If you’re used to working with a specific HITRUST framework control, you can use this guide to identify its corresponding Unified Control.
For more information, and to view other framework control maps, visit Unified Controls FAQ.
HITRUST Control | Unified Control |
04.01x1Organizational.5-e1 Mobile Computing and Communications | CTRL-112 Encryption of Data at Rest and in Transit |
04.01x1Organizational.5-i1 Encryption of Mobile Devices | CTRL-112 Encryption of Data at Rest and in Transit |
04.01x1Organizational.5-r2 Mobile Computing and Communications | CTRL-112 Encryption of Data at Rest and in Transit |
06.09b1System.2-e1 Change Management | CTRL-190 Change Management and Software Development Life Cycle |
06.09b1System.2-i1 Change Management | CTRL-190 Change Management and Software Development Life Cycle |
06.09b1System.2-r2 Change Management | CTRL-190 Change Management and Software Development Life Cycle |
07.07a1Organizational.8-e1 IT Asset Inventory Review | CTRL-435 System Inventory |
07.07a1Organizational.8-i1 Inventory of Assets Review | CTRL-435 System Inventory |
07.07a1Organizational.8-r2 Inventory of Assets | CTRL-435 System Inventory |
07.10m1Organizational.2-e1 Security Updates | CTRL-652 Vulnerability Management |
07.10m1Organizational.2-i1 Automated Software Update | CTRL-652 Vulnerability Management |
07.10m1Organizational.2-r2 Control of Technical Vulnerabilities | CTRL-652 Vulnerability Management |
07.10m1Organizational.3-e1 Vulnerability Scans | CTRL-652 Vulnerability Management |
07.10m1Organizational.3-i1 Vulnerability Scans | CTRL-652 Vulnerability Management |
07.10m1Organizational.3-r2 Control of Technical Vulnerabilities | CTRL-652 Vulnerability Management |
08.09m1Organizational.8-e1 Malicious Addresses Controls | CTRL-822 Malicious Code Protection |
08.09m1Organizational.8-i1 Network Controls | CTRL-208 Configuration Management |
08.09m1Organizational.8-r2 Network Controls | CTRL-208 Configuration Management |
09.09v1Organizational.7-e1 Email Filtering | CTRL-883 Spam and Phishing Protection |
09.09v1Organizational.7-i1 Email Filtering | CTRL-883 Spam and Phishing Protection |
09.09v1Organizational.7-r2 Electronic Messaging | CTRL-883 Spam and Phishing Protection |
10.01d1System.10-e1 Password Policy | CTRL-349 Password-Based Authentication |
10.01d1System.10-i1 Password Policy | CTRL-349 Password-Based Authentication |
10.01d1System.10-r2 User Password Management | CTRL-349 Password-Based Authentication |
11.01e1System.2-e1 Review of User Access Rights | CTRL-73 Review of User Privileges |
11.01e1System.2-i1 Review of User Access Rights | CTRL-73 Review of User Privileges |
11.01e1System.2-r2 Review of User Access Rights | CTRL-73 Review of User Privileges |
11.01p1System.5-e1 Secure Logon Procedures | CTRL-77 Unsuccessful Logon Attempts |
11.01p1System.5-i1 Secure Log-on Procedures | CTRL-77 Unsuccessful Logon Attempts |
11.01p1System.5-r2 Secure Log-on Procedures | CTRL-77 Unsuccessful Logon Attempts |
11.01q1System.3-e1 Admin Account MFA | CTRL-320 Multi-Factor Authentication |
11.01q1System.3-i1 Privileged MFA | CTRL-320 Multi-Factor Authentication |
11.01q1System.3-r2 User Identification and Authentication | CTRL-320 Multi-Factor Authentication |
11.01q1System.4-e1 All Accounts MFA | CTRL-320 Multi-Factor Authentication |
11.01q1System.4-i1 Non-Privileged MFA | CTRL-320 Multi-Factor Authentication |
11.01q1System.4-r2 User Identification and Authentication | CTRL-320 Multi-Factor Authentication |
13.02e1Organizational.6-e1 Phishing Awareness Training | CTRL-245 Security and Privacy Awareness Training |
13.02e1Organizational.6-i1 Phishing Awareness Training | CTRL-245 Security and Privacy Awareness Training |
13.02e1Organizational.6-r2 Information Security Awareness, Education, and Training | CTRL-245 Security and Privacy Awareness Training |
15.11aHIPAAOrganizational.3-r2 Reporting Information Security Events | CTRL-416 Incident Reporting |
15.11aHIPAAOrganizational.4-r2 Reporting Information Security Events | CTRL-416 Incident Reporting |
15.11aHIPAAOrganizational.5-r2 Reporting Information Security Events | CTRL-416 Incident Reporting |
16.09l1Organizational.4-e1 Offline Backup Storage | CTRL-283 Alternate Storage Site |
16.09l1Organizational.4-i1 Offline Backup Storage | CTRL-283 Alternate Storage Site |
16.09l1Organizational.4-r2 Offline Backup Storage | CTRL-283 Alternate Storage Site |
099.09m2Organizational.11-r2 Network Controls | CTRL-112 Encryption of Data at Rest and in Transit |
0101.00a1Organizational.123-i1 Information Security Management Program | CTRL-431 Information Security Policy and Procedures |
0101.00a1Organizational.123-r2 Information Security Management Program | CTRL-431 Information Security Policy and Procedures |
0102.00a2Organizational.123-r2 Information Security Management Program | CTRL-431 Information Security Policy and Procedures |
0104.02a1Organizational.12-i1 Roles and Responsibilities | CTRL-545 Position Descriptions |
0104.02a1Organizational.12-r2 Roles and Responsibilities | CTRL-545 Position Descriptions |
0109.02d1Organizational.4-i1 Management Responsibilities | CTRL-539 Access Agreements |
0109.02d1Organizational.4-r2 Management Responsibilities | CTRL-539 Access Agreements |
0113.04a1Organizational.2-e1 Information Security Policy Document | CTRL-431 Information Security Policy and Procedures |
0113.04a1Organizational.2-i1 Information Security Policy Document | CTRL-431 Information Security Policy and Procedures |
0113.04a1Organizational.2-r2 Information Security Policy Document | CTRL-431 Information Security Policy and Procedures |
0113.04a2Organizational.1-r2 Information Security Policy Document | CTRL-431 Information Security Policy and Procedures |
0114.04b1Organizational.1-i1 Review of the Information Security Policy | CTRL-431 Information Security Policy and Procedures |
0117.05a1Organizational.1-i1 Management Commitment to Information Security | CTRL-432 Information Security Program Leadership Role |
0117.05a1Organizational.1-r2 Management Commitment to Information Security | CTRL-432 Information Security Program Leadership Role |
0126.05b1Organizational.1-i1 Information Security Coordination | CTRL-434 Plan of Action and Milestones Process |
0126.05b1Organizational.1-r2 Information Security Coordination | CTRL-434 Plan of Action and Milestones Process |
0135.02f1Organizational.56-i1 Disciplinary Process | CTRL-544 Personnel Sanctions |
0135.02f1Organizational.56-r2 Disciplinary Process | CTRL-544 Personnel Sanctions |
0151.02c1Organizational.23-i1 Terms and Conditions of Employment | CTRL-539 Access Agreements |
0151.02c1Organizational.23-r2 Terms and Conditions of Employment | CTRL-539 Access Agreements |
0168.05b2Organizational.5-r2 Information Security Coordination | CTRL-431 Information Security Policy and Procedures |
0173.05c1Organizational.45-i1 Allocation of Information Security Responsibilities | CTRL-432 Information Security Program Leadership Role |
0173.05c1Organizational.45-r2 Allocation of Information Security Responsibilities | CTRL-432 Information Security Program Leadership Role |
0180.05h1Organizational.4-i1 Independent Review of Information Security | CTRL-167 Continuous Monitoring |
0180.05h1Organizational.4-r2 Independent Review of Information Security | CTRL-167 Continuous Monitoring |
0181.06a1Organizational.12-i1 Identification of Applicable Legislation | CTRL-245 Security and Privacy Awareness Training |
0181.06a1Organizational.12-r2 Identification of Applicable Legislation | CTRL-245 Security and Privacy Awareness Training |
0183.07b1Organizational.1-i1 Ownership of Assets | CTRL-435 System Inventory |
0183.07b1Organizational.1-r2 Ownership of Assets | CTRL-435 System Inventory |
0193.09a1System.3-i1 Documented Operations Procedures | CTRL-431 Information Security Policy and Procedures |
0193.09a1System.3-r2 Documented Operations Procedures | CTRL-431 Information Security Policy and Procedures |
0199.00aHIXOrganizational.2-r2 Information Security Management Program | CTRL-431 Information Security Policy and Procedures |
0201.09j1Organizational.124-i1 Controls Against Malicious Code | CTRL-883 Spam and Phishing Protection |
0201.09j1Organizational.124-r2 Controls Against Malicious Code | CTRL-883 Spam and Phishing Protection |
0207.09j1Organizational.6-i1 Centrally Managed Spam Protection | CTRL-883 Spam and Phishing Protection |
0207.09j1Organizational.6-r2 Controls Against Malicious Code | CTRL-883 Spam and Phishing Protection |
0210.01g1Organizational.1-i1 Unattended User Equipment | CTRL-539 Access Agreements |
