
Analysis, and Reporting
Audit Review,
Analysis, and Reporting (T)
Not Specified Not Entered Not AssignedAU-
6(DHS-5.3.b)
X X X - - Not Met None
NIST 800-53 w/ DHS 4300A AU-
6 (DHS-5.4.6.f)
Audit Review,
Analysis, and Reporting
Audit Review,
Analysis, and Reporting (T)
Not Specified Not Entered Not AssignedAU-
6(DHS-5.4.6.f)
X X X - - Not Met None
NIST 800-53 w/ DHS 4300A AU-
7
Audit Reduction and Report Generation
Audit Reduction and Report Generation
(T)
Not Specified Not Entered Not Assigned AU-7.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A AU-
7 (1)
Audit Reduction and Report Generation
Audit Reduction and Report Generation
Not Specified Not Entered Not Assigned AU-7(1).1 X X - - - Not Met None
CLASSIFICATION WAS NOT SELECTED8
CLASSIFICATION WAS NOT SELECTED
Control Ref.
Security Req./
Control
Security Category
ControlType
PlannedImp.
ActualImp.
Test#(s)
Methods Tailored Result Notes(T)
NIST 800-53 w/ DHS 4300A AU-
8
Time Stamps Time Stamps (T) Not Specified Not Entered Not Assigned AU-8.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A AU-
8 (1)
Time Stamps Time Stamps (T) Not Specified Not Entered Not Assigned AU-8(1).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A AU-
9
Protection of Audit
Information
Protection of Audit
Information (T)
Not Specified Not Entered Not Assigned AU-9.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A AU-
9 (2)
Protection of Audit
Information
Protection of Audit
Information (T)
Not Specified Not Entered Not Assigned AU-9(2).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A AU-
9 (3)
Protection of Audit
Information
Protection of Audit
Information (T)
Not Specified Not Entered Not Assigned AU-9(3).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A AU-
9 (4)
Protection of Audit
Information
Protection of Audit
Information (T)
Not Specified Not Entered Not Assigned AU-9(4).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A AU-
10
Non-repudiation
Non-repudiation
(T)Not Specified Not Entered Not Assigned AU-10.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A AU-
11
Audit Record Retention
Audit Record Retention (T) Not Specified Not Entered Not Assigned AU-11.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A AU-11 (DHS-
5.3.d)
Audit Record Retention
Audit Record Retention (T) Not Specified Not Entered Not Assigned
AU-11(DHS-
5.3.d)X X X - - Not Met None
CLASSIFICATION WAS NOT SELECTED9
CLASSIFICATION WAS NOT SELECTED
Control Ref.
Security Req./
Control
Security Category
ControlType
PlannedImp.
ActualImp.
Test#(s)
Methods Tailored
Result NotesNIST 800-53 w/ DHS 4300A AU-
12
Audit Generation
Audit Generation
(T)Not Specified Not Entered Not Assigned AU-12.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A AU-
12 (1)
Audit Generation
Audit Generation
(T)Not Specified Not Entered Not Assigned AU-
12(1).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A AU-
12 (3)
Audit Generation
Audit Generation
(T)Not Specified Not Entered Not Assigned AU-
12(3).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A CA-
1
Security Assessment
and Authorization Policies and Procedures
Security Assessment
and Authorization Policies and Procedures
(M)
Not Specified Not Entered Not Assigned CA-1.1, CA-1.2 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A CA-
1 (DHS-3.9.m)
Security Assessment
and Authorization Policies and Procedures
Security Assessment
and Authorization Policies and Procedures
(M)
Not Specified Not Entered Not AssignedCA-
1(DHS-3.9.m)
X X - - - Not Met None
NIST 800-53 w/ DHS 4300A CA-
1 (DHS-3.18.c)
Security Assessment
and Authorization Policies and Procedures
Security Assessment
and Authorization Policies and Procedures
(M)
Not Specified Not Entered Not AssignedCA-
1(DHS-3.18.c)
X X - - - Not Met None
NIST 800-53 w/ DHS 4300A CA-
1 (DHS-3.18.d)
Security Assessment
and Authorization Policies and
Security Assessment
and Authorization Policies and
Not Specified Not Entered Not Assigned CA-1(DHS-3.18.d)
X X - - - Not Met None
CLASSIFICATION WAS NOT SELECTED10
CLASSIFICATION WAS NOT SELECTED
Control Ref.
Security Req./
Control
Security Category
ControlType
PlannedImp.
ActualImp.
Test#(s)
Methods TailoredResult Notes
Procedures Procedures (M)
NIST 800-53 w/ DHS 4300A CA-
1 (DHS-3.18.e)
Security Assessment
and Authorization Policies and Procedures
Security Assessment
and Authorization Policies and Procedures
(M)
Not Specified Not Entered Not AssignedCA-
1(DHS-3.18.e)
X X - - - Not Met None
NIST 800-53 w/ DHS 4300A CA-
2
Security Assessments
Security Assessments
(M)Not Specified Not Entered Not Assigned CA-2.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A CA-
2 (1)
Security Assessments
Security Assessments
(M)Not Specified Not Entered Not Assigned CA-2(1).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A CA-
2 (2)
Security Assessments
Security Assessments
(M)Not Specified Not Entered Not Assigned
CA-2(2).1, CA-2.2
X X - - - Not Met None
NIST 800-53 w/ DHS 4300A CA-
2 (DHS-3.18.b)
Security Assessments
Security Assessments
(M)Not Specified Not Entered Not Assigned
CA-2(DHS-3.18.b)
X X - - - Not Met None
NIST 800-53 w/ DHS 4300A CA-
3
Information System
Connections
System Interconnecti
ons (M)Not Specified Not Entered Not Assigned CA-3.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A CA-
3 (5)
Information System
Connections
System Interconnecti
ons (M)Not Specified Not Entered Not Assigned CA-3(5).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A CA-
3 (DHS-
Information System
Connections
System Interconnecti
ons (M)
Not Specified Not Entered Not Assigned CA-3(DHS-5.4.3.b)
X X X - - Not Met None
CLASSIFICATION WAS NOT SELECTED11
CLASSIFICATION WAS NOT SELECTED
Control Ref.
Security Req./
Control
Security Category
ControlType
PlannedImp.
ActualImp.
Test#(s)
Methods Tailored Result Notes5.4.3.b)
NIST 800-53 w/ DHS 4300A CA-
3 (DHS-5.4.3.c)
Information System
Connections
System Interconnecti
ons (M)Not Specified Not Entered Not Assigned
CA-3(DHS-5.4.3.c)
X X X - - Not Met None
NIST 800-53 w/ DHS 4300A CA-
3 (DHS-5.4.3.d)
Information System
Connections
System Interconnecti
ons (M)Not Specified Not Entered Not Assigned
CA-3(DHS-5.4.3.d)
X X X - - Not Met None
NIST 800-53 w/ DHS 4300A CA-
3 (DHS-5.4.3.f)
Information System
Connections
System Interconnecti
ons (M)Not Specified Not Entered Not Assigned
CA-3(DHS-5.4.3.f)
X X X - - Not Met None
NIST 800-53 w/ DHS 4300A CA-
3 (DHS-5.4.3.m)
Information System
Connections
System Interconnecti
ons (M)Not Specified Not Entered Not Assigned
CA-3(DHS-5.4.3.m)
X X X - - Not Met None
NIST 800-53 w/ DHS 4300A CA-
3 (DHS-5.4.3.n)
Information System
Connections
System Interconnecti
ons (M)Not Specified Not Entered Not Assigned
CA-3(DHS-5.4.3.n)
X X X - - Not Met None
NIST 800-53 w/ DHS 4300A CA-
5
Plan of Action and Milestones
Plan of Action and Milestones
(M)
Not Specified Not Entered Not Assigned CA-5.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A CA-
5 (DHS-2.2.8.d)
Plan of Action and Milestones
Plan of Action and Milestones
(M)
Not Specified Not Entered Not AssignedCA-
5(DHS-2.2.8.d)
X X X - - Not Met None
NIST 800-53 w/ DHS 4300A CA-
Security Authorization
Security Authorization
(M)
Not Specified Not Entered Not Assigned CA-6.1 X X - - - Not Met None
CLASSIFICATION WAS NOT SELECTED12
CLASSIFICATION WAS NOT SELECTED
Control Ref.
Security Req./
Control
Security Category
ControlType
PlannedImp.
ActualImp.
Test#(s)
Methods Tailored Result Notes6
NIST 800-53 w/ DHS 4300A CA-
6 (DHS-3.9.h)
Security Authorization
Security Authorization
(M)Not Specified Not Entered Not Assigned
CA-6(DHS-3.9.h)
X X X - - Not Met None
NIST 800-53 w/ DHS 4300A CA-
7
Continuous Monitoring
Continuous Monitoring
(M)Not Specified Not Entered Not Assigned CA-7.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A CA-
7 (1)
Continuous Monitoring
Continuous Monitoring
(M)Not Specified Not Entered Not Assigned CA-7(1).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A CA-
7 (DHS-4.6.3.a)
Continuous Monitoring
Continuous Monitoring
(M)Not Specified Not Entered Not Assigned
CA-7(DHS-4.6.3.a)
X X - - - Not Met None
NIST 800-53 w/ DHS 4300A CA-
8
Penetration Testing
Penetration Testing (M) Not Specified Not Entered Not Assigned CA-8.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A CA-
9
Internal System
Connections
Internal System
Connections (M)
Not Specified Not Entered Not Assigned CA-9.1 X X - - - Not Met None
NIST 800-53 w/ DHS
4300A CM-1
Configuration Management Policy and Procedures
Configuration Management Policy and Procedures
(O)
Not Specified Not Entered Not Assigned CM-1.1, CM-1.2 X X - - - Not Met None
NIST 800-53 w/ DHS
4300A CM-2
Baseline Configuration
Baseline Configuration
(O)Not Specified Not Entered Not Assigned CM-2.1 X X - - - Not Met None
NIST 800-53 w/ DHS
Baseline Configuration
Baseline Configuration
Not Specified Not Entered Not Assigned CM-2(1).1 X X - - - Not Met None
CLASSIFICATION WAS NOT SELECTED13
CLASSIFICATION WAS NOT SELECTED
Control Ref.
Security Req./
Control
Security Category
ControlType
PlannedImp.
ActualImp.
Test#(s)
Methods TailoredResult Notes4300A
CM-2 (1) (O)
NIST 800-53 w/ DHS
4300A CM-2 (2)
Baseline Configuration
Baseline Configuration
(O)Not Specified Not Entered Not Assigned CM-2(2).1 X X - - - Not Met None
NIST 800-53 w/ DHS
4300A CM-2 (3)
Baseline Configuration
Baseline Configuration
(O)Not Specified Not Entered Not Assigned CM-2(3).1 X X - - - Not Met None
NIST 800-53 w/ DHS
4300A CM-2 (7)
Baseline Configuration
Baseline Configuration
(O)Not Specified Not Entered Not Assigned CM-2(7).1 X X - - - Not Met None
NIST 800-53 w/ DHS
4300A CM-2 (DHS-3.9.b)
Baseline Configuration
Baseline Configuration
(O)Not Specified Not Entered Not Assigned
CM-2(DHS-3.9.b)
- X X - - Not Met None
NIST 800-53 w/ DHS
4300A CM-2 (DHS-4.12.b)
Baseline Configuration
Baseline Configuration
(O)Not Specified Not Entered Not Assigned
CM-2(DHS-4.12.b)
X X X - - Not Met None
NIST 800-53 w/ DHS
4300A CM-3
Configuration Change Control
Configuration Change
Control (O)Not Specified Not Entered Not Assigned CM-3.1 X X - - - Not Met None
NIST 800-53 w/ DHS
4300A CM-3 (1)
Configuration Change Control
Configuration Change
Control (O)Not Specified Not Entered Not Assigned CM-3(1).1 X X - - - Not Met None
NIST 800-53 w/ DHS
4300A CM-3 (2)
Configuration Change Control
Configuration Change
Control (O)Not Specified Not Entered Not Assigned CM-3(2).1 X X - - - Not Met None
CLASSIFICATION WAS NOT SELECTED14
CLASSIFICATION WAS NOT SELECTED
Control Ref.
