| AC |
Access Control |
Access |
| AT |
Awareness and Training |
Roles and Responsibilities |
| AU |
Audit and Accountability |
Roles and Responsibilities; Compliance Audits |
| CA |
Security Assessment and Authorization |
Risk Management; Access |
| CM |
Configuration Management |
Configuration and Change Management |
| CP |
Contingency Planning |
Business Continuity and Disaster Recovery |
| IA |
Identification and Authentication |
Access |
| IR |
Incident Response |
Incident Response; Breach Notification |
| MA |
Maintenance |
Configuration and Change Management |
| PE |
Physical and Environmental Protection |
Facility and Physical Security |
| PL |
Planning |
Security Program Overview; Security Architecture & Operating Model |
| PS |
Personnel Security |
HR & Personnel Security |
| RA |
Risk Assessment |
Risk Management |
| SA |
System and Services Acquisition |
Third Party Security, Vendor Risk Management and Systems/Services Acquisition |
| SC |
System and Communications Protection |
Data Management; Data Protection; and Threat Detection & Prevention |
| SI |
System and Information Integrity |
Data Management; Data Protection; Product Security & Secure Software Development; Vulnerability Management;and System Audits, Monitoring & Assessments |
| PM |
Program Management |
Security Program Overview; Roles and Responsibilities; and Policy Management |