0210.01g1Organizational.1-r2 Unattended User Equipment | CTRL-539 Access Agreements |
0217.09j1Organizational.7-i1 Spam Protection Configurations | CTRL-883 Spam and Phishing Protection |
0217.09j1Organizational.7-r2 Controls Against Malicious Code | CTRL-883 Spam and Phishing Protection |
0226.09k1Organizational.2-e1 Controls Against Mobile Code | CTRL-822 Malicious Code Protection |
0226.09k1Organizational.2-i1 Mobile Code Protection | CTRL-822 Malicious Code Protection |
0226.09k1Organizational.2-r2 Controls Against Mobile Code | CTRL-822 Malicious Code Protection |
0265.09m1Organizational.2-e1 Default Deny | CTRL-950 Boundary Protection |
0265.09m1Organizational.2-i1 Default Deny Firewall | CTRL-950 Boundary Protection |
0265.09m1Organizational.2-r2 Network Controls | CTRL-950 Boundary Protection |
0302.09o1Organizational.3-i1 Removable Media Transmission | CTRL-506 Media Transport |
0302.09o1Organizational.3-r2 Management of Removable Media | CTRL-506 Media Transport |
0304.09o1Organizational.2-e1 Management of Removable Media | CTRL-520 Media Use |
0304.09o1Organizational.2-i1 Restrict Writable Removable Media | CTRL-520 Media Use |
0304.09o1Organizational.2-r2 Management of Removable Media | CTRL-520 Media Use |
0305.09q1Organizational.12-i1 Information Handling Procedures | CTRL-502 Media Marking |
0305.09q1Organizational.12-r2 Information Handling Procedures | CTRL-502 Media Marking |
0311.09o1Organizational.5-i1 Removable Media Sanitization | CTRL-511 Media Sanitization and Disposal |
0311.09o1Organizational.5-r2 Management of Removable Media | CTRL-511 Media Sanitization and Disposal |
0321.09u1Organizational.2-i1 Physical Media in Transit | CTRL-506 Media Transport |
0321.09u1Organizational.2-r2 Physical Media in Transit | CTRL-506 Media Transport |
0322.09u2Organizational.12-r2 Media Encryption | CTRL-503 Media Storage |
0323.09u2Organizational.3-r2 Physical Media in Transit | CTRL-506 Media Transport |
0330.09o1Organizational.4-i1 Removable Media Business Need | CTRL-520 Media Use |
0330.09o1Organizational.4-r2 Management of Removable Media | CTRL-520 Media Use |
0403.01x1Organizational.5-i1 Mobile Device Monitoring | CTRL-79 Mobile Device Management |
0403.01x1Organizational.5-r2 Mobile Computing and Communications | CTRL-79 Mobile Device Management |
0404.01x1Organizational.5-i1 Mobile Device Travel | CTRL-79 Mobile Device Management |
0407.01y1Organizational.4-i1 Teleworking Physical Security | CTRL-596 Alternate Work Site |
0407.01y1Organizational.4-r2 Teleworking | CTRL-596 Alternate Work Site |
0415.01y1Organizational.10-i1 Teleworking Security | CTRL-596 Alternate Work Site |
0415.01y1Organizational.10-r2 Teleworking | CTRL-596 Alternate Work Site |
0429.01x1Organizational.5-i1 Mobile Device Security | CTRL-79 Mobile Device Management |
0429.01x1Organizational.5-r2 Mobile Computing and Communications | CTRL-79 Mobile Device Management |
0501.09m1Organizational.10-i1 WAP Default | CTRL-121 Wireless Network |
0501.09m1Organizational.11-i1 Wireless Encryption Keys | CTRL-121 Wireless Network |
0502.09m1Organizational.5-e1 Wireless Access Security | CTRL-121 Wireless Network |
0502.09m1Organizational.5-i1 Wireless Access Approval | CTRL-121 Wireless Network |
0503.09m1Organizational.6-i1 Wireless Access Security | CTRL-121 Wireless Network |
0504.09m1Organizational.13-i1 Perimeter Firewalls | CTRL-950 Boundary Protection |
0504.09m1Organizational.13-r2 Network Controls | CTRL-950 Boundary Protection |
0505.09m1Organizational.11-i1 Wireless Access Point Scans | CTRL-652 Vulnerability Management |
0505.09m1Organizational.11-r2 Network Controls | CTRL-652 Vulnerability Management |
0506.09m1Organizational.11-i1 Network Controls | CTRL-121 Wireless Network |
0601.06g1Organizational.124-i1 Compliance with Security Policies and Standards | CTRL-652 Vulnerability Management |
0601.06g1Organizational.124-r2 Compliance with Security Policies and Standards | CTRL-149 Control Assessments |
0605.10h2System.7-r2 Control of Operational Software | CTRL-190 Change Management and Software Development Life Cycle |
0606.10h2System.1-r2 Control of Operational Software | CTRL-190 Change Management and Software Development Life Cycle |
0607.10h2System.23-r2 Control of Operational Software | CTRL-208 Configuration Management |
0613.06h1Organizational.12-i1 Technical Compliance Checking | CTRL-208 Configuration Management |
0613.06h1Organizational.12-r2 Technical Compliance Checking | CTRL-208 Configuration Management |
0625.10c2System.8-r2 Control of Internal Processing | CTRL-208 Configuration Management |
0627.10h1System.45-e1 Control of Operational Software | CTRL-1109 Supplier Assessments and Reviews |
0627.10h1System.45-i1 Control of Operational Software | CTRL-1109 Supplier Assessments and Reviews |
0627.10h1System.45-r2 Control of Operational Software | CTRL-1109 Supplier Assessments and Reviews |
0628.10h2System.8-r2 Control of Operational Software | CTRL-190 Change Management and Software Development Life Cycle |
0629.10h2System.45-r2 Control of Operational Software | CTRL-190 Change Management and Software Development Life Cycle |
0630.10h2System.6-r2 Control of Operational Software | CTRL-16 Access Provisioning |
0633.10j1System.1-i1 Access Control to Program Source Code | CTRL-9 Privileged User Accounts |
0633.10j1System.1-r2 Access Control to Program Source Code | CTRL-9 Privileged User Accounts |
0636.10k1Organizational.3-i1 Change Control Procedures | CTRL-190 Change Management and Software Development Life Cycle |
0636.10k1Organizational.3-r2 Change Control Procedures | CTRL-190 Change Management and Software Development Life Cycle |
0663.10h2System.9-r2 Control of Operational Software | CTRL-950 Boundary Protection |
0663.10h2System.10-r2 Control of Operational Software | CTRL-184 Authorized / Unauthorized Software |
0664.10h2System.10-r2 Control of Operational Software | CTRL-184 Authorized / Unauthorized Software |
0666.10h1System.5-i1 Authorized Software | CTRL-184 Authorized / Unauthorized Software |
0666.10h1System.5-r2 Control of Operational Software | CTRL-184 Authorized / Unauthorized Software |
0667.10h1System.6-i1 Application Allow Listing Technology | CTRL-184 Authorized / Unauthorized Software |
0667.10h1System.6-r2 Control of Operational Software | CTRL-184 Authorized / Unauthorized Software |
0701.07a1Organizational.7-e1 IT Asset Inventory | CTRL-435 System Inventory |
0701.07a1Organizational.7-i1 Inventory of Assets | CTRL-435 System Inventory |
0701.07a1Organizational.7-r2 Inventory of Assets | CTRL-435 System Inventory |
0701.07a1Organizational.8-i1 Inventory of Assets Information | CTRL-435 System Inventory |
0701.07a1Organizational.8-r2 Inventory of Assets | CTRL-435 System Inventory |
0703.07a2Organizational.1-r2 Inventory of Assets | CTRL-435 System Inventory |
0704.07a1Organizational.8-i1 Inventory of Assets Process | CTRL-435 System Inventory |
0704.07a1Organizational.8-r2 Inventory of Assets | CTRL-435 System Inventory |
0704.07a1Organizational.9-i1 Inventory of Assets ID | CTRL-435 System Inventory |
0704.07a1Organizational.9-r2 Inventory of Assets | CTRL-435 System Inventory |
0706.10b1System.2-i1 Input Data Validation | CTRL-190 Change Management and Software Development Life Cycle |
0706.10b1System.2-r2 Input Data Validation | CTRL-190 Change Management and Software Development Life Cycle |
0707.10b2System.1-r2 Input Data Validation | CTRL-652 Vulnerability Management |
0709.10m1Organizational.1-i1 Vulnerability Risk and Remediation | CTRL-652 Vulnerability Management |
0709.10m1Organizational.1-r2 Control of Technical Vulnerabilities | CTRL-652 Vulnerability Management |
0715.10m1Organizational.4-i1 Control of Technical Vulnerabilities | CTRL-118 Network Protocols |
0715.10m1Organizational.4-r2 Control of Technical Vulnerabilities | CTRL-118 Network Protocols |
0732.09r1Organizational.3-i1 Security of System Documentation | CTRL-9 Privileged User Accounts |
0732.09r1Organizational.3-r2 Security of System Documentation | CTRL-9 Privileged User Accounts |
0733.10b2System.4-r2 Input Data Validation | CTRL-190 Change Management and Software Development Life Cycle |
0778.10m1Organizational.5-i1 Vulnerability Comparison | CTRL-652 Vulnerability Management |
0778.10m1Organizational.5-r2 Control of Technical Vulnerabilities | CTRL-652 Vulnerability Management |
0791.10b2System.5-r2 Input Data Validation | CTRL-190 Change Management and Software Development Life Cycle |
0802.01i1Organizational.2-i1 Policy on the Use of Network Services | CTRL-1 Access Control Policy and Procedures |