Security Req./
Control
Security Category
ControlType
PlannedImp.
ActualImp.
Test#(s)
Methods Tailored
Result Notes
NIST 800-53 w/ DHS
4300A CM-3 (DHS-2.1.8.g)
Configuration Change Control
Configuration Change
Control (O)Not Specified Not Entered Not Assigned
CM-3(DHS-2.1.8.g)
X X - - - Not Met None
NIST 800-53 w/ DHS
4300A CM-3 (DHS-5.4.3.l)
Configuration Change Control
Configuration Change
Control (O)Not Specified Not Entered Not Assigned
CM-3(DHS-5.4.3.l)
X X X - - Not Met None
NIST 800-53 w/ DHS
4300A CM-4
Security Impact
Analysis
Security Impact
Analysis (O)Not Specified Not Entered Not Assigned CM-4.1 X X - - - Not Met None
NIST 800-53 w/ DHS
4300A CM-4 (1)
Security Impact
Analysis
Security Impact
Analysis (O)Not Specified Not Entered Not Assigned CM-4(1).1 X X - - - Not Met None
NIST 800-53 w/ DHS
4300A CM-5
Access Restrictions for Change
Access Restrictions for Change
(O)
Not Specified Not Entered Not Assigned CM-5.1 X X - - - Not Met None
NIST 800-53 w/ DHS
4300A CM-5 (1)
Access Restrictions for Change
Access Restrictions for Change
(O)
Not Specified Not Entered Not Assigned CM-5(1).1 X X - - - Not Met None
NIST 800-53 w/ DHS
4300A CM-5 (2)
Access Restrictions for Change
Access Restrictions for Change
(O)
Not Specified Not Entered Not Assigned CM-5(2).1 X X - - - Not Met None
NIST 800-53 w/ DHS
4300A CM-5 (3)
Access Restrictions for Change
Access Restrictions for Change
(O)
Not Specified Not Entered Not Assigned CM-5(3).1 X X - - - Not Met None
NIST 800-53 w/ DHS
Configuration Settings
Configuration Settings (O)
Not Specified Not Entered Not Assigned CM-6.1 X X - - - Not Met None
CLASSIFICATION WAS NOT SELECTED15
CLASSIFICATION WAS NOT SELECTED
Control Ref.
Security Req./
Control
Security Category
ControlType
PlannedImp.
ActualImp.
Test#(s)
Methods TailoredResult Notes4300A
CM-6NIST 800-53 w/ DHS
4300A CM-6 (1)
Configuration Settings
Configuration Settings (O) Not Specified Not Entered Not Assigned CM-6(1).1 X X - - - Not Met None
NIST 800-53 w/ DHS
4300A CM-6 (2)
Configuration Settings
Configuration Settings (O) Not Specified Not Entered Not Assigned CM-6(2).1 X X - - - Not Met None
NIST 800-53 w/ DHS
4300A CM-6 (DHS-3.7.e)
Configuration Settings
Configuration Settings (O) Not Specified Not Entered Not Assigned
CM-6(DHS-3.7.e)
X X X - - Not Met None
NIST 800-53 w/ DHS
4300A CM-6 (DHS-3.7.f)
Configuration Settings
Configuration Settings (O) Not Specified Not Entered Not Assigned
CM-6(DHS-3.7.f)
X X X - - Not Met None
NIST 800-53 w/ DHS
4300A CM-6 (DHS-3.7.g)
Configuration Settings
Configuration Settings (O) Not Specified Not Entered Not Assigned
CM-6(DHS-3.7.g)
X X X - - Not Met None
NIST 800-53 w/ DHS
4300A CM-6 (DHS-4.5.2.b)
Configuration Settings
Configuration Settings (O) Not Specified Not Entered Not Assigned
CM-6(DHS-4.5.2.b)
X X X - - Not Met None
NIST 800-53 w/ DHS
4300A CM-6
Configuration Settings
Configuration Settings (O)
Not Specified Not Entered Not Assigned CM-6(DHS-4.8.4.a)
X X X - - Not Met None
CLASSIFICATION WAS NOT SELECTED16
CLASSIFICATION WAS NOT SELECTED
Control Ref.
Security Req./
Control
Security Category
ControlType
PlannedImp.
ActualImp.
Test#(s)
Methods TailoredResult Notes(DHS-
4.8.4.a)NIST 800-53 w/ DHS
4300A CM-6 (DHS-4.12.f)
Configuration Settings
Configuration Settings (O) Not Specified Not Entered Not Assigned
CM-6(DHS-4.12.f)
X X X - - Not Met None
NIST 800-53 w/ DHS
4300A CM-6 (DHS-4.12.j)
Configuration Settings
Configuration Settings (O) Not Specified Not Entered Not Assigned
CM-6(DHS-4.12.j)
X X X - - Not Met None
NIST 800-53 w/ DHS
4300A CM-6 (DHS-5.4.5.d)
Configuration Settings
Configuration Settings (O) Not Specified Not Entered Not Assigned
CM-6(DHS-5.4.5.d)
X X X - - Not Met None
NIST 800-53 w/ DHS
4300A CM-6 (DHS-5.4.5.e)
Configuration Settings
Configuration Settings (O) Not Specified Not Entered Not Assigned
CM-6(DHS-5.4.5.e)
X X X - - Not Met None
NIST 800-53 w/ DHS
4300A CM-7
Least Functionality
Least Functionality
(O)Not Specified Not Entered Not Assigned CM-7.1 X X - - - Not Met None
NIST 800-53 w/ DHS
4300A CM-7 (1)
Least Functionality
Least Functionality
(O)Not Specified Not Entered Not Assigned CM-7(1).1 X X - - - Not Met None
NIST 800-53 w/ DHS
4300A CM-7 (2)
Least Functionality
Least Functionality
(O)Not Specified Not Entered Not Assigned CM-7(2).1 X X - - - Not Met None
CLASSIFICATION WAS NOT SELECTED17
CLASSIFICATION WAS NOT SELECTED
Control Ref.
Security Req./
Control
Security Category
ControlType
PlannedImp.
ActualImp.
Test#(s)
Methods Tailored
Result NotesNIST 800-53 w/ DHS
4300A CM-7 (5)
Least Functionality
Least Functionality
(O)Not Specified Not Entered Not Assigned CM-7(5).1 X X - - - Not Met None
NIST 800-53 w/ DHS
4300A CM-7 (DHS-4.8.6.a)
Least Functionality
Least Functionality
(O)Not Specified Not Entered Not Assigned
CM-7(DHS-4.8.6.a)
- X X - - Not Met None
NIST 800-53 w/ DHS
4300A CM-7 (DHS-5.4.5.f)
Least Functionality
Least Functionality
(O)Not Specified Not Entered Not Assigned
CM-7(DHS-5.4.5.f)
X X X - - Not Met None
NIST 800-53 w/ DHS
4300A CM-8
Information System
Component Inventory
Information System
Component Inventory (O)
Not Specified Not Entered Not Assigned CM-8.1 X X - - - Not Met None
NIST 800-53 w/ DHS
4300A CM-8 (1)
Information System
Component Inventory
Information System
Component Inventory (O)
Not Specified Not Entered Not Assigned CM-8(1).1 X X - - - Not Met None
NIST 800-53 w/ DHS
4300A CM-8 (2)
Information System
Component Inventory
Information System
Component Inventory (O)
Not Specified Not Entered Not Assigned CM-8(2).1 X X - - - Not Met None
NIST 800-53 w/ DHS
4300A CM-8 (3)
Information System
Component Inventory
Information System
Component Inventory (O)
Not Specified Not Entered Not Assigned CM-8(3).1 X X - - - Not Met None
NIST 800-53 w/ DHS
4300A CM-8 (4)
Information System
Component Inventory
Information System
Component Inventory (O)
Not Specified Not Entered Not Assigned CM-8(4).1 X X - - - Not Met None
NIST 800-53 w/ DHS
Information System
Information System
Not Specified Not Entered Not Assigned CM-8(5).1 X X - - - Not Met None
CLASSIFICATION WAS NOT SELECTED18
CLASSIFICATION WAS NOT SELECTED
Control Ref.
Security Req./
Control
Security Category
ControlType
PlannedImp.
ActualImp.
Test#(s)
Methods TailoredResult Notes4300A
CM-8 (5)Component Inventory
Component Inventory (O)
NIST 800-53 w/ DHS
4300A CM-9
Configuration Management
Plan
Configuration Management
Plan (O)Not Specified Not Entered Not Assigned CM-9.1 X X - - - Not Met None
NIST 800-53 w/ DHS
4300A CM-10
Software Usage
Restrictions
SW Usage Restrictions
(O)Not Specified Not Entered Not Assigned CM-10.1 X X - - - Not Met None
NIST 800-53 w/ DHS
4300A CM-11
User-Installed Software
User-Installed SW (O) Not Specified Not Entered Not Assigned CM-11.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A CP-
1
Contingency Planning
Policy and Procedures
Contingency Planning
Policy and Procedures
(O)
Not Specified Not Entered Not Assigned CP-1.1, CP-1.2 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A CP-
1 (DHS-3.5.1.a)
Contingency Planning
Policy and Procedures
Contingency Planning
Policy and Procedures
(O)
Not Specified Not Entered Not AssignedCP-
1(DHS-3.5.1.a)
X X X - - Not Met None
NIST 800-53 w/ DHS 4300A CP-
1 (DHS-3.5.2.d)
Contingency Planning
Policy and Procedures
Contingency Planning
Policy and Procedures
(O)
Not Specified Not Entered Not AssignedCP-
1(DHS-3.5.2.d)
X X X - - Not Met None
NIST 800-53 w/ DHS 4300A CP-
2
Contingency Plan
Contingency Plan (O) Not Specified Not Entered Not Assigned CP-2.1,
CP-2.2 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A CP-
2 (1)
Contingency Plan
Contingency Plan (O) Not Specified Not Entered Not Assigned CP-2(1).1 X X - - - Not Met None
NIST 800- Contingency Contingency Not Specified Not Entered Not Assigned CP-2(2).1 X X - - - Not Met None
CLASSIFICATION WAS NOT SELECTED19
CLASSIFICATION WAS NOT SELECTED
Control Ref.
Security Req./
Control
Security Category
ControlType
PlannedImp.
ActualImp.
Test#(s)
Methods Tailored
Result Notes53 w/ DHS 4300A CP-
2 (2)Plan Plan (O)
NIST 800-53 w/ DHS 4300A CP-
2 (3)
Contingency Plan
Contingency Plan (O) Not Specified Not Entered Not Assigned CP-2(3).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A CP-
2 (4)
Contingency Plan
Contingency Plan (O) Not Specified Not Entered Not Assigned CP-2(4).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A CP-
2 (5)
Contingency Plan
Contingency Plan (O) Not Specified Not Entered Not Assigned CP-2(5).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A CP-
2 (8)
Contingency Plan
Contingency Plan (O) Not Specified Not Entered Not Assigned CP-2(8).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A CP-
2 (DHS-3.5.2.e)
Contingency Plan
Contingency Plan (O) Not Specified Not Entered Not Assigned
CP-2(DHS-3.5.2.e)
X X X - - Not Met None
NIST 800-53 w/ DHS 4300A CP-
3
Contingency Training
Contingency Training (O) Not Specified Not Entered Not Assigned CP-3.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A CP-
3 (1)
Contingency Training
Contingency Training (O) Not Specified Not Entered Not Assigned CP-3(1).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A CP-
4
Contingency Plan Testing and Exercises
Contingency Plan Testing
(O)Not Specified Not Entered Not Assigned CP-4.1 X X - - - Not Met None
NIST 800-53 w/ DHS
Contingency Plan Testing
Contingency Plan Testing
Not Specified Not Entered Not Assigned CP-4(1).1 X X - - - Not Met None
CLASSIFICATION WAS NOT SELECTED20
CLASSIFICATION WAS NOT SELECTED
Control Ref.
