NIST 800-53 Unevaluated Controls

Cortex® Xpanse™ does not make a determination regarding compliance with the listed NIST 800-53 controls.
Not all compliance violations can be detected from our scan data. Cortex Xpanse provides an external view of your attack surface. The controls listed below would require data from internal scans or checks against internal controls and processes where Xpanse does not have visibility. Therefore, Xpanse cannot make a determination regarding compliance with these specific controls.
The following controls, organized by control family, are unevaluated by the Expander
Compliance Assessment > NIST 800-53
dashboard.
Access Control
AC-1
Access Control Policy and Procedures
AC-5
Separation of Duties
AC-7
Unsuccessful Login Attempts
AC-9
Previous Logon (Access) Notification
AC-10
Concurrent Session Control
AC-16
Security Attributes
AC-18
Wireless Access
AC-19
Access Control for Mobile Devices
AC-20
Use of External Information Systems
AC-21
Information Sharing
AC-22
Publicly Accessible Content
AC-23
Data Mining Protection
AC-24
Access Control Decisions
AC-25
Reference Monitor
Audit and Accountability
AU-1
Audit and Accountability Policy and Procedures
AU-4
Audit Storage Capacity
AU-7
Audit Reduction and Report Generation
AU-8
Time Stamps
AU-9
Protection of Audit Information
AU-11
Audit Record Retention
AU-13
Monitoring for Information Disclosure
AU-14
Session Audit
AU-15
Alternate Audit Capability
AU-16
Cross-Organizational Auditing
Awareness and Training (entire Family)
AT-1
Security Awareness and Training Policy and Procedures
AT-2
Security Awareness Training
AT-3
Role-Based Security Training
AT-4
Security Training Records
Configuration Management
CM-1
Configuration Management Policy and Procedures
CM-5
Access Restrictions for Change
CM-9
Configuration Management Plan
CM-11
User-Installed Software
Contingency Planning
CP-1
Contingency Planning Policy and Procedures
CP-3
Contingency Training
CP-4
Contingency Plan Testing
CP-6
Alternate Storage Site
CP-7
Alternate Processing Site
CP-8
Telecommunications Services
CP-11
Alternate Communications Protocols
CP-12
Safe Mode
CP-13
Alternative Security Mechanisms
Identification and Authentication
IA-1
Identification and Authentication Policy and Procedures
IA-9
Service Identification and Authentication
IA-10
Adaptive Identification and Authentication
IA-11
Re-authentication
Incident Response
IR-1
Incident Response Policy and Procedures
IR-2
Incident Response Training
IR-3
Incident Response Testing
IR-10
Integrated Information Security Analysis Team
Maintenance
MA-1
System Maintenance Policy and Procedures
MA-3
Maintenance Tools
MA-4
Nonlocal Maintenance
MA-5
Maintenance Personnel
MA-6
Timely Maintenance
Media Protection
MP-1
Media Protection Policy and Procedures
MP-2
Media Access
MP-3
Media Marking
MP-4
Media Storage
MP-5
Media Transport
MP-7
Media Use
MP-8
Media Downgrading
Personnel Security (entire Family)
PS-1
Personnel Security Policy and Procedures
PS-2
Position Risk Designation
PS-3
Personnel Screening
PS-4
Personnel Termination
PS-5
Personnel Transfer
PS-6
Access Agreements
PS-7
Third-Party Personnel Security
PS-8
Personnel Sanctions
Physical and Environmental Protection
PE-1
Physical and Environmental Protection Policy and Procedures
PE-2
Physical Access Authorizations
PE-4
Access Control for Transmission Medium
PE-5
Access Control for Output Devices
PE-6
Monitoring Physical Access
PE-8
Visitor Access Records
PE-9
Power Equipment and Cabling
PE-10
Emergency Shutoff
PE-11
Emergency Power
PE-12
Emergency Lighting
PE-13
Fire Protection
PE-14
Temperature and Humidity Controls
PE-15
Water Damage Protection
PE-16
Delivery and Removal
PE-17
Alternate Work Site
PE-18
Location of Information System Components
PE-19
Information Leakage
PE-20
Asset Monitoring and Tracking
Planning
PL-1
Security Planning Policy and Procedures
PL-4
Rules of Behavior
PL-7
Security Concept of Operations
PL-8
Information Security Architecture
PL-9
Central Management
Program Management (entire Family)
PM-1
Information Security Program Plan
PM-2
Senior Information Security Officer
PM-3
Information Security Resources
PM-4
Plan of Action and Milestones Process
PM-5
Information System Inventory
PM-6
Information Security Measures of Performance
PM-7
Enterprise Architecture
PM-8
Critical Infrastructure Plan
PM-9
Risk Management Strategy
PM-10
Security Authorization Process
PM-11
Mission/Business Process Definition
PM-12
Insider Threat Program
PM-13
Information Security Workforce
PM-14
Testing, Training, & Monitoring
PM-15
Contacts with Security Groups and Associations
PM-16
Threat Awareness Program
Risk Assessment
RA-1
Risk Assessment Policy and Procedures
RA-2
Security Categorization
RA-6
Technical Surveillance Countermeasures Survey
Security Assessment and Authorization
CA-1
Security Assessment and Authorization Policies and Procedures
CA-2
Security Assessments
CA-5
Plan of Action and Milestones
CA-6
Security Authorization
CA-9
Internal System Connections
System and Communication Protection
SC-2
Application Partitioning
SC-3
Security Function Isolation
SC-4
Information in Shared Resources
SC-6
Resource Availability
SC-11
Trusted Path
SC-16
Transmission of Security Attributes
SC-18
Mobile Code
SC-19
Voice Over Internet Protocol
SC-20
Secure Name /Address Resolution Service (Authoritative Source)
SC-21
Secure Name /Address Resolution Service (Recursive or Caching Resolver)
SC-22
Architecture and Provisioning for Name/Address Resolution Service
SC-23
Session Authenticity
SC-24
Fail in Known State
SC-25
Thin Nodes
SC-26
Honeypots
SC-29
Heterogeneity
SC-30
Concealment and Misdirection
SC-31
Covert Channel Analysis
SC-32
Information System Partitioning
SC-34
Non-Modifiable Executable Programs
SC-35
Honeyclients
SC-36
Distributed Processing and Storage
SC-37
Out-of-Band Channels
SC-38
Operations Security
SC-39
Process Isolation
SC-40
Wireless Link Protection
SC-41
Port and I/O Device Access
SC-42
Sensor Capability and Data
SC-43
Usage Restrictions
SC-44
Detonation Chambers
System and Information Integrity
SI-1
System and Information Integrity Policy and Procedures
SI-5
Security Alerts, Advisories, and Directives
SI-6
Security Function Verification
SI-7
Software, Firmware, and Information Integrity
SI-11
Error Handling
SI-12
Information Handling and Retention
SI-13
Predictable Failure Prevention
SI-14
Non-Persistence
SI-15
Information Output Filtering
SI-16
Memory Protection
SI-17
Fail-Safe Procedures
System and Services Acquisition
SA-2
Allocation of Resources
SA-5
Information System Documentation
SA-9
External Information System Services
SA-13
Trustworthiness
SA-14
Criticality Analysis
SA-15
Development Process, Standards, and Tools
SA-18
Tamper Resistance and Detection
SA-19
Component Authenticity
SA-20
Customized Development of Critical Components
SA-21
Developer Screening

Recommended For You