0802.01i1Organizational.2-r2 Policy on the Use of Network Services | CTRL-1 Access Control Policy and Procedures |
0805.01m1Organizational.12-e1 Segregation in Networks | CTRL-950 Boundary Protection |
0805.01m1Organizational.12-i1 Segregation in Networks | CTRL-950 Boundary Protection |
0805.01m1Organizational.12-r2 Segregation in Networks | CTRL-950 Boundary Protection |
0808.10b2System.3-r2 Input Data Validation | CTRL-950 Boundary Protection |
0809.01n2Organizational.1234-r2 Network Connection Control | CTRL-950 Boundary Protection |
0810.01n2Organizational.5-r2 Network Connection Control | CTRL-112 Encryption of Data at Rest and in Transit |
0811.01n2Organizational.6-r2 Network Connection Control | CTRL-950 Boundary Protection |
0812.01n2Organizational.8-r2 Network Connection Control | CTRL-950 Boundary Protection |
0814.01n1Organizational.12-i1 Network Connection Control | CTRL-950 Boundary Protection |
0814.01n1Organizational.12-r2 Network Connection Control | CTRL-950 Boundary Protection |
0815.01o1Organizational.1-i1 Network Routing Control | CTRL-950 Boundary Protection |
0815.01o1Organizational.1-r2 Network Routing Control | CTRL-950 Boundary Protection |
0816.01w1System.1-i1 Sensitive System Isolation | CTRL-896 Information Management and Retention |
0816.01w1System.1-r2 Sensitive System Isolation | CTRL-896 Information Management and Retention |
0820.01k1System.3-i1 Equipment Identification in Networks | CTRL-110 Remote Access |
0820.01k1System.3-r2 Equipment Identification in Networks | CTRL-110 Remote Access |
0821.09m2Organizational.2-r2 Network Controls | CTRL-950 Boundary Protection |
0822.09m2Organizational.4-r2 Network Controls | CTRL-950 Boundary Protection |
0825.09m1Organizational.14-i1 IDS / IPS | CTRL-833 Logging and Monitoring |
0825.09m1Organizational.14-r2 Network Controls | CTRL-833 Logging and Monitoring |
0835.09n1Organizational.1-i1 Security of Network Services | CTRL-1109 Supplier Assessments and Reviews |
0835.09n1Organizational.1-r2 Security of Network Services | CTRL-1109 Supplier Assessments and Reviews |
0861.09m2Organizational.67-r2 Network Controls | CTRL-112 Encryption of Data at Rest and in Transit |
0862.09m2Organizational.8-r2 Network Controls | CTRL-112 Encryption of Data at Rest and in Transit |
0863.09m2Organizational.910-r2 Network Controls | CTRL-950 Boundary Protection |
0864.09m2Organizational.12-r2 Network Controls | CTRL-950 Boundary Protection |
0865.09m2Organizational.14-r2 Network Controls | CTRL-950 Boundary Protection |
0903.10f1Organizational.1-i1 Policy on the Use of Cryptographic Controls | CTRL-112 Encryption of Data at Rest and in Transit |
0903.10f1Organizational.1-r2 Policy on the Use of Cryptographic Controls | CTRL-112 Encryption of Data at Rest and in Transit |
0905.10g1Organizational.12-i1 Key Management | CTRL-194 Cryptography Management |
0905.10g1Organizational.12-r2 Key Management | CTRL-194 Cryptography Management |
0913.09s1Organizational.5-i1 Information Exchange Policies and Procedures | CTRL-112 Encryption of Data at Rest and in Transit |
0913.09s1Organizational.5-r2 Information Exchange Policies and Procedures | CTRL-112 Encryption of Data at Rest and in Transit |
0928.09v2Organizational.1-r2 Electronic Messaging | CTRL-112 Encryption of Data at Rest and in Transit |
0931.09v1Organizational.8-e1 Email Security | CTRL-883 Spam and Phishing Protection |
0931.09v1Organizational.8-i1 Electronic Messaging | CTRL-883 Spam and Phishing Protection |
0931.09v1Organizational.8-r2 Electronic Messaging | CTRL-883 Spam and Phishing Protection |
0936.09w1Organizational.1-i1 Interconnected Business Information Systems | CTRL-178 Interconnected Systems |
0936.09w1Organizational.1-r2 Interconnected Business Information Systems | CTRL-178 Interconnected Systems |
0939.09x1Organizational.2-i1 Electronic Commerce Services | CTRL-1128 Customer Agreements |
0945.09y1Organizational.3-i1 On-line Transactions | CTRL-112 Encryption of Data at Rest and in Transit |
0945.09y1Organizational.3-r2 On-line Transactions | CTRL-112 Encryption of Data at Rest and in Transit |
0947.09y2Organizational.2-r2 On-line Transactions | CTRL-112 Encryption of Data at Rest and in Transit |
0948.09y2Organizational.3-r2 On-line Transactions | CTRL-112 Encryption of Data at Rest and in Transit |
0949.09y3Organizational.1-r2 On-line Transactions | CTRL-112 Encryption of Data at Rest and in Transit |
0954.10d1System.1-i1 Message Integrity | CTRL-112 Encryption of Data at Rest and in Transit |
0954.10d1System.1-r2 Message Integrity | CTRL-112 Encryption of Data at Rest and in Transit |
0965.09sGDPROrganizational.1-r2 Information Exchange Policies and Procedures | CTRL-153 Information Exchange |
0966.09sGDPROrganizational.2-r2 Information Exchange Policies and Procedures | CTRL-153 Information Exchange |
1002.01d2System.7-r2 User Password Management | CTRL-349 Password-Based Authentication |
1003.01d1System.3-i1 User Password Identification | CTRL-349 Password-Based Authentication |
1003.01d1System.3-r2 User Password Management | CTRL-349 Password-Based Authentication |
1004.01d2System.8-r2 User Password Management | CTRL-349 Password-Based Authentication |
1006.01d2System.1-r2 User Password Management | CTRL-349 Password-Based Authentication |
1007.01d2System.2-r2 User Password Management | CTRL-349 Password-Based Authentication |
1008.01d2System.3-r2 User Password Management | CTRL-539 Access Agreements |
1009.01d2System.4-r2 User Password Management | CTRL-349 Password-Based Authentication |
1011.01f1Organizational.1-i1 Password Use | CTRL-349 Password-Based Authentication |
1011.01f1Organizational.1-r2 Password Use | CTRL-349 Password-Based Authentication |
1012.01r2System.1-r2 Password Management System | CTRL-349 Password-Based Authentication |
1013.01r1System.2-i1 Password Management System | CTRL-349 Password-Based Authentication |
1013.01r1System.2-r2 Password Management System | CTRL-349 Password-Based Authentication |
1014.01d2System.9-r2 User Password Management | CTRL-349 Password-Based Authentication |
1015.01d2System.10-r2 User Password Management | CTRL-349 Password-Based Authentication |
1023.01d1System.11-e1 Default Password Controls | CTRL-353 Change Authenticators Prior To Delivery |
1023.01d1System.11-i1 Default Password Reset | CTRL-353 Change Authenticators Prior To Delivery |
1023.01d1System.11-r2 User Password Management | CTRL-353 Change Authenticators Prior To Delivery |
1031.01d2System.11-r2 User Password Management | CTRL-349 Password-Based Authentication |
1101.01a1Organizational.1245-i1 Access Control Policy | CTRL-1 Access Control Policy and Procedures |
1101.01a1Organizational.1245-r2 Access Control Policy | CTRL-1 Access Control Policy and Procedures |
1103.01a2Organizational.3-r2 Access Control Policy | CTRL-1 Access Control Policy and Procedures |
1105.09c1Organizational.2-i1 Segregation of Duties | CTRL-65 Separation of Duties |
1105.09c1Organizational.2-r2 Segregation of Duties | CTRL-65 Separation of Duties |
1106.01b2System.4-r2 User Registration | CTRL-16 Access Provisioning |
1107.01b1System.2-i1 User Registration | CTRL-535 Access Termination |
1107.01b1System.2-r2 User Registration | CTRL-208 Configuration Management |
1108.01b2System.5-r2 User Registration | CTRL-535 Access Termination |
1109.01b2System.6-r2 User Registration | CTRL-1 Access Control Policy and Procedures |
01109.02b1Organizational.7-i1 Personnel Screening | CTRL-530 Personnel Screening |
01109.02b1Organizational.7-r2 Screening | CTRL-530 Personnel Screening |
1110.01b2System.7-r2 User Registration | CTRL-539 Access Agreements |
1111.01b2System.1-r2 User Registration | CTRL-2 Shared and Temporary Accounts |
1114.01h1Organizational.123-i1 Clear Desk and Clear Screen Policy | CTRL-255 Physical Security Controls |
1114.01h1Organizational.123-r2 Clear Desk and Clear Screen Policy | CTRL-255 Physical Security Controls |
1117.01j1Organizational.23-i1 User Authentication for External Connections | CTRL-110 Remote Access |
1117.01j1Organizational.23-r2 User Authentication for External Connections | CTRL-110 Remote Access |
1123.01q1System.2-e1 Unique User IDs | CTRL-319 Identification and Authentication |
1123.01q1System.2-i1 User Identification and Authentication | CTRL-319 Identification and Authentication |
1123.01q1System.2-r2 User Identification and Authentication | CTRL-319 Identification and Authentication |
1124.01q2System.12-r2 User Identification and Authentication | CTRL-2 Shared and Temporary Accounts |