Security Req./
Control
Security Category
ControlType
PlannedImp.
ActualImp.
Test#(s)
Methods TailoredResult Notes4300A CP-
4 (1) and Exercises (O)
NIST 800-53 w/ DHS 4300A CP-
4 (2)
Contingency Plan Testing and Exercises
Contingency Plan Testing
(O)Not Specified Not Entered Not Assigned CP-4(2).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A CP-
4 (DHS-3.5.2.f)
Contingency Plan Testing and Exercises
Contingency Plan Testing
(O)Not Specified Not Entered Not Assigned
CP-4(DHS-3.5.2.f)
X X X - - Not Met None
NIST 800-53 w/ DHS 4300A CP-
6
Alternate Storage Site
Alternate Storage Site
(O)Not Specified Not Entered Not Assigned CP-6.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A CP-
6 (1)
Alternate Storage Site
Alternate Storage Site
(O)Not Specified Not Entered Not Assigned CP-6(1).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A CP-
6 (2)
Alternate Storage Site
Alternate Storage Site
(O)Not Specified Not Entered Not Assigned CP-6(2).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A CP-
6 (3)
Alternate Storage Site
Alternate Storage Site
(O)Not Specified Not Entered Not Assigned CP-6(3).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A CP-
7
Alternate Processing
Site
Alternate Processing
Site (O)Not Specified Not Entered Not Assigned CP-7.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A CP-
7 (1)
Alternate Processing
Site
Alternate Processing
Site (O)Not Specified Not Entered Not Assigned CP-7(1).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A CP-
Alternate Processing
Site
Alternate Processing
Site (O)
Not Specified Not Entered Not Assigned CP-7(2).1 X X - - - Not Met None
CLASSIFICATION WAS NOT SELECTED21
CLASSIFICATION WAS NOT SELECTED
Control Ref.
Security Req./
Control
Security Category
ControlType
PlannedImp.
ActualImp.
Test#(s)
Methods Tailored Result Notes7 (2)
NIST 800-53 w/ DHS 4300A CP-
7 (3)
Alternate Processing
Site
Alternate Processing
Site (O)Not Specified Not Entered Not Assigned CP-7(3).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A CP-
7 (4)
Alternate Processing
Site
Alternate Processing
Site (O)Not Specified Not Entered Not Assigned CP-7(4).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A CP-
8
Telecommunications
Services
Telecommunications
Services (O)Not Specified Not Entered Not Assigned CP-8.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A CP-
8 (1)
Telecommunications
Services
Telecommunications
Services (O)Not Specified Not Entered Not Assigned CP-8(1).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A CP-
8 (2)
Telecommunications
Services
Telecommunications
Services (O)Not Specified Not Entered Not Assigned CP-8(2).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A CP-
8 (3)
Telecommunications
Services
Telecommunications
Services (O)Not Specified Not Entered Not Assigned CP-8(3).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A CP-
8 (4)
Telecommunications
Services
Telecommunications
Services (O)Not Specified Not Entered Not Assigned CP-8(4).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A CP-
9
Information System Backup
Information System
Backup (O)Not Specified Not Entered Not Assigned CP-9.1,
CP-9.2 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A CP-
9 (1)
Information System Backup
Information System
Backup (O)Not Specified Not Entered Not Assigned CP-9(1).1 X X - - - Not Met None
NIST 800- Information Information Not Specified Not Entered Not Assigned CP-9(2).1 X X - - - Not Met None
CLASSIFICATION WAS NOT SELECTED22
CLASSIFICATION WAS NOT SELECTED
Control Ref.
Security Req./
Control
Security Category
ControlType
PlannedImp.
ActualImp.
Test#(s)
Methods Tailored
Result Notes53 w/ DHS 4300A CP-
9 (2)
System Backup
System Backup (O)
NIST 800-53 w/ DHS 4300A CP-
9 (3)
Information System Backup
Information System
Backup (O)Not Specified Not Entered Not Assigned CP-9(3).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A CP-
9 (5)
Information System Backup
Information System
Backup (O)Not Specified Not Entered Not Assigned CP-9(5).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A CP-
10
Information System
Recovery and Reconstitutio
n
Information System
Recovery and Reconstitutio
n (O)
Not Specified Not Entered Not Assigned CP-10.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A CP-
10 (2)
Information System
Recovery and Reconstitutio
n
Information System
Recovery and Reconstitutio
n (O)
Not Specified Not Entered Not Assigned CP-10(2).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A CP-
10 (4)
Information System
Recovery and Reconstitutio
n
Information System
Recovery and Reconstitutio
n (O)
Not Specified Not Entered Not Assigned CP-10(4).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A IA-
1
Identification and
Authentication Policy and Procedures
Identification and
Authentication Policy and Procedures
(T)
Not Specified Not Entered Not Assigned IA-1.1, IA-1.2 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A IA-1 (DHS-
1.6.d)
Identification and
Authentication Policy and Procedures
Identification and
Authentication Policy and Procedures
(T)
Not Specified Not Entered Not AssignedIA-
1(DHS-1.6.d)
X X X - - Not Met None
CLASSIFICATION WAS NOT SELECTED23
CLASSIFICATION WAS NOT SELECTED
Control Ref.
Security Req./
Control
Security Category
ControlType
PlannedImp.
ActualImp.
Test#(s)
Methods Tailored
Result NotesNIST 800-53 w/ DHS 4300A IA-1 (DHS-3.14.7.a)
Identification and
Authentication Policy and Procedures
Identification and
Authentication Policy and Procedures
(T)
Not Specified Not Entered Not AssignedIA-
1(DHS-3.14.7.a)
X X X - - Not Met None
NIST 800-53 w/ DHS 4300A IA-1 (DHS-3.14.7.c)
Identification and
Authentication Policy and Procedures
Identification and
Authentication Policy and Procedures
(T)
Not Specified Not Entered Not AssignedIA-
1(DHS-3.14.7.c)
X X X - - Not Met None
NIST 800-53 w/ DHS 4300A IA-1 (DHS-3.14.7.f)
Identification and
Authentication Policy and Procedures
Identification and
Authentication Policy and Procedures
(T)
Not Specified Not Entered Not AssignedIA-
1(DHS-3.14.7.f)
X X X - - Not Met None
NIST 800-53 w/ DHS 4300A IA-
2
Identification and
Authentication
(Organizational Users)
Identification and
Authentication
(Organizational Users) (T)
Not Specified Not Entered Not Assigned IA-2.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A IA-
2 (1)
Identification and
Authentication
(Organizational Users)
Identification and
Authentication
(Organizational Users) (T)
Not Specified Not Entered Not Assigned IA-2(1).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A IA-
2 (2)
Identification and
Authentication
(Organizational Users)
Identification and
Authentication
(Organizational Users) (T)
Not Specified Not Entered Not Assigned IA-2(2).1 X X - - - Not Met None
NIST 800-53 w/ DHS
Identification and
Identification and
Not Specified Not Entered Not Assigned IA-2(3).1 X X - - - Not Met None
CLASSIFICATION WAS NOT SELECTED24
CLASSIFICATION WAS NOT SELECTED
Control Ref.
Security Req./
Control
Security Category
ControlType
PlannedImp.
ActualImp.
Test#(s)
Methods Tailored
Result Notes4300A IA-2 (3)
Authentication
(Organizational Users)
Authentication
(Organizational Users) (T)
NIST 800-53 w/ DHS 4300A IA-
2 (4)
Identification and
Authentication
(Organizational Users)
Identification and
Authentication
(Organizational Users) (T)
Not Specified Not Entered Not Assigned IA-2(4).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A IA-
2 (8)
Identification and
Authentication
(Organizational Users)
Identification and
Authentication
(Organizational Users) (T)
Not Specified Not Entered Not Assigned IA-2(8).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A IA-
2 (9)
Identification and
Authentication
(Organizational Users)
Identification and
Authentication
(Organizational Users) (T)
Not Specified Not Entered Not Assigned IA-2(9).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A IA-
2 (11)
Identification and
Authentication
(Organizational Users)
Identification and
Authentication
(Organizational Users) (T)
Not Specified Not Entered Not Assigned IA-2(11).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A IA-
2 (12)
Identification and
Authentication
(Organizational Users)
Identification and
Authentication
(Organizational Users) (T)
Not Specified Not Entered Not Assigned IA-2(12).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A IA-2 (DHS-
Identification and
Authentication
Identification and
Authentication
Not Specified Not Entered Not Assigned IA-2(DHS-5.1.d)
X X - - - Not Met None
CLASSIFICATION WAS NOT SELECTED25
CLASSIFICATION WAS NOT SELECTED
Control Ref.
Security Req./
Control
Security Category
ControlType
PlannedImp.
ActualImp.
Test#(s)
Methods TailoredResult Notes
5.1.d) (Organizational Users)
(Organizational Users) (T)
NIST 800-53 w/ DHS 4300A IA-
3
Device Identification
and Authenticatio
n
Device Identification
and Authenticatio
n (T)
Not Specified Not Entered Not Assigned IA-3.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A IA-
4
Identifier Management
Identifier Management
(T)Not Specified Not Entered Not Assigned IA-4.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A IA-
5
Authenticator Management
Authenticator Management
(T)Not Specified Not Entered Not Assigned IA-5.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A IA-
5 (1)
Authenticator Management
Authenticator Management
(T)Not Specified Not Entered Not Assigned IA-5(1).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A IA-
5 (2)
Authenticator Management
Authenticator Management
(T)Not Specified Not Entered Not Assigned IA-5(2).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A IA-
5 (3)
Authenticator Management
Authenticator Management
(T)Not Specified Not Entered Not Assigned IA-5(3).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A IA-
5 (11)
Authenticator Management
Authenticator Management
(T)Not Specified Not Entered Not Assigned IA-5(11).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A IA-5 (DHS-
5.1.e)
Authenticator Management
Authenticator Management
(T)Not Specified Not Entered Not Assigned
IA-5(DHS-5.1.e)
X X - - - Not Met None
NIST 800-53 w/ DHS
Authenticator Feedback
Authenticator Feedback (T)
Not Specified Not Entered Not Assigned IA-6.1 X X - - - Not Met None
CLASSIFICATION WAS NOT SELECTED26
CLASSIFICATION WAS NOT SELECTED
Control Ref.
Security Req./
Control
Security Category
ControlType
PlannedImp.
ActualImp.
Test#(s)
Methods TailoredResult Notes4300A IA-
6NIST 800-53 w/ DHS 4300A IA-
7
Cryptographic Module
Authentication
Cryptographic Module
Authentication (T)
Not Specified Not Entered Not Assigned IA-7.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A IA-
8
Identification and
Authentication (Non-
Organizational Users)
Identification and
Authentication (Non-
Organizational Users) (T)
Not Specified Not Entered Not Assigned IA-8.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A IA-
8 (1)
Identification and
Authentication (Non-
Organizational Users)
Identification and
Authentication (Non-
Organizational Users) (T)
Not Specified Not Entered Not Assigned IA-8(1).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A IA-
8 (2)
Identification and
Authentication (Non-
Organizational Users)
Identification and
Authentication (Non-
Organizational Users) (T)
Not Specified Not Entered Not Assigned IA-8(2).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A IA-
8 (3)
Identification and
Authentication (Non-
Organizational Users)
Identification and
Authentication (Non-
Organizational Users) (T)
Not Specified Not Entered Not Assigned IA-8(3).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A IA-
8 (4)
Identification and
Authentication (Non-
Organizational Users)
Identification and
Authentication (Non-
Organizational Users) (T)
Not Specified Not Entered Not Assigned IA-8(4).1 X X - - - Not Met None
NIST 800-53 w/ DHS
Identification and
Identification and
Not Specified Not Entered Not Assigned IA-8(DHS-
X X X - - Not Met None
CLASSIFICATION WAS NOT SELECTED27
CLASSIFICATION WAS NOT SELECTED
Control Ref.
