Security and privacy controls and assurance activities catalogue (ITSP.10.033)

Table of contents

• Foreword
• Overview
• 1. Introduction
  • Purpose
  • Scope and applicability
  • Audience
  • Publication taxonomy
  • Publication organization
• 2. Concepts and structure
  • Requirements, controls, and activities
  • Controls and assurance activities, structure, and organization
  • Implementation approaches
  • Security and privacy controls and assurance activities
  • Robustness
• 3. The controls and assurance activities families
  • Access control
  • Awareness and training
  • Audit and accountability
  • Assessment, authorization, and monitoring
  • Configuration management
  • Contingency planning
  • Identification and authentication
  • Incident response
  • Maintenance
  • Media protection
  • Physical and environmental protection
  • Planning
  • Program management
  • Personnel security
  • Personal information handling and transparency
  • Risk assessment
  • System and services acquisition
  • System and communications protection
  • System and information integrity
  • Supply chain risk management
• Works cited

List of figures

• Figure 1: Control or activity structure