1125.01q2System.1-r2 User Identification and Authentication | CTRL-320 Multi-Factor Authentication |
1128.01q2System.5-r2 User Identification and Authentication | CTRL-319 Identification and Authentication |
1129.01v1System.12-i1 Information Access Restriction | CTRL-23 Role-Based Access Control |
1129.01v1System.12-r2 Information Access Restriction | CTRL-23 Role-Based Access Control |
1130.01v2System.1-r2 Information Access Restriction | CTRL-23 Role-Based Access Control |
1131.01v2System.2-r2 Information Access Restriction | CTRL-910 Information Output Filtering |
1132.01v2System.3-r2 Information Access Restriction | CTRL-319 Identification and Authentication |
1133.01v2System.4-r2 Information Access Restriction | CTRL-319 Identification and Authentication |
1134.01v3System.1-r2 Information Access Restriction | CTRL-110 Remote Access |
1139.01b2System.10-r2 User Registration | CTRL-319 Identification and Authentication |
1143.01c1System.123 Privilege Management | CTRL-23 Role-Based Access Control |
1143.01c1System.123-e1 Privilege Management | CTRL-23 Role-Based Access Control |
1143.01c1System.123-e1 User Access Management | CTRL-23 Role-Based Access Control |
1143.01c1System.123-i1 Access Control | CTRL-23 Role-Based Access Control |
1143.01c1System.123-r2 Privilege Management | CTRL-23 Role-Based Access Control |
1145.01c2System.1-r2 Privilege Management | CTRL-23 Role-Based Access Control |
1146.01c2System.23-r2 Privilege Management | CTRL-9 Privileged User Accounts |
1147.01c2System.456-r2 Privilege Management | CTRL-9 Privileged User Accounts |
1148.01c2System.78-r2 Privilege Management | CTRL-9 Privileged User Accounts |
1149.01c2System.9-r2 Privilege Management | CTRL-23 Role-Based Access Control |
1150.01c2System.10-r2 Privilege Management | CTRL-1 Access Control Policy and Procedures |
1151.01c1System.2-e1 Admin Access Privileges | CTRL-9 Privileged User Accounts |
1151.01c1System.2-i1 Limit Admin Access | CTRL-9 Privileged User Accounts |
1151.01c1System.2-r2 Privilege Management | CTRL-9 Privileged User Accounts |
1166.01e2System.3-r2 Review of User Access Rights | CTRL-73 Review of User Privileges |
1167.01e2System.1-r2 Review of User Access Rights | CTRL-73 Review of User Privileges |
1168.01e2System.2-r2 Review of User Access Rights | CTRL-73 Review of User Privileges |
1194.01l1Organizational.2-e1 Remote Diagnostic and Configuration Port Protection | CTRL-118 Network Protocols |
1194.01l1Organizational.2-i1 Remote Diagnostic and Configuration Port Protection | CTRL-118 Network Protocols |
1194.01l1Organizational.2-r2 Remote Diagnostic and Configuration Port Protection | CTRL-118 Network Protocols |
1202.09aa2System.5-r2 Audit Logging | CTRL-833 Logging and Monitoring |
1203.09aa1System.2-e1 Audit Record Detail | CTRL-833 Logging and Monitoring |
1203.09aa1System.2-i1 Audit Records | CTRL-833 Logging and Monitoring |
1203.09aa1System.2-r2 Audit Logging | CTRL-833 Logging and Monitoring |
1213.09ab2System.6-r2 Monitoring System Use | CTRL-833 Logging and Monitoring |
1214.09ab2System.3456-r2 Monitoring System Use | CTRL-833 Logging and Monitoring |
1223.09ac1System.1-e1 Protection of Log Information | CTRL-833 Logging and Monitoring |
1223.09ac1System.1-i1 Protection of Log Information | CTRL-833 Logging and Monitoring |
1223.09ac1System.1-r2 Protection of Log Information | CTRL-833 Logging and Monitoring |
1235.06j1Organizational.1-i1 Protection of Information Systems Audit Tools | CTRL-16 Access Provisioning |
1235.06j1Organizational.1-r2 Protection of Information Systems Audit Tools | CTRL-16 Access Provisioning |
1239.09aa1System.4-e1 Audit Log Retention | CTRL-833 Logging and Monitoring |
1239.09aa1System.4-i1 Audit Log Retention | CTRL-833 Logging and Monitoring |
1239.09aa1System.4-r2 Audit Logging | CTRL-833 Logging and Monitoring |
1270.09ad1System.12-i1 Administrator and Operator Logs | CTRL-833 Logging and Monitoring |
1270.09ad1System.12-r2 Administrator and Operator Logs | CTRL-833 Logging and Monitoring |
1272.09ae1System.13-i1 Fault Logging | CTRL-833 Logging and Monitoring |
1272.09ae1System.13-r2 Fault Logging | CTRL-833 Logging and Monitoring |
1295.09af1System.2-i1 Clock Synchronization | CTRL-1063 Synchronization |
1295.09af1System.2-r2 Clock Synchronization | CTRL-1063 Synchronization |
1304.02e1Organizational.7-i1 Role Based Training | CTRL-245 Security and Privacy Awareness Training |
1304.02e1Organizational.7-r2 Information Security Awareness, Education, and Training | CTRL-245 Security and Privacy Awareness Training |
1306.06e1Organizational.5-i1 Prevention of Misuse of Information Assets | CTRL-544 Personnel Sanctions |
1306.06e1Organizational.5-r2 Prevention of Misuse of Information Assets | CTRL-544 Personnel Sanctions |
1307.07c1Organizational.124-i1 Acceptable Use of Assets | CTRL-539 Access Agreements |
1307.07c1Organizational.124-r2 Acceptable Use of Assets | CTRL-539 Access Agreements |
1308.09j1Organizational.5-e1 Controls Against Malicious Code | CTRL-184 Authorized / Unauthorized Software |
1308.09j1Organizational.5-i1 Controls Against Malicious Code | CTRL-184 Authorized / Unauthorized Software |
1308.09j1Organizational.5-r2 Controls Against Malicious Code | CTRL-184 Authorized / Unauthorized Software |
1334.02e2Organizational.12-r2 Information Security Awareness, Education, and Training | CTRL-245 Security and Privacy Awareness Training |
1336.02e2Organizational.10-r2 Information Security Awareness, Education, and Training | CTRL-245 Security and Privacy Awareness Training |
1403.05i1Organizational.67-e1 Identification of Risks Related to External Parties | CTRL-16 Access Provisioning |
1403.05i1Organizational.67-i1 Identification of Risks Related to External Parties | CTRL-16 Access Provisioning |
1403.05i1Organizational.67-r2 Identification of Risks Related to External Parties | CTRL-16 Access Provisioning |
1406.05k2Organizational.2-r2 Addressing Security in Third Party Agreements | CTRL-1129 Third-Party Agreements |
1406.05k2Organizational.3-r2 Addressing Security in Third Party Agreements | CTRL-1129 Third-Party Agreements |
1408.09e1System.1-i1 Service Delivery | CTRL-1128 Customer Agreements |
1408.09e1System.1-r2 Service Delivery | CTRL-1128 Customer Agreements |
1411.09f1System.1-i1 Monitoring and Review of Third Party Services | CTRL-1128 Customer Agreements |
1411.09f1System.1-r2 Monitoring and Review of Third Party Services | CTRL-1128 Customer Agreements |
1414.09g1System.1-i1 Managing Changes to Third Party Services | CTRL-1094 Third-Party Risk Management Policy and Procedures |
1414.09g1System.1-r2 Managing Changes to Third Party Services | CTRL-1094 Third-Party Risk Management Policy and Procedures |
1416.10l1Organizational.1-i1 Outsourced Software Development | CTRL-1129 Third-Party Agreements |
1416.10l1Organizational.1-r2 Outsourced Software Development | CTRL-1129 Third-Party Agreements |
1419.05j1Organizational.12-i1 Addressing Security When Dealing with Customers | CTRL-1129 Third-Party Agreements |
1419.05j1Organizational.12-r2 Addressing Security When Dealing with Customers | CTRL-1129 Third-Party Agreements |
1428.05k1Organizational.2-i1 Addressing Security in Third Party Agreements | CTRL-1128 Customer Agreements |
1428.05k1Organizational.2-r2 Addressing Security in Third Party Agreements | CTRL-1128 Customer Agreements |
1444.09t1Organizational.12-i1 Exchange Agreements | CTRL-1129 Third-Party Agreements |
1444.09t1Organizational.12-r2 Exchange Agreements | CTRL-1129 Third-Party Agreements |
1464.05kGDPROrganizational.1-r2 Addressing Security in Third Party Agreements | CTRL-1129 Third-Party Agreements |
1465.05kGDPROrganizational.2-r2 Addressing Security in Third Party Agreements | CTRL-1129 Third-Party Agreements |
1466.05kGDPROrganizational.3-r2 Addressing Security in Third Party Agreements | CTRL-1129 Third-Party Agreements |
1467.05kGDPROrganizational.4-r2 Addressing Security in Third Party Agreements | CTRL-1129 Third-Party Agreements |
1468.05kGDPROrganizational.5-r2 Addressing Security in Third Party Agreements | CTRL-1129 Third-Party Agreements |
1504.06e2Organizational.2-r2 Prevention of Misuse of Information Assets | CTRL-435 System Inventory |
1506.11a1Organizational.2-i1 Reporting Information Security Events | CTRL-423 Incident Response Plan |
1506.11a1Organizational.2-r2 Reporting Information Security Events | CTRL-423 Incident Response Plan |
1510.11a2Organizational.47-r2 Reporting Information Security Events | CTRL-416 Incident Reporting |
1535.11b1Organizational.12-i1 Reporting Security Weaknesses | CTRL-416 Incident Reporting |