Security Req./
Control
Security Category
ControlType
PlannedImp.
ActualImp.
Test#(s)
Methods Tailored
Result Notes4300A IA-8 (DHS-1.5.4.c)
Authentication (Non-
Organizational Users)
Authentication (Non-
Organizational Users) (T)
1.5.4.c)
NIST 800-53 w/ DHS 4300A IR-
1
Incident Response Policy and Procedures
Incident Response Policy and Procedures
(O)
Not Specified Not Entered Not Assigned IR-1.1, IR-1.2 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A IR-
2
Incident Response Training
Incident Response
Training (O)Not Specified Not Entered Not Assigned IR-2.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A IR-
2 (1)
Incident Response Training
Incident Response
Training (O)Not Specified Not Entered Not Assigned IR-2(1).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A IR-
2 (2)
Incident Response Training
Incident Response
Training (O)Not Specified Not Entered Not Assigned IR-2(2).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A IR-
3
Incident Response
Testing and Exercises
Incident Response
Testing (O)Not Specified Not Entered Not Assigned IR-3.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A IR-
3 (2)
Incident Response
Testing and Exercises
Incident Response
Testing (O)Not Specified Not Entered Not Assigned IR-3(2).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A IR-
4
Incident Handling
Incident Handling (O) Not Specified Not Entered Not Assigned IR-4.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A IR-
4 (1)
Incident Handling
Incident Handling (O) Not Specified Not Entered Not Assigned IR-4(1).1 X X - - - Not Met None
NIST 800- Incident Incident Not Specified Not Entered Not Assigned IR-4(4).1 X X - - - Not Met None
CLASSIFICATION WAS NOT SELECTED28
CLASSIFICATION WAS NOT SELECTED
Control Ref.
Security Req./
Control
Security Category
ControlType
PlannedImp.
ActualImp.
Test#(s)
Methods Tailored
Result Notes53 w/ DHS 4300A IR-
4 (4)Handling Handling (O)
NIST 800-53 w/ DHS 4300A IR-
5
Incident Monitoring
Incident Monitoring
(O)Not Specified Not Entered Not Assigned IR-5.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A IR-
5 (1)
Incident Monitoring
Incident Monitoring
(O)Not Specified Not Entered Not Assigned IR-5(1).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A IR-
6
Incident Reporting
Incident Reporting (O) Not Specified Not Entered Not Assigned IR-6.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A IR-
6 (1)
Incident Reporting
Incident Reporting (O) Not Specified Not Entered Not Assigned IR-6(1).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A IR-
7
Incident Response Assistance
Incident Response Assistance
(O)
Not Specified Not Entered Not Assigned IR-7.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A IR-
7 (1)
Incident Response Assistance
Incident Response Assistance
(O)
Not Specified Not Entered Not Assigned IR-7(1).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A IR-
8
Incident Response
Plan
Incident Response Plan (O)
Not Specified Not Entered Not Assigned IR-8.1, IR-8.2 X X - - - Not Met None
NIST 800-53 w/ DHS
4300A MA-1
System Maintenance Policy and Procedures
System Maintenance Policy and Procedures
(O)
Not Specified Not Entered Not Assigned MA-1.1, MA-1.2 X X - - - Not Met None
NIST 800-53 w/ DHS
Controlled Maintenance
Controlled Maintenance
Not Specified Not Entered Not Assigned MA-2.1 X X - - - Not Met None
CLASSIFICATION WAS NOT SELECTED29
CLASSIFICATION WAS NOT SELECTED
Control Ref.
Security Req./
Control
Security Category
ControlType
PlannedImp.
ActualImp.
Test#(s)
Methods TailoredResult Notes4300A
MA-2 (O)
NIST 800-53 w/ DHS
4300A MA-2 (2)
Controlled Maintenance
Controlled Maintenance
(O)Not Specified Not Entered Not Assigned MA-
2(2).1 X X - - - Not Met None
NIST 800-53 w/ DHS
4300A MA-3
Maintenance Tools
Maintenance Tools (O) Not Specified Not Entered Not Assigned MA-3.1 X X - - - Not Met None
NIST 800-53 w/ DHS
4300A MA-3 (1)
Maintenance Tools
Maintenance Tools (O) Not Specified Not Entered Not Assigned MA-
3(1).1 X X - - - Not Met None
NIST 800-53 w/ DHS
4300A MA-3 (2)
Maintenance Tools
Maintenance Tools (O) Not Specified Not Entered Not Assigned MA-
3(2).1 X X - - - Not Met None
NIST 800-53 w/ DHS
4300A MA-3 (3)
Maintenance Tools
Maintenance Tools (O) Not Specified Not Entered Not Assigned MA-
3(3).1 X X - - - Not Met None
NIST 800-53 w/ DHS
4300A MA-4
Non-Local Maintenance
Nonlocal Maintenance
(O)Not Specified Not Entered Not Assigned MA-4.1 X X - - - Not Met None
NIST 800-53 w/ DHS
4300A MA-4 (2)
Non-Local Maintenance
Nonlocal Maintenance
(O)Not Specified Not Entered Not Assigned MA-
4(2).1 X X - - - Not Met None
NIST 800-53 w/ DHS
4300A MA-4 (3)
Non-Local Maintenance
Nonlocal Maintenance
(O)Not Specified Not Entered Not Assigned MA-
4(3).1 X X - - - Not Met None
NIST 800-53 w/ DHS
4300A MA-4
Non-Local Maintenance
Nonlocal Maintenance
(O)
Not Specified Not Entered Not Assigned MA-4(DHS-5.4.4.c)
X X X - - Not Met None
CLASSIFICATION WAS NOT SELECTED30
CLASSIFICATION WAS NOT SELECTED
Control Ref.
Security Req./
Control
Security Category
ControlType
PlannedImp.
ActualImp.
Test#(s)
Methods TailoredResult Notes(DHS-
5.4.4.c)NIST 800-53 w/ DHS
4300A MA-5
Maintenance Personnel
Maintenance Personnel (O) Not Specified Not Entered Not Assigned MA-5.1 X X - - - Not Met None
NIST 800-53 w/ DHS
4300A MA-5 (1)
Maintenance Personnel
Maintenance Personnel (O) Not Specified Not Entered Not Assigned MA-
5(1).1 X X - - - Not Met None
NIST 800-53 w/ DHS
4300A MA-6
Timely Maintenance
Timely Maintenance
(O)Not Specified Not Entered Not Assigned MA-6.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A MP-
1
Media Protection Policy and Procedures
Media Protection Policy and Procedures
(O)
Not Specified Not Entered Not Assigned MP-1.1, MP-1.2 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A MP-
1 (DHS-3.14.5.b)
Media Protection Policy and Procedures
Media Protection Policy and Procedures
(O)
Not Specified Not Entered Not AssignedMP-
1(DHS-3.14.5.b)
X X - - - Not Met None
NIST 800-53 w/ DHS 4300A MP-
1 (DHS-4.3.1.g)
Media Protection Policy and Procedures
Media Protection Policy and Procedures
(O)
Not Specified Not Entered Not AssignedMP-
1(DHS-4.3.1.g)
X X - - - Not Met None
NIST 800-53 w/ DHS 4300A MP-
1 (DHS-5.4.1.d)
Media Protection Policy and Procedures
Media Protection Policy and Procedures
(O)
Not Specified Not Entered Not AssignedMP-
1(DHS-5.4.1.d)
X X - - - Not Met None
NIST 800-53 w/ DHS 4300A MP-
1 (DHS-
Media Protection Policy and Procedures
Media Protection Policy and Procedures
Not Specified Not Entered Not Assigned MP-1(DHS-5.6.c)
X X - - - Not Met None
CLASSIFICATION WAS NOT SELECTED31
CLASSIFICATION WAS NOT SELECTED
Control Ref.
Security Req./
Control
Security Category
ControlType
PlannedImp.
ActualImp.
Test#(s)
Methods Tailored Result Notes5.6.c) (O)
NIST 800-53 w/ DHS 4300A MP-
2
Media Access Media Access (O) Not Specified Not Entered Not Assigned MP-2.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A MP-
3
Media Marking
Media Marking (O) Not Specified Not Entered Not Assigned MP-3.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A MP-
4
Media Storage
Media Storage (O) Not Specified Not Entered Not Assigned MP-4.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A MP-
4 (DHS-3.14.5.f)
Media Storage
Media Protection Policy and Procedures
(O)
Not Specified Not Entered Not AssignedMP-
4(DHS-3.14.5.f)
X X - - - Not Met None
NIST 800-53 w/ DHS 4300A MP-
5
Media Transport
Media Transport (O) Not Specified Not Entered Not Assigned MP-5.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A MP-
5 (4)
Media Transport
Media Transport (O) Not Specified Not Entered Not Assigned MP-5(4).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A MP-
5 (DHS-4.11.f)
Media Transport
Media Transport (O) Not Specified Not Entered Not Assigned
MP-5(DHS-4.11.f)
X X - - - Not Met None
NIST 800-53 w/ DHS 4300A MP-
6
Media Sanitization
Media Sanitization
(O)Not Specified Not Entered Not Assigned MP-6.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A MP-
Media Sanitization
Media Sanitization
(O)
Not Specified Not Entered Not Assigned MP-6(1).1 X X - - - Not Met None
CLASSIFICATION WAS NOT SELECTED32
CLASSIFICATION WAS NOT SELECTED
Control Ref.
Security Req./
Control
Security Category
ControlType
PlannedImp.
ActualImp.
Test#(s)
Methods Tailored Result Notes6 (1)
NIST 800-53 w/ DHS 4300A MP-
6 (2)
Media Sanitization
Media Sanitization
(O)Not Specified Not Entered Not Assigned MP-6(2).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A MP-
6 (3)
Media Sanitization
Media Sanitization
(O)Not Specified Not Entered Not Assigned MP-6(3).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A MP-
7
Media Use Media Use (O) Not Specified Not Entered Not Assigned MP-7.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A MP-
7 (1)
Prohibit Use Without Owner
Media Use (O) Not Specified Not Entered Not Assigned MP-7(1).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A MP-
7 (DHS-4.3.1.d)
USB Drive encryption
Media Use (O) Not Specified Not Entered Not Assigned
MP-7(DHS-4.3.1.d)
X X - - - Not Met None
NIST 800-53 w/ DHS 4300A MP-
7 (DHS-4.3.1.e)
DHS owned Removable
Media
Media Use (O) Not Specified Not Entered Not Assigned
MP-7(DHS-4.3.1.e)
X X - - - Not Met None
NIST 800-53 w/ DHS 4300A MP-
7 (DHS-4.3.1.f)
Protection of Sensitive Paper and Electronic Outputs
Media Use (O) Not Specified Not Entered Not Assigned
MP-7(DHS-4.3.1.f)
X X - - - Not Met None
NIST 800-53 w/ DHS 4300A PE-
1
Physical and Environmenta
l Protection Policy and Procedures
Physical and Environmenta
l Protection Policy and Procedures
(O)
Not Specified Not Entered Not Assigned PE-1.1, PE-1.2 X X - - - Not Met None
CLASSIFICATION WAS NOT SELECTED33
CLASSIFICATION WAS NOT SELECTED
Control Ref.
Security Req./
Control
Security Category
ControlType
PlannedImp.
ActualImp.
Test#(s)
Methods Tailored
Result NotesNIST 800-53 w/ DHS 4300A PE-
1 (DHS-3.3.c)
Physical and Environmenta
l Protection Policy and Procedures
Physical and Environmenta
l Protection Policy and Procedures
(O)
Not Specified Not Entered Not AssignedPE-
1(DHS-3.3.c)
X X - - - Not Met None
NIST 800-53 w/ DHS 4300A PE-
1 (DHS-4.6.2.3.b)
Physical and Environmenta
l Protection Policy and Procedures
Physical and Environmenta
l Protection Policy and Procedures
(O)
Not Specified Not Entered Not AssignedPE-
1(DHS-4.6.2.3.b)
X X - - - Not Met None
NIST 800-53 w/ DHS 4300A PE-
2
Physical Access
Authorizations
Physical Access
Authorizations (O)
Not Specified Not Entered Not Assigned PE-2.1, PE-2.2 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A PE-
3
Physical Access Control
Physical Access
Control (O)Not Specified Not Entered Not Assigned PE-3.1,
PE-3.2 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A PE-
3 (1)
Physical Access Control
Physical Access
Control (O)Not Specified Not Entered Not Assigned PE-3(1).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A PE-
4
Access Control for
Transmission Medium
Access Control for
Transmission Medium (O)
Not Specified Not Entered Not Assigned PE-4.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A PE-
5
Access Control for
Output Devices
Access Control for
Output Devices (O)
Not Specified Not Entered Not Assigned PE-5.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A PE-
6
Monitoring Physical Access
Monitoring Physical
Access (O)Not Specified Not Entered Not Assigned PE-6.1 X X - - - Not Met None
NIST 800-53 w/ DHS
Monitoring Physical
Monitoring Physical
Not Specified Not Entered Not Assigned PE-6(1).1 X X - - - Not Met None
CLASSIFICATION WAS NOT SELECTED34
CLASSIFICATION WAS NOT SELECTED
Control Ref.
Security Req./
Control
Security Category
ControlType
PlannedImp.
ActualImp.
Test#(s)
Methods TailoredResult Notes4300A PE-
6 (1) Access Access (O)
NIST 800-53 w/ DHS 4300A PE-
6 (4)
Monitoring Physical Access
Monitoring Physical
Access (O)Not Specified Not Entered Not Assigned PE-6(4).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A PE-
8
Access Records
Visitor Access
Records (O)Not Specified Not Entered Not Assigned PE-8.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A PE-
8 (1)
Access Records
Visitor Access
Records (O)Not Specified Not Entered Not Assigned PE-8(1).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A PE-
9
Power Equipment and Power
Cabling
Power Equipment and Cabling
(O)
Not Specified Not Entered Not Assigned PE-9.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A PE-
10
Emergency Shutoff
Emergency Shutoff (O) Not Specified Not Entered Not Assigned PE-10.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A PE-
11
Emergency Power
Emergency Power (O) Not Specified Not Entered Not Assigned PE-11.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A PE-
11 (1)
Emergency Power
Emergency Power (O) Not Specified Not Entered Not Assigned PE-
11(1).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A PE-
12
Emergency Lighting
Emergency Lighting (O) Not Specified Not Entered Not Assigned PE-12.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A PE-
13
Fire Protection
Fire Protection
(O)Not Specified Not Entered Not Assigned PE-13.1 X X - - - Not Met None
CLASSIFICATION WAS NOT SELECTED35
CLASSIFICATION WAS NOT SELECTED
Control Ref.
Security Req./
Control
Security Category
ControlType
PlannedImp.
ActualImp.
Test#(s)
Methods Tailored
Result NotesNIST 800-53 w/ DHS 4300A PE-
13 (1)
Fire Protection
Fire Protection
(O)Not Specified Not Entered Not Assigned PE-
13(1).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A PE-
13 (2)
Fire Protection
Fire Protection
(O)Not Specified Not Entered Not Assigned PE-
13(2).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A PE-
13 (3)
Fire Protection
Fire Protection
(O)Not Specified Not Entered Not Assigned PE-
13(3).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A PE-
14
Temperature and Humidity
Controls
Temperature and Humidity Controls (O)
Not Specified Not Entered Not Assigned PE-14.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A PE-
15
Water Damage
Protection
Water Damage
Protection (O)
Not Specified Not Entered Not Assigned PE-15.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A PE-
15 (1)
Water Damage
Protection
Water Damage
Protection (O)
Not Specified Not Entered Not Assigned PE-15(1).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A PE-
16
Delivery and Removal
Delivery and Removal (O) Not Specified Not Entered Not Assigned PE-16.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A PE-
17
Alternate Work Site
Alternate Work Site
(O)Not Specified Not Entered Not Assigned PE-17.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A PE-
18
Location of Information
System Components
Location of Information
System Components
(O)
Not Specified Not Entered Not Assigned PE-18.1 X X - - - Not Met None
NIST 800- Security Security Not Specified Not Entered Not Assigned PL-1.1, X X - - - Not Met None
CLASSIFICATION WAS NOT SELECTED36
CLASSIFICATION WAS NOT SELECTED
Control Ref.
Security Req./
Control
Security Category
ControlType
PlannedImp.
ActualImp.
Test#(s)
Methods Tailored
Result Notes53 w/ DHS 4300A PL-
1
Planning Policy and Procedures
Planning Policy and Procedures
(M)
PL-1.2
NIST 800-53 w/ DHS 4300A PL-
1 (DHS-3.14.5.c)
Security Planning
Policy and Procedures
Security Planning
Policy and Procedures
(M)
Not Specified Not Entered Not AssignedPL-
1(DHS-3.14.5.c)
X X - - - Not Met None
NIST 800-53 w/ DHS 4300A PL-
1 (DHS-3.14.7.d)
Security Planning
Policy and Procedures
Security Planning
Policy and Procedures
(M)
Not Specified Not Entered Not AssignedPL-
1(DHS-3.14.7.d)
X X - - - Not Met None
NIST 800-53 w/ DHS 4300A PL-
2
System Security Plan
System Security Plan
(M)Not Specified Not Entered Not Assigned PL-2.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A PL-
2 (3)
System Security Plan
System Security Plan
(M)Not Specified Not Entered Not Assigned PL-2(3).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A PL-
4
Rules of Behavior
Rules of Behavior (M) Not Specified Not Entered Not Assigned PL-4.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A PL-
4 (1)
Rules of Behavior
Rules of Behavior (M) Not Specified Not Entered Not Assigned PL-4(1).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A PL-
4 (DHS-4.1.2.a)
Rules of Behavior
Rules of Behavior (M) Not Specified Not Entered Not Assigned
PL-4(DHS-4.1.2.a)
X X - - - Not Met None
NIST 800-53 w/ DHS 4300A PL-
Rules of Behavior
Rules of Behavior (M)
Not Specified Not Entered Not Assigned PL-4(DHS-4.8.2.a)
X X - - - Not Met None
CLASSIFICATION WAS NOT SELECTED37
CLASSIFICATION WAS NOT SELECTED
Control Ref.
Security Req./
Control
Security Category
ControlType
PlannedImp.
ActualImp.
Test#(s)
Methods TailoredResult Notes4 (DHS-
4.8.2.a)NIST 800-53 w/ DHS 4300A PL-
4 (DHS-4.8.2.b)
Rules of Behavior
Rules of Behavior (M) Not Specified Not Entered Not Assigned
PL-4(DHS-4.8.2.b)
X X - - - Not Met None
NIST 800-53 w/ DHS 4300A PL-
4 (DHS-4.8.3.a)
Rules of Behavior
Rules of Behavior (M) Not Specified Not Entered Not Assigned
PL-4(DHS-4.8.3.a)
X X - - - Not Met None
NIST 800-53 w/ DHS 4300A PL-
4 (DHS-4.8.5.e)
Rules of Behavior
Rules of Behavior (M) Not Specified Not Entered Not Assigned
PL-4(DHS-4.8.5.e)
X X - - - Not Met None
NIST 800-53 w/ DHS 4300A PL-
8
Information Security
Architecture
Information Security
Architecture (M)
Not Specified Not Entered Not Assigned PL-8.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A PM-
1
Information Security
Program Plan
Information Security
Program Plan (M)
Not Specified Not Entered Not Assigned PM-1.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A PM-
2
Senior Information
Security Officer
Senior Information
Security Officer (M)
Not Specified Not Entered Not Assigned PM-2.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A PM-
3
Information Security
Resources
Information Security
Resources (M)
Not Specified Not Entered Not Assigned PM-3.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A PM-
4
Plan of Action and Milestones
Process
Plan of Action and Milestones Process (M)
Not Specified Not Entered Not Assigned PM-4.1 X X - - - Not Met None
NIST 800- Information Information Not Specified Not Entered Not Assigned PM-5.1 X X - - - Not Met None
CLASSIFICATION WAS NOT SELECTED38
CLASSIFICATION WAS NOT SELECTED
Control Ref.
Security Req./
Control
Security Category
ControlType
PlannedImp.
ActualImp.
Test#(s)
Methods Tailored
Result Notes53 w/ DHS 4300A PM-
5
System Inventory
System Inventory
(M)
NIST 800-53 w/ DHS 4300A PM-
6
Information Security
Measures of Performance
Information Security
Measures of Performance
(M)
Not Specified Not Entered Not Assigned PM-6.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A PM-
7
Enterprise Architecture
Enterprise Architecture
(M)Not Specified Not Entered Not Assigned PM-7.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A PM-
8
Critical Infrastructure
Plan
Critical Infrastructure
Plan (M)Not Specified Not Entered Not Assigned PM-8.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A PM-
9
Risk Management
Strategy
Risk Management Strategy (M)
Not Specified Not Entered Not Assigned PM-9.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A PM-
10
Security Authorization
Process
Security Authorization Process (M)
Not Specified Not Entered Not Assigned PM-10.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A PM-
11
Mission/Business Process
Definition
Mission/Business Process
Definition (M)
Not Specified Not Entered Not Assigned PM-11.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A PM-
12
Insider Threat Program
Insider Threat Program (M) Not Specified Not Entered Not Assigned PM-12.1 X - - - - Not Met None
NIST 800-53 w/ DHS 4300A PM-
13
Information Security
Workforce
Information Security
Workforce (M)
Not Specified Not Entered Not Assigned PM-13.1 X X - - - Not Met None
NIST 800- Testing, Testing, Not Specified Not Entered Not Assigned PM-14.1 X X - - - Not Met None
CLASSIFICATION WAS NOT SELECTED39
CLASSIFICATION WAS NOT SELECTED
Control Ref.
Security Req./
Control
Security Category
ControlType
PlannedImp.
ActualImp.
Test#(s)
Methods Tailored
Result Notes53 w/ DHS 4300A PM-
14
Training, and Monitoring
Training, and Monitoring
(M)NIST 800-53 w/ DHS 4300A PM-
15
Contacts with Security
Groups and Associations
Contacts with Security and Associations
(M)
Not Specified Not Entered Not Assigned PM-15.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A PM-
16
Threat Awareness Program
Threat Awareness
Program (M)Not Specified Not Entered Not Assigned PM-16.1 X X - - - Not Met None
NIST 800-53 w/ DHS
4300A PRIV-AP-1
Authority to Collect
Authority to Collect () Not Specified Not Entered Not Assigned AP-1.1 X X - - - Not Met None
NIST 800-53 w/ DHS
4300A PRIV-AP-2
Purpose Specification
Purpose Specification
()Not Specified Not Entered Not Assigned AP-2.1 X X - - - Not Met None
NIST 800-53 w/ DHS
4300A PRIV-AR-
1
Governance and Privacy
Program
Governance and Privacy Program ()
Not Specified Not Entered Not Assigned AR-1.1 X X - - - Not Met None
NIST 800-53 w/ DHS
4300A PRIV-AR-
2
Privacy Impact and
Risk Assessment
Privacy Impact and
Risk Assessment ()
Not Specified Not Entered Not Assigned AR-2.1 X X - - - Not Met None
NIST 800-53 w/ DHS
4300A PRIV-AR-
3
Privacy Requirements
for Contractors and Service Providers
Privacy Requirements
for Contractors and Service Providers ()
Not Specified Not Entered Not Assigned AR-3.1 X X - - - Not Met None
NIST 800-53 w/ DHS
4300A
Privacy Monitoring
and Auditing
Privacy Monitoring
and Auditing
Not Specified Not Entered Not Assigned AR-4.1 X X - - - Not Met None
CLASSIFICATION WAS NOT SELECTED40
CLASSIFICATION WAS NOT SELECTED
Control Ref.