1535.11b1Organizational.12-r2 Reporting Security Weaknesses | CTRL-416 Incident Reporting |
1560.11d1Organizational.1-i1 Post Incident Learnings | CTRL-423 Incident Response Plan |
1560.11d1Organizational.1-r2 Learning from Information Security Incidents | CTRL-423 Incident Response Plan |
1561.11c1Organizational.4-e1 Responsibilities and Procedures | CTRL-423 Incident Response Plan |
1561.11c1Organizational.4-i1 Incident Handling Responsibilities | CTRL-423 Incident Response Plan |
1561.11c1Organizational.4-r2 Responsibilities and Procedures | CTRL-423 Incident Response Plan |
1563.11d1Organizational.2-i1 Post Incident Analysis | CTRL-423 Incident Response Plan |
1563.11d1Organizational.2-r2 Learning from Information Security Incidents | CTRL-423 Incident Response Plan |
1569.11e1Organizational.12-i1 Collection of Evidence | CTRL-398 Incident Evidence |
1569.11e1Organizational.12-r2 Collection of Evidence | CTRL-398 Incident Evidence |
1589.11aGDPROrganizational.1-r2 Reporting Information Security Events | CTRL-416 Incident Reporting |
1589.11c1Organizational.5-i1 Incident Response Test | CTRL-394 Incident Response Testing |
1589.11c1Organizational.5-r2 Responsibilities and Procedures | CTRL-394 Incident Response Testing |
1590.11aGDPROrganizational.2-r2 Reporting Information Security Events | CTRL-416 Incident Reporting |
1591.11aGDPROrganizational.3-r2 Reporting Information Security Events | CTRL-416 Incident Reporting |
1592.11aGDPROrganizational.4-r2 Reporting Information Security Events | CTRL-416 Incident Reporting |
1593.11aGDPROrganizational.5-r2 Reporting Information Security Events | CTRL-416 Incident Reporting |
1601.12c2Organizational.7-r2 Developing and Implementing Continuity Plans Including Information Security | CTRL-264 Contingency Plan |
1602.12c1Organizational.4567-i1 Developing and Implementing Continuity Plans Including Information Security | CTRL-264 Contingency Plan |
1602.12c1Organizational.4567-r2 Developing and Implementing Continuity Plans Including Information Security | CTRL-264 Contingency Plan |
1611.09h1System.2-i1 Capacity Management | CTRL-266 Capacity Planning |
1611.09h1System.2-r2 Capacity Management | CTRL-266 Capacity Planning |
1612.09h2System.1-r2 Capacity Management | CTRL-266 Capacity Planning |
1613.09h2System.2-r2 Capacity Management | CTRL-266 Capacity Planning |
1614.09h2System.3-r2 Capacity Management | CTRL-266 Capacity Planning |
1616.09l1Organizational.16-e1 Backup Settings and Restoration Tests | CTRL-300 System Backup |
1616.09l1Organizational.16-i1 Backups | CTRL-300 System Backup |
1616.09l1Organizational.16-r2 Back-up | CTRL-300 System Backup |
1617.09l1Organizational.23-i1 Backup Requirements | CTRL-300 System Backup |
1617.09l1Organizational.23-r2 Back-up | CTRL-300 System Backup |
1618.09l1Organizational.45-e1 Physical Backup Storage Controls | CTRL-283 Alternate Storage Site |
1618.09l1Organizational.45-i1 Physical Backup Storage Controls | CTRL-283 Alternate Storage Site |
1618.09l1Organizational.45-r2 Physical Backup Storage Controls | CTRL-283 Alternate Storage Site |
1621.09l2Organizational.1-r2 Back-up | CTRL-300 System Backup |
1622.09l2Organizational.23-r2 Back-up | CTRL-300 System Backup |
1623.09l2Organizational.4-r2 Back-up | CTRL-300 System Backup |
1626.09l3Organizational.5-r2 Back-up | CTRL-300 System Backup |
1632.12a1Organizational.1-i1 Including Information Security in the Business Continuity Management Process | CTRL-266 Capacity Planning |
1632.12a1Organizational.1-r2 Including Information Security in the Business Continuity Management Process | CTRL-266 Capacity Planning |
1634.12b1Organizational.1-i1 Business Continuity and Risk Assessment | CTRL-264 Contingency Plan |
1634.12b1Organizational.1-r2 Business Continuity and Risk Assessment | CTRL-264 Contingency Plan |
1636.12b2Organizational.1-r2 Business Continuity and Risk Assessment | CTRL-264 Contingency Plan |
1637.12b2Organizational.2-r2 Business Continuity and Risk Assessment | CTRL-264 Contingency Plan |
1666.12d1Organizational.1235-i1 Business Continuity Planning Framework | CTRL-264 Contingency Plan |
1666.12d1Organizational.1235-r2 Business Continuity Planning Framework | CTRL-264 Contingency Plan |
1677.12e1Organizational.6-i1 Testing, Maintaining and Re-Assessing Business Continuity Plans | CTRL-276 Contingency Plan Testing |
1677.12e1Organizational.6-r2 Testing, Maintaining and Re-Assessing Business Continuity Plans | CTRL-276 Contingency Plan Testing |
1680.12e2Organizational.2-r2 Testing, Maintaining and Re-Assessing Business Continuity Plans | CTRL-276 Contingency Plan Testing |
1681.12e2Organizational.345-r2 Testing, Maintaining and Re-Assessing Business Continuity Plans | CTRL-276 Contingency Plan Testing |
1701.03a1Organizational.12345678-i1 Risk Management Program Development | CTRL-646 Risk Assessment |
1701.03a1Organizational.12345678-r2 Risk Management Program Development | CTRL-646 Risk Assessment |
1704.03b1Organizational.12-e1 Performing Risk Assessments | CTRL-646 Risk Assessment |
1704.03b1Organizational.12-i1 Performing Risk Assessments | CTRL-646 Risk Assessment |
1704.03b1Organizational.12-r2 Performing Risk Assessments | CTRL-646 Risk Assessment |
1706.03bHIPAAOrganizational.3-r2 Performing Risk Assessments | CTRL-646 Risk Assessment |
1708.03c2Organizational.12-r2 Risk Mitigation | CTRL-646 Risk Assessment |
1734.03d1Organizational.2-i1 Risk Evaluation | CTRL-646 Risk Assessment |
1734.03d1Organizational.2-r2 Risk Evaluation | CTRL-646 Risk Assessment |
1739.05d1Organizational.3-i1 Authorization Process for Information Assets and Facilities | CTRL-435 System Inventory |
1739.05d1Organizational.3-r2 Authorization Process for Information Assets and Facilities | CTRL-435 System Inventory |
1744.05f1Organizational.23-i1 Contact with Authorities | CTRL-264 Contingency Plan |
1744.05f1Organizational.23-r2 Contact with Authorities | CTRL-264 Contingency Plan |
1749.05g1Organizational.1-i1 Contact with Special Interest Groups | CTRL-447 Security and Privacy Groups and Associations |
1749.05g1Organizational.1-r2 Contact with Special Interest Groups | CTRL-447 Security and Privacy Groups and Associations |
1752.05g2Organizational.4-r2 Contact with Special Interest Groups | CTRL-447 Security and Privacy Groups and Associations |
1767.07d1Organizational.2-i1 Classification Guidelines | CTRL-896 Information Management and Retention |
1767.07d1Organizational.2-r2 Classification Guidelines | CTRL-896 Information Management and Retention |
1769.09i1System.12-i1 System Acceptance | CTRL-190 Change Management and Software Development Life Cycle |
1769.09i1System.12-r2 System Acceptance | CTRL-190 Change Management and Software Development Life Cycle |
1781.10a1Organizational.23-i1 Security Requirements Analysis and Specification | CTRL-190 Change Management and Software Development Life Cycle |
1781.10a1Organizational.23-r2 Security Requirements Analysis and Specification | CTRL-190 Change Management and Software Development Life Cycle |
1787.10a2Organizational.1-r2 Security Requirements Analysis and Specification | CTRL-431 Information Security Policy and Procedures |
1788.10a2Organizational.2-r2 Security Requirements Analysis and Specification | CTRL-190 Change Management and Software Development Life Cycle |
1789.10a2Organizational.3-r2 Security Requirements Analysis and Specification | CTRL-190 Change Management and Software Development Life Cycle |
1790.10a2Organizational.45-r2 Security Requirements Analysis and Specification | CTRL-190 Change Management and Software Development Life Cycle |
1791.10a2Organizational.6-r2 Security Requirements Analysis and Specification | CTRL-190 Change Management and Software Development Life Cycle |
1792.10a2Organizational.7814-r2 Security Requirements Analysis and Specification | CTRL-190 Change Management and Software Development Life Cycle |
1793.10a2Organizational.91011-r2 Security Requirements Analysis and Specification | CTRL-190 Change Management and Software Development Life Cycle |
1794.10a2Organizational.12-r2 Security Requirements Analysis and Specification | CTRL-190 Change Management and Software Development Life Cycle |
1795.10a2Organizational.13-r2 Security Requirements Analysis and Specification | CTRL-190 Change Management and Software Development Life Cycle |
1796.10a2Organizational.15-r2 Security Requirements Analysis and Specification | CTRL-1109 Supplier Assessments and Reviews |
1802.08b1Organizational.3-e1 Physical Entry Controls | CTRL-551 Physical Access Control |
1802.08b1Organizational.3-i1 Physical Access | CTRL-551 Physical Access Control |