Security Req./
Control
Security Category
ControlType
PlannedImp.
ActualImp.
Test#(s)
Methods TailoredResult NotesPRIV-AR-
4 ()
NIST 800-53 w/ DHS
4300A PRIV-AR-
5
Privacy Awareness
and Training
Privacy Awareness
and Training ()
Not Specified Not Entered Not Assigned AR-5.1 X X - - - Not Met None
NIST 800-53 w/ DHS
4300A PRIV-AR-
6
Privacy Reporting
Privacy Reporting () Not Specified Not Entered Not Assigned AR-6.1 X X - - - Not Met None
NIST 800-53 w/ DHS
4300A PRIV-AR-
7
Privacy-Enhanced System
Design and Development
Privacy-Enhanced System
Design and Development
()
Not Specified Not Entered Not Assigned AR-7.1 X X - - - Not Met None
NIST 800-53 w/ DHS
4300A PRIV-AR-
8
Accounting of
Disclosures
Accounting of
Disclosures ()Not Specified Not Entered Not Assigned AR-8.1 X X - - - Not Met None
NIST 800-53 w/ DHS
4300A PRIV-DI-1
Data Quality Data Quality () Not Specified Not Entered Not Assigned DI-1.1 X X - - - Not Met None
NIST 800-53 w/ DHS
4300A PRIV-DI-2
Data Integrity and Data Integrity Board
Data Integrity and Data Integrity Board ()
Not Specified Not Entered Not Assigned DI-2.1 X X - - - Not Met None
NIST 800-53 w/ DHS
4300A PRIV-DM-
1
Minimization of Personally Identifiable Information
Minimization of Personally Identifiable Information
()
Not Specified Not Entered Not Assigned DM-1.1 X X - - - Not Met None
NIST 800-53 w/ DHS
Data Retention and
Data Retention and
Not Specified Not Entered Not Assigned DM-2.1 X X - - - Not Met None
CLASSIFICATION WAS NOT SELECTED41
CLASSIFICATION WAS NOT SELECTED
Control Ref.
Security Req./
Control
Security Category
ControlType
PlannedImp.
ActualImp.
Test#(s)
Methods Tailored
Result Notes4300A PRIV-DM-
2Disposal Disposal ()
NIST 800-53 w/ DHS
4300A PRIV-DM-
3
Minimization of PII Used in
Testing, Training, and
Research
Minimization of PII Used in
Testing, Training, and Research ()
Not Specified Not Entered Not Assigned DM-3.1 X X - - - Not Met None
NIST 800-53 w/ DHS
4300A PRIV-IP-1
Consent Consent () Not Specified Not Entered Not Assigned IP-1.1 X X - - - Not Met None
NIST 800-53 w/ DHS
4300A PRIV-IP-2
Individual Access
Individual Access () Not Specified Not Entered Not Assigned IP-2.1 X X - - - Not Met None
NIST 800-53 w/ DHS
4300A PRIV-IP-3
Redress Redress () Not Specified Not Entered Not Assigned IP-3.1 X X - - - Not Met None
NIST 800-53 w/ DHS
4300A PRIV-IP-4
Complaint Management
Complaint Management
()Not Specified Not Entered Not Assigned IP-4.1 X X - - - Not Met None
NIST 800-53 w/ DHS
4300A PRIV-SE-1
Inventory of Personally Identifiable Information
Inventory of Personally Identifiable Information
()
Not Specified Not Entered Not Assigned SE-1.1 X X - - - Not Met None
NIST 800-53 w/ DHS
4300A PRIV-SE-2
Privacy Incident
Response
Privacy Incident
Response ()Not Specified Not Entered Not Assigned SE-2.1 X X - - - Not Met None
NIST 800-53 w/ DHS
4300A PRIV-TR-1
Privacy Notice
Privacy Notice () Not Specified Not Entered Not Assigned TR-1.1 X X - - - Not Met None
NIST 800- System of System of Not Specified Not Entered Not Assigned TR-2.1 X X - - - Not Met None
CLASSIFICATION WAS NOT SELECTED42
CLASSIFICATION WAS NOT SELECTED
Control Ref.
Security Req./
Control
Security Category
ControlType
PlannedImp.
ActualImp.
Test#(s)
Methods Tailored
Result Notes53 w/ DHS 4300A
PRIV-TR-2
Records Notices and Privacy Act Statements
Records Notices and Privacy Act
Statements ()
NIST 800-53 w/ DHS
4300A PRIV-TR-3
Dissemination of Privacy
Program Information
Dissemination of Privacy
Program Information
()
Not Specified Not Entered Not Assigned TR-3.1 X X - - - Not Met None
NIST 800-53 w/ DHS
4300A PRIV-UL-
1
Internal Use Internal Use () Not Specified Not Entered Not Assigned UL-1.1 X X - - - Not Met None
NIST 800-53 w/ DHS
4300A PRIV-UL-
2
Information Sharing with Third Parties
Information Sharing with Third Parties
()
Not Specified Not Entered Not Assigned UL-2.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A PS-
1
Personnel Security
Policy and Procedures
Personnel Security
Policy and Procedures
(O)
Not Specified Not Entered Not Assigned PS-1.1, PS-1.2 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A PS-
2
Position Categorizatio
n
Position Risk Designation
(O)Not Specified Not Entered Not Assigned PS-2.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A PS-
3
Personnel Screening
Personnel Screening (O) Not Specified Not Entered Not Assigned PS-3.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A PS-
4
Personnel Termination
Personnel Termination
(O)Not Specified Not Entered Not Assigned PS-4.1 X X - - - Not Met None
NIST 800-53 w/ DHS
Automated Notification
Personnel Termination
Not Specified Not Entered Not Assigned PS-4(2).1 X X - - - Not Met None
CLASSIFICATION WAS NOT SELECTED43
CLASSIFICATION WAS NOT SELECTED
Control Ref.
Security Req./
Control
Security Category
ControlType
PlannedImp.
ActualImp.
Test#(s)
Methods TailoredResult Notes4300A PS-
4 (2) (O)
NIST 800-53 w/ DHS 4300A PS-
5
Personnel Transfer
Personnel Transfer (O) Not Specified Not Entered Not Assigned PS-5.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A PS-
6
Access Agreements
Access Agreements
(O)Not Specified Not Entered Not Assigned PS-6.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A PS-
7
Third-Party Personnel Security
Third-Party Personnel
Security (O)Not Specified Not Entered Not Assigned PS-7.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A PS-
8
Personnel Sanctions
Personnel Sanctions (O) Not Specified Not Entered Not Assigned PS-8.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A RA-
1
Risk Assessment Policy and Procedures
Risk Assessment Policy and Procedures
(M)
Not Specified Not Entered Not Assigned RA-1.1, RA-1.2 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A RA-
2
Security Categorizatio
n
Security Categorizatio
n (M)Not Specified Not Entered Not Assigned RA-2.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A RA-
2 (DHS-3.9.a)
Security Categorizatio
n
Security Categorizatio
n (M)Not Specified Not Entered Not Assigned
RA-2(DHS-3.9.a)
X X - - - Not Met None
NIST 800-53 w/ DHS 4300A RA-
2 (DHS-3.14.2.e)
Security Categorizatio
n
Security Categorizatio
n (M)Not Specified Not Entered Not Assigned
RA-2(DHS-3.14.2.e)
X X - - - Not Met None
NIST 800- Risk Risk Not Specified Not Entered Not Assigned RA-3.1 X X - - - Not Met None
CLASSIFICATION WAS NOT SELECTED44
CLASSIFICATION WAS NOT SELECTED
Control Ref.
Security Req./
Control
Security Category
ControlType
PlannedImp.
ActualImp.
Test#(s)
Methods Tailored
Result Notes53 w/ DHS 4300A RA-
3Assessment Assessment
(M)
NIST 800-53 w/ DHS 4300A RA-
5
Vulnerability Scanning
Vulnerability Scanning (M) Not Specified Not Entered Not Assigned RA-5.1,
RA-5.2 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A RA-
5 (1)
Vulnerability Scanning
Vulnerability Scanning (M) Not Specified Not Entered Not Assigned RA-5(1).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A RA-
5 (2)
Vulnerability Scanning
Vulnerability Scanning (M) Not Specified Not Entered Not Assigned RA-5(2).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A RA-
5 (4)
Vulnerability Scanning
Vulnerability Scanning (M) Not Specified Not Entered Not Assigned RA-5(4).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A RA-
5 (5)
Vulnerability Scanning
Vulnerability Scanning (M) Not Specified Not Entered Not Assigned RA-5(5).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A RA-
5 (DHS-4.8.4.d)
Vulnerability Scanning
Vulnerability Scanning (M) Not Specified Not Entered Not Assigned
RA-5(DHS-4.8.4.d)
X X - - - Not Met None
NIST 800-53 w/ DHS 4300A SA-
1
System and Services
Acquisition Policy and Procedures
System and Services
Acquisition Policy and Procedures
(M)
Not Specified Not Entered Not Assigned SA-1.1, SA-1.2 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A SA-
1 (DHS-
System and Services
Acquisition Policy and
System and Services
Acquisition Policy and
Not Specified Not Entered Not Assigned SA-1(DHS-3.1.g)
X X - - - Not Met None
CLASSIFICATION WAS NOT SELECTED45
CLASSIFICATION WAS NOT SELECTED
Control Ref.
Security Req./
Control
Security Category
ControlType
PlannedImp.
ActualImp.
Test#(s)
Methods TailoredResult Notes
3.1.g) Procedures Procedures (M)
NIST 800-53 w/ DHS 4300A SA-
1 (DHS-3.2.g)
System and Services
Acquisition Policy and Procedures
System and Services
Acquisition Policy and Procedures
(M)
Not Specified Not Entered Not AssignedSA-
1(DHS-3.2.g)
X X - - - Not Met None
NIST 800-53 w/ DHS 4300A SA-
1 (DHS-3.3.a)
System and Services
Acquisition Policy and Procedures
System and Services
Acquisition Policy and Procedures
(M)
Not Specified Not Entered Not AssignedSA-
1(DHS-3.3.a)
X X - - - Not Met None
NIST 800-53 w/ DHS 4300A SA-
1 (DHS-3.3.b)
System and Services
Acquisition Policy and Procedures
System and Services
Acquisition Policy and Procedures
(M)
Not Specified Not Entered Not AssignedSA-
1(DHS-3.3.b)
X X - - - Not Met None
NIST 800-53 w/ DHS 4300A SA-
2
Allocation of Resources
Allocation of Resources
(M)Not Specified Not Entered Not Assigned SA-2.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A SA-
3
Life Cycle Support
System Development
Life Cycle (M)
Not Specified Not Entered Not Assigned SA-3.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A SA-
3 (DHS-3.6.c)
Life Cycle Support
System Development
Life Cycle (M)
Not Specified Not Entered Not AssignedSA-
3(DHS-3.6.c)
X X - - - Not Met None
NIST 800-53 w/ DHS 4300A SA-
4
Acquisitions Acquisition Process (M) Not Specified Not Entered Not Assigned SA-4.1 X X - - - Not Met None
NIST 800- Acquisitions Acquisition Not Specified Not Entered Not Assigned SA-4(1).1 X X - - - Not Met None
CLASSIFICATION WAS NOT SELECTED46
CLASSIFICATION WAS NOT SELECTED
Control Ref.
Security Req./
Control
Security Category
ControlType
PlannedImp.
ActualImp.