1802.08b1Organizational.3-r2 Physical Entry Controls | CTRL-551 Physical Access Control |
1803.08b2Organizational.10-r2 Physical Entry Controls | CTRL-472 Maintenance Tools |
1825.08l2Organizational.1-r2 Secure Disposal or Re-Use of Equipment | CTRL-899 Information Disposal |
1826.09p1Organizational.1-e1 Disposal of Media | CTRL-899 Information Disposal |
1826.09p1Organizational.1-i1 Disposal of Media | CTRL-899 Information Disposal |
1826.09p1Organizational.1-r2 Disposal of Media | CTRL-899 Information Disposal |
1828.08a1Organizational.12-i1 Physical Security Perimeter | CTRL-255 Physical Security Controls |
1828.08a1Organizational.12-r2 Physical Security Perimeter | CTRL-255 Physical Security Controls |
1830.08a2Organizational.1-r2 Physical Security Perimeter | CTRL-255 Physical Security Controls |
1845.08b1Organizational.7-i1 Physical Security | CTRL-255 Physical Security Controls |
1845.08b1Organizational.7-r2 Physical Entry Controls | CTRL-255 Physical Security Controls |
1847.08b2Organizational.910-r2 Physical Entry Controls | CTRL-551 Physical Access Control |
1857.08c1Organizational.1-i1 Securing Offices, Rooms, and Facilities | CTRL-590 Environmental Controls |
1857.08c1Organizational.1-r2 Securing Offices, Rooms, and Facilities | CTRL-590 Environmental Controls |
1863.08d1Organizational.4-i1 Protecting Against External and Environmental Threats | CTRL-546 Physical and Environmental Protection Policy and Procedures |
1863.08d1Organizational.4-r2 Protecting Against External and Environmental Threats | CTRL-546 Physical and Environmental Protection Policy and Procedures |
1867.08e1Organizational.12-i1 Working in Secure Areas | CTRL-255 Physical Security Controls |
1867.08e1Organizational.12-r2 Working in Secure Areas | CTRL-255 Physical Security Controls |
1871.08f1Organizational.13-i1 Public Access, Delivery, and Loading Areas | CTRL-551 Physical Access Control |
1871.08f1Organizational.13-r2 Public Access, Delivery, and Loading Areas | CTRL-551 Physical Access Control |
1880.08g1Organizational.6-i1 Equipment Siting and Protection | CTRL-590 Environmental Controls |
1880.08g1Organizational.6-r2 Equipment Siting and Protection | CTRL-590 Environmental Controls |
1888.08h1Organizational.456-i1 Supporting Utilities | CTRL-590 Environmental Controls |
1888.08h1Organizational.456-r2 Supporting Utilities | CTRL-590 Environmental Controls |
1899.08i1Organizational.1-i1 Cabling Security | CTRL-255 Physical Security Controls |
1899.08i1Organizational.1-r2 Cabling Security | CTRL-255 Physical Security Controls |
1903.06d1Organizational.3456711-i1 Data Protection and Privacy of Covered Information | CTRL-112 Encryption of Data at Rest and in Transit |
1903.06d1Organizational.3456711-r2 Data Protection and Privacy of Covered Information | CTRL-112 Encryption of Data at Rest and in Transit |
1906.06cHIPAAOrganizational.4-r2 Protection of Organizational Records | CTRL-896 Information Management and Retention |
1908.10c1System.5-i1 Control of Internal Processing | CTRL-814 System Integrity Policy and Procedures |
1908.10c1System.5-r2 Control of Internal Processing | CTRL-814 System Integrity Policy and Procedures |
02962.09j1Organizational.5-i1 Endpoint Protection Strategies | CTRL-822 Malicious Code Protection |
02962.09j1Organizational.5-r2 Controls Against Malicious Code | CTRL-822 Malicious Code Protection |
06900.09d1System.2-i1 Separation of Development, Test, and Operational Environments | CTRL-198 Network Segmentation |
06900.09d1System.2-r2 Separation of Development, Test, and Operational Environments | CTRL-198 Network Segmentation |
08101.09m2Organizational.14-r2 Network Controls | CTRL-112 Encryption of Data at Rest and in Transit |
10902.01d1System.12-i1 User Password Management | CTRL-319 Identification and Authentication |
10902.01d1System.12-r2 User Password Management | CTRL-319 Identification and Authentication |
11109.01q2System.9-r2 User Identification and Authentication | CTRL-319 Identification and Authentication |
11110.01q2System.10-r2 User Identification and Authentication | CTRL-319 Identification and Authentication |
11111.01q2System.4-r2 User Identification and Authentication | CTRL-319 Identification and Authentication |
11112.01q2System.12-r2 User Identification and Authentication | CTRL-319 Identification and Authentication |
11113.01q3System.3-r2 User Identification and Authentication | CTRL-320 Multi-Factor Authentication |
11124.01s1System.2-i1 Use of System Utilities | CTRL-1 Access Control Policy and Procedures |
11124.01s1System.2-r2 Use of System Utilities | CTRL-1 Access Control Policy and Procedures |
11126.01t2System.2-r2 Session Time-out | CTRL-91 Session Termination |
11131.01u1System.2-i1 Limitation of Connection Time | CTRL-91 Session Termination |
11131.01u1System.2-r2 Limitation of Connection Time | CTRL-91 Session Termination |
11143.02i1Organizational.3-e1 Removal of Access Rights | CTRL-535 Access Termination |
11143.02i1Organizational.3-i1 Removal of Access Rights | CTRL-535 Access Termination |
11143.02i1Organizational.3-r2 Removal of Access Rights | CTRL-535 Access Termination |
11149.02g1Organizational.2-i1 Termination or Change Responsibilities | CTRL-535 Access Termination |
11149.02g1Organizational.2-r2 Termination or Change Responsibilities | CTRL-535 Access Termination |
11152.02h1Organizational.1-i1 Return of Assets | CTRL-535 Access Termination |
11152.02h1Organizational.1-r2 Return of Assets | CTRL-535 Access Termination |
11183.01c1System.3-e1 Admin Account Separation | CTRL-9 Privileged User Accounts |
11183.01c1System.3-i1 Seperate Admin Accounts | CTRL-9 Privileged User Accounts |
11183.01c1System.3-r2 Privilege Management | CTRL-9 Privileged User Accounts |
11190.01t1System.2-e1 Session Timeout | CTRL-91 Session Termination |
11190.01t1System.2-i1 Session Time-out | CTRL-91 Session Termination |
11190.01t1System.2-r2 Session Time-out | CTRL-91 Session Termination |
11219.01b2System.8-r2 User Registration | CTRL-319 Identification and Authentication |
11220.01b2System.9-r2 User Registration | CTRL-16 Access Provisioning |
12101.09ab1System.2-i1 Monitoring System Use | CTRL-833 Logging and Monitoring |
12101.09ab1System.2-r2 Monitoring System Use | CTRL-833 Logging and Monitoring |
12148.06i1Organizational.1-i1 Information Systems Audit Controls | CTRL-833 Logging and Monitoring |
12148.06i1Organizational.1-r2 Information Systems Audit Controls | CTRL-833 Logging and Monitoring |
13998.02e1Organizational.2-e1 Security Awareness Training | CTRL-245 Security and Privacy Awareness Training |
13998.02e1Organizational.2-i1 Security Awareness Training | CTRL-245 Security and Privacy Awareness Training |
13998.02e1Organizational.2-r2 Information Security Awareness, Education, and Training | CTRL-245 Security and Privacy Awareness Training |
16982.12aHIPAAOrganizational.1-r2 Including Information Security in the Business Continuity Management Process | CTRL-596 Alternate Work Site |
17126.03c1Organizational.2-i1 Risk Mitigation | CTRL-646 Risk Assessment |
17126.03c1Organizational.2-r2 Risk Mitigation | CTRL-646 Risk Assessment |
17131.03aGDPROrganizational.1-r2 Risk Management Program Development | CTRL-646 Risk Assessment |
17132.03bGDPROrganizational.1-r2 Performing Risk Assessments | CTRL-646 Risk Assessment |
17133.03bGDPROrganizational.2-r2 Performing Risk Assessments | CTRL-646 Risk Assessment |
17134.03bGDPROrganizational.3-r2 Performing Risk Assessments | CTRL-646 Risk Assessment |
17135.03bGDPROrganizational.4-r2 Performing Risk Assessments | CTRL-646 Risk Assessment |
17136.03bGDPROrganizational.5-r2 Performing Risk Assessments | CTRL-646 Risk Assessment |
18108.08j1Organizational.1-i1 Equipment Maintenance | CTRL-472 Maintenance Tools |
18108.08j1Organizational.1-r2 Equipment Maintenance | CTRL-472 Maintenance Tools |
18122.08k1Organizational.1-i1 Security of Equipment Off-Premises | CTRL-520 Media Use |
18122.08k1Organizational.1-r2 Security of Equipment Off-Premises | CTRL-520 Media Use |
18127.08l1Organizational.3-i1 Secure Disposal or Re-Use of Equipment | CTRL-511 Media Sanitization and Disposal |
18127.08l1Organizational.3-r2 Secure Disposal or Re-Use of Equipment | CTRL-511 Media Sanitization and Disposal |
18128.08m1Organizational.12-i1 Removal of Property | CTRL-255 Physical Security Controls |
18128.08m1Organizational.12-r2 Removal of Property | CTRL-255 Physical Security Controls |
18131.09p2Organizational.3-r2 Disposal of Media | CTRL-511 Media Sanitization and Disposal |