Test#(s)
Methods Tailored
Result Notes53 w/ DHS 4300A SA-
4 (1)Process (M)
NIST 800-53 w/ DHS 4300A SA-
4 (2)
Acquisitions Acquisition Process (M) Not Specified Not Entered Not Assigned SA-4(2).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A SA-
4 (9)
Acquisitions Acquisition Process (M) Not Specified Not Entered Not Assigned SA-4(9).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A SA-
4 (10)
Acquisitions Acquisition Process (M) Not Specified Not Entered Not Assigned SA-
4(10).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A SA-
4 (DHS-3.14.7.g)
Acquisitions Acquisition Process (M) Not Specified Not Entered Not Assigned
SA-4(DHS-3.14.7.g)
X X - - - Not Met None
NIST 800-53 w/ DHS 4300A SA-
4 (DHS-5.7.b)
Acquisitions Acquisition Process (M) Not Specified Not Entered Not Assigned
SA-4(DHS-5.7.b)
X X - - - Not Met None
NIST 800-53 w/ DHS 4300A SA-
5
Information System
Documentation
Information System
Documentation (M)
Not Specified Not Entered Not Assigned SA-5.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A SA-
8
Security Engineering Principles
Security Engineering Principles
(M)
Not Specified Not Entered Not Assigned SA-8.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A SA-
9
External Information
System Services
External Information
System Services (M)
Not Specified Not Entered Not Assigned SA-9.1 X X - - - Not Met None
NIST 800- External External Not Specified Not Entered Not Assigned SA-9(2).1 X X - - - Not Met None
CLASSIFICATION WAS NOT SELECTED47
CLASSIFICATION WAS NOT SELECTED
Control Ref.
Security Req./
Control
Security Category
ControlType
PlannedImp.
ActualImp.
Test#(s)
Methods Tailored
Result Notes53 w/ DHS 4300A SA-
9 (2)
Information System Services
Information System
Services (M)NIST 800-53 w/ DHS 4300A SA-
10
Developer Configuration Management
Developer Configuration Management
(M)
Not Specified Not Entered Not Assigned SA-10.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A SA-
11
Developer Security
Testing and Evaluation
Developer Security
Testing and Evaluation
(M)
Not Specified Not Entered Not Assigned SA-11.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A SA-
12
Supply Chain Protection
Supply Chain Protection
(M)Not Specified Not Entered Not Assigned SA-12.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A SA-12 (DHS-
5.8.a)
Supply Chain Protection
Supply Chain Protection
(M)Not Specified Not Entered Not Assigned
SA-12(DHS-
5.8.a)X X - - - Not Met None
NIST 800-53 w/ DHS 4300A SA-12 (DHS-
5.8.b)
Supply Chain Protection
Supply Chain Protection
(M)Not Specified Not Entered Not Assigned
SA-12(DHS-
5.8.b)X X - - - Not Met None
NIST 800-53 w/ DHS 4300A SA-
15
Development Process,
Standards, and Tools
Development Process,
Standards, and Tools
(M)
Not Specified Not Entered Not Assigned SA-15.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A SA-
16
Developer-Provided Training
Developer-Provided
Training (M)Not Specified Not Entered Not Assigned SA-16.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A SA-
Developer Security
Architecture
Developer Security
Architecture
Not Specified Not Entered Not Assigned SA-17.1 X X - - - Not Met None
CLASSIFICATION WAS NOT SELECTED48
CLASSIFICATION WAS NOT SELECTED
Control Ref.
Security Req./
Control
Security Category
ControlType
PlannedImp.
ActualImp.
Test#(s)
Methods TailoredResult Notes
17 and Design and Design (M)
NIST 800-53 w/ DHS 4300A SC-
1
System and Communicati
ons Protection Policy and Procedures
System and Communicati
ons Protection Policy and Procedures
(T)
Not Specified Not Entered Not Assigned SC-1.1, SC-1.2 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A SC-
1 (DHS-3.17.a)
System and Communicati
ons Protection Policy and Procedures
System and Communicati
ons Protection Policy and Procedures
(T)
Not Specified Not Entered Not AssignedSC-
1(DHS-3.17.a)
X X - - - Not Met None
NIST 800-53 w/ DHS 4300A SC-
1 (DHS-4.4.1.a)
System and Communicati
ons Protection Policy and Procedures
System and Communicati
ons Protection Policy and Procedures
(T)
Not Specified Not Entered Not AssignedSC-
1(DHS-4.4.1.a)
X X - - - Not Met None
NIST 800-53 w/ DHS 4300A SC-
1 (DHS-4.5.2.a)
System and Communicati
ons Protection Policy and Procedures
System and Communicati
ons Protection Policy and Procedures
(T)
Not Specified Not Entered Not AssignedSC-
1(DHS-4.5.2.a)
X X - - - Not Met None
NIST 800-53 w/ DHS 4300A SC-
1 (DHS-4.5.3.b)
System and Communicati
ons Protection Policy and Procedures
System and Communicati
ons Protection Policy and Procedures
(T)
Not Specified Not Entered Not AssignedSC-
1(DHS-4.5.3.b)
X X - - - Not Met None
NIST 800- System and System and Not Specified Not Entered Not Assigned SC- X X - - - Not Met None
CLASSIFICATION WAS NOT SELECTED49
CLASSIFICATION WAS NOT SELECTED
Control Ref.
Security Req./
Control
Security Category
ControlType
PlannedImp.
ActualImp.
Test#(s)
Methods Tailored
Result Notes53 w/ DHS 4300A SC-
1 (DHS-5.5.2.t)
Communications
Protection Policy and Procedures
Communications
Protection Policy and Procedures
(T)
1(DHS-5.5.2.t)
NIST 800-53 w/ DHS 4300A SC-
1 (DHS-5.5.3.j)
System and Communicati
ons Protection Policy and Procedures
System and Communicati
ons Protection Policy and Procedures
(T)
Not Specified Not Entered Not AssignedSC-
1(DHS-5.5.3.j)
X X - - - Not Met None
NIST 800-53 w/ DHS 4300A SC-
1 (DHS-5.7.a)
System and Communicati
ons Protection Policy and Procedures
System and Communicati
ons Protection Policy and Procedures
(T)
Not Specified Not Entered Not AssignedSC-
1(DHS-5.7.a)
X X - - - Not Met None
NIST 800-53 w/ DHS 4300A SC-
2
Application Partitioning
Application Partitioning
(T)Not Specified Not Entered Not Assigned SC-2.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A SC-
3
Security Function Isolation
Security Function
Isolation (T)Not Specified Not Entered Not Assigned SC-3.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A SC-
4
Information in Shared Resources
Information in Shared
Resources (T)Not Specified Not Entered Not Assigned SC-4.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A SC-
5
Denial-of-Service
Protection
Denial of Service
Protection (T)Not Specified Not Entered Not Assigned SC-5.1 X X - - - Not Met None
NIST 800-53 w/ DHS
Denial-of-Service
Denial of Service
Not Specified Not Entered Not Assigned SC-5(DHS-
X X - - - Not Met None
CLASSIFICATION WAS NOT SELECTED50
CLASSIFICATION WAS NOT SELECTED
Control Ref.
Security Req./
Control
Security Category
ControlType
PlannedImp.
ActualImp.
Test#(s)
Methods Tailored
Result Notes4300A SC-5 (DHS-4.6.1.c)
Protection Protection (T) 4.6.1.c)
NIST 800-53 w/ DHS 4300A SC-
7
Boundary Protection
Boundary Protection (T) Not Specified Not Entered Not Assigned SC-7.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A SC-
7 (3)
Boundary Protection
Boundary Protection (T) Not Specified Not Entered Not Assigned SC-7(3).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A SC-
7 (4)
Boundary Protection
Boundary Protection (T) Not Specified Not Entered Not Assigned SC-7(4).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A SC-
7 (5)
Boundary Protection
Boundary Protection (T) Not Specified Not Entered Not Assigned SC-7(5).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A SC-
7 (7)
Boundary Protection
Boundary Protection (T) Not Specified Not Entered Not Assigned SC-7(7).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A SC-
7 (8)
Boundary Protection
Boundary Protection (T) Not Specified Not Entered Not Assigned SC-7(8).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A SC-
7 (18)
Boundary Protection
Boundary Protection (T) Not Specified Not Entered Not Assigned SC-
7(18).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A SC-
7 (21)
Boundary Protection
Boundary Protection (T) Not Specified Not Entered Not Assigned SC-
7(21).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A SC-
Boundary Protection
Boundary Protection (T)
Not Specified Not Entered Not Assigned SC-7(DHS-5.4.4.h)
X X - - - Not Met None
CLASSIFICATION WAS NOT SELECTED51
CLASSIFICATION WAS NOT SELECTED
Control Ref.
Security Req./
Control
Security Category
ControlType
PlannedImp.
ActualImp.
Test#(s)
Methods TailoredResult Notes7 (DHS-
5.4.4.h)NIST 800-53 w/ DHS 4300A SC-
7 (DHS-5.4.5.a)
Boundary Protection
Boundary Protection (T) Not Specified Not Entered Not Assigned
SC-7(DHS-5.4.5.a)
X X - - - Not Met None
NIST 800-53 w/ DHS 4300A SC-
7 (DHS-5.4.5.b)
Boundary Protection
Boundary Protection (T) Not Specified Not Entered Not Assigned
SC-7(DHS-5.4.5.b)
X X - - - Not Met None
NIST 800-53 w/ DHS 4300A SC-
8
Transmission Integrity
Transmission Confidentialit
y and Integrity (T)
Not Specified Not Entered Not Assigned SC-8.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A SC-
8 (1)
Transmission Integrity
Transmission Confidentialit
y and Integrity (T)
Not Specified Not Entered Not Assigned SC-8(1).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A SC-
10
Network Disconnect
Network Disconnect
(T)Not Specified Not Entered Not Assigned SC-10.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A SC-
12
Cryptographic Key
Establishment and
Management
Cryptographic Key
Establishment and
Management (T)
Not Specified Not Entered Not Assigned SC-12.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A SC-
12 (1)
Cryptographic Key
Establishment and
Management
Cryptographic Key
Establishment and
Management (T)
Not Specified Not Entered Not Assigned SC-12(1).1 X X - - - Not Met None
NIST 800-53 w/ DHS
Cryptographic Key
Cryptographic Key
Not Specified Not Entered Not Assigned SC-12(DHS-
X X - - - Not Met None
CLASSIFICATION WAS NOT SELECTED52
CLASSIFICATION WAS NOT SELECTED
Control Ref.
Security Req./
Control
Security Category
ControlType
PlannedImp.
ActualImp.
Test#(s)
Methods Tailored
Result Notes4300A SC-12 (DHS-
4.6.b)
Establishment and
Management
Establishment and
Management (T)
4.6.b)
NIST 800-53 w/ DHS 4300A SC-12 (DHS-5.5.3.a)
Cryptographic Key
Establishment and
Management
Cryptographic Key
Establishment and
Management (T)
Not Specified Not Entered Not AssignedSC-
12(DHS-5.5.3.a)
X X - - - Not Met None
NIST 800-53 w/ DHS 4300A SC-12 (DHS-5.5.3.b)
Cryptographic Key
Establishment and
Management
Cryptographic Key
Establishment and
Management (T)
Not Specified Not Entered Not AssignedSC-
12(DHS-5.5.3.b)
X X - - - Not Met None
NIST 800-53 w/ DHS 4300A SC-12 (DHS-5.5.3.c)
Cryptographic Key
Establishment and
Management
Cryptographic Key
Establishment and
Management (T)
Not Specified Not Entered Not AssignedSC-
12(DHS-5.5.3.c)
X X - - - Not Met None
NIST 800-53 w/ DHS 4300A SC-12 (DHS-
5.5.3.i)
Cryptographic Key
Establishment and
Management
Cryptographic Key
Establishment and
Management (T)
Not Specified Not Entered Not AssignedSC-
12(DHS-5.5.3.i)
X X - - - Not Met None
NIST 800-53 w/ DHS 4300A SC-
13
Use of Cryptography
Cryptographic Protection
(T)Not Specified Not Entered Not Assigned SC-13.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A SC-13 (DHS-5.4.6.k)
Use of Cryptography
Cryptographic Protection
(T)Not Specified Not Entered Not Assigned
SC-13(DHS-5.4.6.k)
X X - - - Not Met None
NIST 800- Use of Cryptographi Not Specified Not Entered Not Assigned SC- X X - - - Not Met None
CLASSIFICATION WAS NOT SELECTED53
CLASSIFICATION WAS NOT SELECTED
Control Ref.