19131.05e1Organizational.45-i1 Confidentiality Agreements | CTRL-1129 Third-Party Agreements |
19131.05e1Organizational.45-r2 Confidentiality Agreements | CTRL-1129 Third-Party Agreements |
19140.06c2Organizational.5-r2 Protection of Organizational Records | CTRL-896 Information Management and Retention |
19142.06c1Organizational.8-i1 Protection of Organizational Records | CTRL-502 Media Marking |
19142.06c1Organizational.8-r2 Protection of Organizational Records | CTRL-498 Media Protection Policy and Procedures |
19145.06c2Organizational.2-r2 Protection of Organizational Records | CTRL-896 Information Management and Retention |
19165.07e1Organizational.13-i1 Information Labeling and Handling | CTRL-896 Information Management and Retention |
19165.07e1Organizational.13-r2 Information Labeling and Handling | CTRL-896 Information Management and Retention |
19180.09z1Organizational.2-e1 Publicly Available Information | CTRL-139 Publicly Available Information |
19180.09z1Organizational.2-i1 Publicly Available Information | CTRL-139 Publicly Available Information |
19180.09z1Organizational.2-r2 Publicly Available Information | CTRL-139 Publicly Available Information |
19199.10e1System.12-i1 Output Data Validation | CTRL-910 Information Output Filtering |
19199.10e1System.12-r2 Output Data Validation | CTRL-910 Information Output Filtering |
19204.10i1System.1-i1 Protection of System Test Data | CTRL-1186 Sensitive Data in Non-Production Environments |
19204.10i1System.1-r2 Protection of System Test Data | CTRL-1186 Sensitive Data in Non-Production Environments |
19249.06b1Organizational.2-i1 Intellectual Property Rights | CTRL-235 Software Usage Restrictions |
19249.06b1Organizational.2-r2 Intellectual Property Rights | CTRL-235 Software Usage Restrictions |
19257.06dGDPROrganizational.1-r2 Data Protection and Privacy of Covered Information | CTRL-457 Data Governance Body |
19258.06dGDPROrganizational.2-r2 Data Protection and Privacy of Covered Information | CTRL-457 Data Governance Body |
19259.06dGDPROrganizational.3-r2 Data Protection and Privacy of Covered Information | CTRL-457 Data Governance Body |
19300.13aGDPROrganizational.2-r2 Privacy Notice | CTRL-622 Privacy Policy and Procedures |
19301.13aGDPROrganizational.3-r2 Privacy Notice | CTRL-622 Privacy Policy and Procedures |
19302.13aGDPROrganizational.4-r2 Privacy Notice | CTRL-622 Privacy Policy and Procedures |
19314.13b1Organizational.1-r2 Openness and Transparency | CTRL-622 Privacy Policy and Procedures |
19315.13b1Organizational.2-r2 Openness and Transparency | CTRL-622 Privacy Policy and Procedures |
19317.13bGDPROrganizational.1-r2 Openness and Transparency | CTRL-622 Privacy Policy and Procedures |
19321.13c1Organizational.1-r2 Accounting of Disclosures | CTRL-455 Accounting of Disclosures |
19322.13c1Organizational.2-r2 Accounting of Disclosures | CTRL-455 Accounting of Disclosures |
19322.13c1Organizational.3-r2 Accounting of Disclosures | CTRL-455 Accounting of Disclosures |
19323.13c1Organizational.4-r2 Accounting of Disclosures | CTRL-455 Accounting of Disclosures |
19339.13dGDPROrganizational.1-r2 Consent | CTRL-1142 Obtaining, Recording, and Revoking Consent |
19340.13dGDPROrganizational.2-r2 Consent | CTRL-1142 Obtaining, Recording, and Revoking Consent |
19341.13dGDPROrganizational.3-r2 Consent | CTRL-1142 Obtaining, Recording, and Revoking Consent |
19355.13eHIPAAOrganizational.5-r2 Choice | CTRL-1142 Obtaining, Recording, and Revoking Consent |
19361.13eGDPROrganizational.1-r2 Choice | CTRL-1142 Obtaining, Recording, and Revoking Consent |
19362.13eGDPROrganizational.2-r2 Choice | CTRL-1142 Obtaining, Recording, and Revoking Consent |
19363.13eGDPROrganizational.3-r2 Choice | CTRL-1142 Obtaining, Recording, and Revoking Consent |
19364.13eGDPROrganizational.4-r2 Choice | CTRL-1142 Obtaining, Recording, and Revoking Consent |
19365.13eGDPROrganizational.5-r2 Choice | CTRL-1142 Obtaining, Recording, and Revoking Consent |
19366.13eGDPROrganizational.6-r2 Choice | CTRL-1142 Obtaining, Recording, and Revoking Consent |
19379.13fHIPAAOrganizational.4-r2 Principle Access | CTRL-622 Privacy Policy and Procedures |
19393.13fGDPROrganizational.1-r2 Principle Access | CTRL-622 Privacy Policy and Procedures |
19394.13fGDPROrganizational.2-r2 Principle Access | CTRL-622 Privacy Policy and Procedures |
19395.13fGDPROrganizational.3-r2 Principle Access | CTRL-622 Privacy Policy and Procedures |
19396.13fGDPROrganizational.4-r2 Principle Access | CTRL-622 Privacy Policy and Procedures |
19397.13fGDPROrganizational.5-r2 Principle Access | CTRL-622 Privacy Policy and Procedures |
19398.13fGDPROrganizational.6-r2 Principle Access | CTRL-622 Privacy Policy and Procedures |
19399.13fGDPROrganizational.7-r2 Principle Access | CTRL-622 Privacy Policy and Procedures |
19400.13fGDPROrganizational.8-r2 Principle Access | CTRL-622 Privacy Policy and Procedures |
19405.13gGDPROrganizational.5-r2 Purpose Legitimacy | CTRL-622 Privacy Policy and Procedures |
19406.13gGDPROrganizational.6-r2 Purpose Legitimacy | CTRL-622 Privacy Policy and Procedures |
19415.13iGDPROrganizational.1-r2 Collection Limitation | CTRL-729 Minimization |
19419.13jHIPAAOrganizational.1-r2 Data Minimization | CTRL-729 Minimization |
19425.13jGDPROrganizational.1-r2 Data Minimization | CTRL-729 Minimization |
19439.13kHIPAAOrganizational.11-r2 Use and Disclosure | CTRL-455 Accounting of Disclosures |
19440.13kHIPAAOrganizational.12-r2 Use and Disclosure | CTRL-455 Accounting of Disclosures |
19441.13kHIPAAOrganizational.13-r2 Use and Disclosure | CTRL-455 Accounting of Disclosures |
19446.13kHIPAAOrganizational.18-r2 Use and Disclosure | CTRL-455 Accounting of Disclosures |
19452.13kHIPAAOrganizational.24-r2 Use and Disclosure | CTRL-455 Accounting of Disclosures |
19455.13kGDPROrganizational.1-r2 Use and Disclosure | CTRL-455 Accounting of Disclosures |
19494.13l1Organizational.2-r2 Retention and Disposal | CTRL-896 Information Management and Retention |
19499.13nGDPROrganizational.1-r2 Participation and Redress | CTRL-899 Information Disposal |
19500.13nGDPROrganizational.2-r2 Participation and Redress | CTRL-899 Information Disposal |
19501.13nGDPROrganizational.3-r2 Participation and Redress | CTRL-899 Information Disposal |
19502.13nGDPROrganizational.4-r2 Participation and Redress | CTRL-896 Information Management and Retention |
19512.13pGDPROrganizational.1-r2 Governance | CTRL-457 Data Governance Body |
19513.13pGDPROrganizational.2-r2 Governance | CTRL-457 Data Governance Body |
19514.13pGDPROrganizational.3-r2 Governance | CTRL-457 Data Governance Body |
19515.13pGDPROrganizational.4-r2 Governance | CTRL-457 Data Governance Body |
19517.13qGDPROrganizational.1-r2 Privacy and Impact Assessment | CTRL-613 Privacy Impact Assessment |
19518.13qGDPROrganizational.2-r2 Privacy and Impact Assessment | CTRL-613 Privacy Impact Assessment |
19519.13qGDPROrganizational.3-r2 Privacy and Impact Assessment | CTRL-613 Privacy Impact Assessment |
19520.13qGDPROrganizational.4-r2 Privacy and Impact Assessment | CTRL-613 Privacy Impact Assessment |
19546.13rHIPAAOrganizational.1-r2 Privacy Requirements for Contractors and Processors | CTRL-1129 Third-Party Agreements |
19547.13rHIPAAOrganizational.2-r2 Privacy Requirements for Contractors and Processors | CTRL-1129 Third-Party Agreements |
19548.13rHIPAAOrganizational.3-r2 Privacy Requirements for Contractors and Processors | CTRL-1129 Third-Party Agreements |
19549.13rGDPROrganizational.1-r2 Privacy Requirements for Contractors and Processors | CTRL-833 Logging and Monitoring |
19550.13rGDPROrganizational.2-r2 Privacy Requirements for Contractors and Processors | CTRL-1129 Third-Party Agreements |
19551.13rGDPROrganizational.3-r2 Privacy Requirements for Contractors and Processors | CTRL-1129 Third-Party Agreements |
19612.13kHIPAAOrganizational.25-r2 Use and Disclosure | CTRL-455 Accounting of Disclosures |
19801.13eGDPROrganizational.7-r2 Choice | CTRL-1146 Privacy Notice |
19922.06f1Organizational.2-i1 Regulation of Cryptographic Controls | CTRL-194 Cryptography Management |
19922.06f1Organizational.2-r2 Regulation of Cryptographic Controls | CTRL-194 Cryptography Management |
19980.06dHIPAAOrganizational.1-r2 Data Protection and Privacy of Covered Information | CTRL-112 Encryption of Data at Rest and in Transit |
AC-02-HI User Account Management | CTRL-1 Access Control Policy and Procedures |
AC-02-HI User Account Management | CTRL-73 Review of User Privileges |
AC-02-i1 User Account Management | CTRL-1 Access Control Policy and Procedures |