Security Req./
Control
Security Category
ControlType
PlannedImp.
ActualImp.
Test#(s)
Methods Tailored
Result Notes53 w/ DHS 4300A SC-13 (DHS-5.5.1.a)
Cryptography c Protection (T)
13(DHS-5.5.1.a)
NIST 800-53 w/ DHS 4300A SC-13 (DHS-5.5.1.c)
Use of Cryptography
Cryptographic Protection
(T)Not Specified Not Entered Not Assigned
SC-13(DHS-5.5.1.c)
X X - - - Not Met None
NIST 800-53 w/ DHS 4300A SC-13 (DHS-5.5.2.v)
Use of Cryptography
Cryptographic Protection
(T)Not Specified Not Entered Not Assigned
SC-13(DHS-5.5.2.v)
X X - - - Not Met None
NIST 800-53 w/ DHS 4300A SC-13 (DHS-
5.7.d)
Use of Cryptography
Cryptographic Protection
(T)Not Specified Not Entered Not Assigned
SC-13(DHS-
5.7.d)X X - - - Not Met None
NIST 800-53 w/ DHS 4300A SC-
15
Collaborative Computing
Devices
Collaborative Computing Devices (T)
Not Specified Not Entered Not Assigned SC-15.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A SC-15 (DHS-4.5.3.a)
Collaborative Computing
Devices
Collaborative Computing Devices (T)
Not Specified Not Entered Not AssignedSC-
15(DHS-4.5.3.a)
X X - - - Not Met None
NIST 800-53 w/ DHS 4300A SC-15 (DHS-4.5.3.b)
Collaborative Computing
Devices
Collaborative Computing Devices (T)
Not Specified Not Entered Not AssignedSC-
15(DHS-4.5.3.b)
X X - - - Not Met None
NIST 800-53 w/ DHS 4300A SC-15 (DHS-4.5.3.c)
Collaborative Computing
Devices
Collaborative Computing Devices (T)
Not Specified Not Entered Not AssignedSC-
15(DHS-4.5.3.c)
X X - - - Not Met None
CLASSIFICATION WAS NOT SELECTED54
CLASSIFICATION WAS NOT SELECTED
Control Ref.
Security Req./
Control
Security Category
ControlType
PlannedImp.
ActualImp.
Test#(s)
Methods Tailored
Result NotesNIST 800-53 w/ DHS 4300A SC-
17
Public Key Infrastructure Certificates
Public Key Infrastructure Certificates
(T)
Not Specified Not Entered Not Assigned SC-17.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A SC-
18
Mobile Code Mobile Code (T) Not Specified Not Entered Not Assigned SC-18.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A SC-
19
Voice Over Internet Protocol
Voice Over Internet
Protocol (T)Not Specified Not Entered Not Assigned SC-19.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A SC-
20
Secure Name/Address Resolution
Service (Authoritative
Source)
Secure Name / Address
Resolution Service
(Authoritative Source) (T)
Not Specified Not Entered Not Assigned SC-20.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A SC-20 (DHS-5.4.3.k)
Secure Name/Address Resolution
Service (Authoritative
Source)
Secure Name / Address
Resolution Service
(Authoritative Source) (T)
Not Specified Not Entered Not AssignedSC-
20(DHS-5.4.3.k)
X X - - - Not Met None
NIST 800-53 w/ DHS 4300A SC-
21
Secure Name/Address Resolution
Service (Recursive or
Caching Resolver)
Secure Name / Address
Resolution Service
(Recursive or Caching
Resolver) (T)
Not Specified Not Entered Not Assigned SC-21.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A SC-
22
Architecture and
Provisioning for
Architecture and
Provisioning for
Not Specified Not Entered Not Assigned SC-22.1 X X - - - Not Met None
CLASSIFICATION WAS NOT SELECTED55
CLASSIFICATION WAS NOT SELECTED
Control Ref.
Security Req./
Control
Security Category
ControlType
PlannedImp.
ActualImp.
Test#(s)
Methods Tailored
Result NotesName/Address Resolution
Service
Name/Address Resolution Service (T)
NIST 800-53 w/ DHS 4300A SC-
23
Session Authenticity
Session Authenticity
(T)Not Specified Not Entered Not Assigned SC-23.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A SC-
24
Fail in Known State
Fail in Known State
(T)Not Specified Not Entered Not Assigned SC-24.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A SC-
28
Protection of Information
at Rest
Protection of Information at Rest (T)
Not Specified Not Entered Not Assigned SC-28.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A SC-28 (DHS-
5.2.g)
Protection of Information
at Rest
Protection of Information at Rest (T)
Not Specified Not Entered Not AssignedSC-
28(DHS-5.2.g)
X X - - - Not Met None
NIST 800-53 w/ DHS 4300A SC-
39
Process Isolation
Process Isolation (T) Not Specified Not Entered Not Assigned SC-39.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A SI-1
System and Information
Integrity Policy and Procedures
System and Information
Integrity Policy and Procedures
(O)
Not Specified Not Entered Not Assigned SI-1.1, SI-1.2 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A SI-1
(DHS-5.4.2.a)
System and Information
Integrity Policy and Procedures
System and Information
Integrity Policy and Procedures
(O)
Not Specified Not Entered Not AssignedSI-
1(DHS-5.4.2.a)
X X - - - Not Met None
NIST 800-53 w/ DHS
System and Information
System and Information
Not Specified Not Entered Not Assigned SI-1(DHS-
X X - - - Not Met None
CLASSIFICATION WAS NOT SELECTED56
CLASSIFICATION WAS NOT SELECTED
Control Ref.
Security Req./
Control
Security Category
ControlType
PlannedImp.
ActualImp.
Test#(s)
Methods Tailored
Result Notes4300A SI-1 (DHS-5.4.5.c)
Integrity Policy and Procedures
Integrity Policy and Procedures
(O)
5.4.5.c)
NIST 800-53 w/ DHS 4300A SI-1
(DHS-5.4.6.h)
System and Information
Integrity Policy and Procedures
System and Information
Integrity Policy and Procedures
(O)
Not Specified Not Entered Not AssignedSI-
1(DHS-5.4.6.h)
X X - - - Not Met None
NIST 800-53 w/ DHS 4300A SI-2
Flaw Remediation
Flaw Remediation
(O)Not Specified Not Entered Not Assigned SI-2.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A SI-2
(1)
Flaw Remediation
Flaw Remediation
(O)Not Specified Not Entered Not Assigned SI-2(1).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A SI-2
(2)
Flaw Remediation
Flaw Remediation
(O)Not Specified Not Entered Not Assigned SI-2(2).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A SI-3
Malicious Code
Protection
Malicious Code
Protection (O)
Not Specified Not Entered Not Assigned SI-3.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A SI-3
(1)
Malicious Code
Protection
Malicious Code
Protection (O)
Not Specified Not Entered Not Assigned SI-3(1).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A SI-3
(2)
Malicious Code
Protection
Malicious Code
Protection (O)
Not Specified Not Entered Not Assigned SI-3(2).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A SI-3
(10)
Malicious Code
Protection
Malicious Code
Protection (O)
Not Specified Not Entered Not Assigned SI-3(10).1 X X - - - Not Met None
NIST 800- Malicious Malicious Not Specified Not Entered Not Assigned SI- X X - - - Not Met None
CLASSIFICATION WAS NOT SELECTED57
CLASSIFICATION WAS NOT SELECTED
Control Ref.
Security Req./
Control
Security Category
ControlType
PlannedImp.
ActualImp.
Test#(s)
Methods Tailored
Result Notes53 w/ DHS 4300A SI-3
(DHS-5.4.6.g)
Code Protection
Code Protection
(O)
3(DHS-5.4.6.g)
NIST 800-53 w/ DHS 4300A SI-4
Information System
Monitoring
Information System
Monitoring (O)
Not Specified Not Entered Not Assigned SI-4.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A SI-4
(2)
Information System
Monitoring
Information System
Monitoring (O)
Not Specified Not Entered Not Assigned SI-4(2).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A SI-4
(4)
Information System
Monitoring
Information System
Monitoring (O)
Not Specified Not Entered Not Assigned SI-4(4).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A SI-4
(5)
Information System
Monitoring
Information System
Monitoring (O)
Not Specified Not Entered Not Assigned SI-4(5).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A SI-5
Security Alerts,
Advisories, and
Directives
Security Alerts,
Advisories, and
Directives (O)
Not Specified Not Entered Not Assigned SI-5.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A SI-5
(1)
Security Alerts,
Advisories, and
Directives
Security Alerts,
Advisories, and
Directives (O)
Not Specified Not Entered Not Assigned SI-5(1).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A SI-6
Security Functionality Verification
Security Function
Verification (O)
Not Specified Not Entered Not Assigned SI-6.1 X X - - - Not Met None
NIST 800-53 w/ DHS
Software and Information
Software, Firmware,
Not Specified Not Entered Not Assigned SI-7.1 X X - - - Not Met None
CLASSIFICATION WAS NOT SELECTED58
CLASSIFICATION WAS NOT SELECTED
Control Ref.
Security Req./
Control
Security Category
ControlType
PlannedImp.
ActualImp.
Test#(s)
Methods Tailored
Result Notes4300A SI-7 Integrity
and Information Integrity (O)
NIST 800-53 w/ DHS 4300A SI-7
(1)
Software and Information
Integrity
Software, Firmware,
and Information Integrity (O)
Not Specified Not Entered Not Assigned SI-7(1).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A SI-7
(2)
Software and Information
Integrity
Software, Firmware,
and Information Integrity (O)
Not Specified Not Entered Not Assigned SI-7(2).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A SI-7
(5)
Software and Information
Integrity
Software, Firmware,
and Information Integrity (O)
Not Specified Not Entered Not Assigned SI-7(5).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A SI-7
(7)
Software and Information
Integrity
Software, Firmware,
and Information Integrity (O)
Not Specified Not Entered Not Assigned SI-7(7).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A SI-7
(14)
Software and Information
Integrity
Software, Firmware,
and Information Integrity (O)
Not Specified Not Entered Not Assigned SI-7(14).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A SI-7
(DHS-5.1.1.e)
Software and Information
Integrity
Software, Firmware,
and Information Integrity (O)
Not Specified Not Entered Not AssignedSI-
7(DHS-5.1.1.e)
X X - - - Not Met None
NIST 800-53 w/ DHS 4300A SI-8
Spam Protection
Spam Protection
(O)Not Specified Not Entered Not Assigned SI-8.1 X X - - - Not Met None
NIST 800-53 w/ DHS
Spam Protection
Spam Protection
Not Specified Not Entered Not Assigned SI-8(1).1 X X - - - Not Met None
CLASSIFICATION WAS NOT SELECTED59
CLASSIFICATION WAS NOT SELECTED
Control Ref.
Security Req./
Control
Security Category
ControlType
PlannedImp.
ActualImp.
Test#(s)
Methods TailoredResult Notes4300A SI-8
(1) (O)
NIST 800-53 w/ DHS 4300A SI-8
(2)
Spam Protection
Spam Protection
(O)Not Specified Not Entered Not Assigned SI-8(2).1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A SI-
10
Information Input
Validation
Information Input
Validation (O)
Not Specified Not Entered Not Assigned SI-10.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A SI-
11
Error Handling
Error Handling (O) Not Specified Not Entered Not Assigned SI-11.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A SI-
12
Information Output
Handling and Retention
Information Handling and Retention (O)
Not Specified Not Entered Not Assigned SI-12.1 X X - - - Not Met None
NIST 800-53 w/ DHS 4300A SI-
16
Memory Protection
Memory Protection
(O)Not Specified Not Entered Not Assigned SI-16.1 X X - - - Not Met None
CLASSIFICATION WAS NOT SELECTED60