AC-03-HI Role-based Access Controls (RBAC) | CTRL-23 Role-Based Access Control |
AC-05-HI Separation of Duties | CTRL-65 Separation of Duties |
AC-06-HI Least Privilege Access | CTRL-1 Access Control Policy and Procedures |
AC-08-HI System Use Notification | CTRL-539 Access Agreements |
AC-11-HI Device Lock and Session Timeouts | CTRL-91 Session Termination |
AC-17-HI Remote Access | CTRL-110 Remote Access |
AC-19-HI Access Control for Mobile Devices | CTRL-79 Mobile Device Management |
AT-02-HI Security Awareness and Privacy Training | CTRL-245 Security and Privacy Awareness Training |
AT-02-i1 Security Awareness Training | CTRL-245 Security and Privacy Awareness Training |
AT-04-HI Training Records | CTRL-245 Security and Privacy Awareness Training |
AU-02-HI Event Logging in IT Systems | CTRL-833 Logging and Monitoring |
AU-06-HI Log Review and Reporting | CTRL-833 Logging and Monitoring |
AU-10-HI Non-Repudiation | CTRL-153 Information Exchange |
AU-11-HI Audit Record Retention | CTRL-833 Logging and Monitoring |
CA-02-HI Control Assessments | CTRL-149 Control Assessments |
CA-03-HI Third-Party Agreements | CTRL-1129 Third-Party Agreements |
CA-07-HI Continuous Monitoring | CTRL-833 Logging and Monitoring |
CA-08-HI Penetration Testing | CTRL-174 Penetration Testing |
CA-08-i1 Penetration Testing | CTRL-174 Penetration Testing |
CM-03-HI Configuration Change Control | CTRL-190 Change Management and Software Development Life Cycle |
CM-06-HI System Hardening Through Baseline Configurations | CTRL-208 Configuration Management |
CM-06-i1 System Hardening Through Baseline Configurations | CTRL-208 Configuration Management |
CM-08-HI Asset Inventory | CTRL-435 System Inventory |
CM-08-i1 Asset Inventory | CTRL-435 System Inventory |
CM-09-HI Configuration Management Plan | CTRL-65 Separation of Duties |
CM-09-i1 Configuration Management Plan | CTRL-65 Separation of Duties |
CP-02-HI Organizations need to develop a contingency plan that supports continuous operation for system(s) that perform essential mission and business functions and need to disseminate that plan to appropriate stakeholders. | CTRL-264 Contingency Plan |
CP-02-HI Contingency Plan (BCP/DR) | CTRL-264 Contingency Plan |
CP-04-HI Contingency Plan (BCP/DR) Testing | CTRL-276 Contingency Plan Testing |
CP-04-i1 Contingency Plan (BCP/DR) Testing | CTRL-276 Contingency Plan Testing |
CP-09-HI Data Backup | CTRL-300 System Backup |
CP-09-i1 Data Backup | CTRL-300 System Backup |
IA-02-HI Internal Users Identification and Authentication | CTRL-319 Identification and Authentication |
IA-02-HI User Identification and Authentication | CTRL-319 Identification and Authentication |
IA-02-i1 User Identification and Authentication | CTRL-349 Password-Based Authentication |
IA-05-HI Password Management | CTRL-349 Password-Based Authentication |
IA-05-i1 Password Management | CTRL-349 Password-Based Authentication |
IR-01-HI Incident Response Policy and Procedures | CTRL-423 Incident Response Plan |
IR-01-i1 Incident Response Policy and Procedures | CTRL-423 Incident Response Plan |
IR-04-HI Incident Handling and Reporting | CTRL-423 Incident Response Plan |
IR-08-HI Incident Response Plan | CTRL-423 Incident Response Plan |
IR-08-i1 Incident Response Plan | CTRL-423 Incident Response Plan |
KT-01-HI Key Tool Selection (HR) | CTRL-1134 Key Tools Selection (HR) |
KT-02-HI Key Tool Selection (Technical) | CTRL-1135 Key Tools Selection (Technical) |
MA-01-HI Maintenance Policy and Procedures | CTRL-468 Maintenance Policy and Procedures |
MP-01-HI Media Protection Policy and Procedures | CTRL-498 Media Protection Policy and Procedures |
MP-06-HI Media Sanitization | CTRL-511 Media Sanitization and Disposal |
PE-02-HI Physical Access Authorizations | CTRL-551 Physical Access Control |
PE-03-HI Physical Access Control | CTRL-255 Physical Security Controls |
PL-04-HI Rules of Behavior | CTRL-539 Access Agreements |
PM-01-HI Information Security Program Management Policy and Procedures | CTRL-431 Information Security Policy and Procedures |
PM-02-HI Information Security Program Leadership Role | CTRL-432 Information Security Program Leadership Role |
PM-03-HI Information Security and Privacy Resources | CTRL-431 Information Security Policy and Procedures |
PM-07-HI Network Architecture and Dataflow Diagrams | CTRL-198 Network Segmentation |
PM-07-i1 Network Architecture and Dataflow Diagrams | CTRL-198 Network Segmentation |
PM-15-HI Security and Privacy Groups and Associations | CTRL-447 Security and Privacy Groups and Associations |
PM-21-HI Accounting of Disclosures | CTRL-455 Accounting of Disclosures |
POL-01-HI Policy Review and Publication | CTRL-431 Information Security Policy and Procedures |
POL-01-i1 Policy Review and Publication | CTRL-431 Information Security Policy and Procedures |
PS-02-HI Security Job and Risk Descriptions | CTRL-545 Position Descriptions |
PS-02-i1 Security Job and Risk Descriptions | CTRL-545 Position Descriptions |
PS-03-HI Personnel Screening | CTRL-530 Personnel Screening |
PS-03-i1 Personnel Screening | CTRL-530 Personnel Screening |
PS-04-HI Personnel Termination | CTRL-535 Access Termination |
PS-06-HI Confidentiality Agreements for Company Personnel | CTRL-539 Access Agreements |
PS-06-i1 Confidentiality Agreements for Company Personnel | CTRL-539 Access Agreements |
PS-08-HI Personnel Sanctions | CTRL-544 Personnel Sanctions |
PT-01-HI Privacy Policy and Procedures | CTRL-431 Information Security Policy and Procedures |
PT-02-HI Authority to Process PII (Individual Rights - Access / Amend / Restrict / Object / Delete) | CTRL-622 Privacy Policy and Procedures |
PT-04-HI Consent | CTRL-1142 Obtaining, Recording, and Revoking Consent |
PT-05-HI Privacy Notice | CTRL-1146 Privacy Notice |
PT-07-HI Specific Categories of PII (Use / Disclosure Limitations and Restrictions) | CTRL-639 Specific Categories of Personally Identifiable Information |
RA-03-HI Risk Assessment | CTRL-646 Risk Assessment |
RA-03-i1 Risk Assessment | CTRL-646 Risk Assessment |
RA-05-HI Vulnerability Monitoring and Scanning | CTRL-814 System Integrity Policy and Procedures |
RA-05-HI Vulnerability Monitoring and Scanning | CTRL-652 Vulnerability Management |
RA-05-i1 | CTRL-652 Vulnerability Management |
RA-05-i1 Vulnerability Monitoring and Scanning | CTRL-814 System Integrity Policy and Procedures |
RA-07-HI Risk Response and Remediation | CTRL-646 Risk Assessment |
RA-07-HI Risk Response and Remediation | CTRL-652 Vulnerability Management |
SA-03-HI System Development Life Cycle | CTRL-262 Change Management and Software Development Policy and Procedures |
SA-05-HI System Documentation | CTRL-431 Information Security Policy and Procedures |
SA-09-HI External System Services | CTRL-1109 Supplier Assessments and Reviews |
SA-09-HI External System Services | CTRL-1129 Third-Party Agreements |
SA-15-HI Development Process, Standards, and Tools | CTRL-190 Change Management and Software Development Life Cycle |
SC-07-HI Boundary Protection and Firewalls | CTRL-950 Boundary Protection |
SC-08-HI Transmission Confidentiality and Integrity | CTRL-112 Encryption of Data at Rest and in Transit |
SC-08-i1 Transmission Confidentiality and Integrity | CTRL-112 Encryption of Data at Rest and in Transit |
SC-13-HI Cryptographic Protection | CTRL-194 Cryptography Management |
SI-03-HI Malware and Endpoint Protection | CTRL-822 Malicious Code Protection |
SI-04-HI System Monitoring | CTRL-833 Logging and Monitoring |
SI-04-i1 System Monitoring | CTRL-833 Logging and Monitoring |
SI-07-HI Software, Firmware, and Information Integrity | CTRL-833 Logging and Monitoring |
SI-10-HI Information Input Validation | CTRL-190 Change Management and Software Development Life Cycle |
SI-12-HI Data Handling, Retention, and Disposal | CTRL-896 Information Management and Retention |
SI-12-i1 Data Handling, Retention, and Disposal | CTRL-896 Information Management and Retention |
SI-19-HI De-identification | CTRL-923 Removal of Direct Identifiers |
SR-06-HI Vendor Management | CTRL-1109 Supplier Assessments and Reviews |
SR-06-HI Third-Party Risk Assessments | CTRL-1109 Supplier Assessments and Reviews |
SR-06-i1 Vendor Management | CTRL-1109 Supplier Assessments and Reviews |
Viewing Framework Controls in Thoropass
You can view the framework requirements satisfied by a Unified Control by clicking References on the side panel when viewing the Unified Control.
The IDs and names of all framework controls satisfied by the Unified Control are listed by framework. Click a framework control to view its description.
