MAP CSC 5.0 to NIST SP 800‐53 Revision 4 Security Controls01: I 06: A 11: L 16: A

02: I 07: W 12: C 17: D

03: S 08: D 13: B 18: I

04: C 09: S 14: M 19: S

05: M 10: S 15: C 20: P

203 7 10 16 6 6 15 10 3 9 12 11 9 11 17 10 11 13 9 9 9

FAMILY CTRL-ID

CTRL-TITLE PRI

BASELINE-IMPACT

ENHANCE-ID

ENHANCEMENT-TITLE

Len 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20

FAMILY CTRL-ID

(ENH)

ACCESS CONTROL 9 ACCESS CONTROL

AC-01 ACCESS CONTROL POLICY AND PROCEDURES 23 • AC-01

AC-02 ACCOUNT MANAGEMENT 49 • • • AC-02

AC-03 ACCESS ENFORCEMENT 26 • • • AC-03

AC-04 INFORMATION FLOW ENFORCEMENT 26 • • • • • AC-04

AC-05 SEPARATION OF DUTIES 20 AC-05

AC-06 LEAST PRIVILEGE 55 • • AC-06

AC-07 UNSUCCESSFUL LOGON ATTEMPTS 34 • AC-07

AC-08 SYSTEM USE NOTIFICATION 41 AC-08

AC-09 PREVIOUS LOGON (ACCESS) NOTIFICATION 40 AC-09

AC-10 CONCURRENT SESSION CONTROL 17 AC-10

AC-11 SESSION LOCK 2 • AC-11

AC-12 SESSION TERMINATION 2 • AC-12

AC-13 SUPERVISION AND REVIEW ' ACCESS CONTROL 63 AC-13

AC-14 PERMITTED ACTIONS WITHOUT IDENTIFICATION OR AUTHENTICATION 2 AC-14

AC-15 AUTOMATED MARKING 24 AC-15

AC-16 SECURITY ATTRIBUTES 58 AC-16

AC-17 REMOTE ACCESS 67 • • AC-17

AC-18 WIRELESS ACCESS 44 • AC-18

AC-19 ACCESS CONTROL FOR MOBILE DEVICES 57 • • AC-19

AC-20 USE OF EXTERNAL INFORMATION SYSTEMS 33 • AC-20

AC-21 INFORMATION SHARING 41 AC-21

AC-22 PUBLICLY ACCESSIBLE CONTENT 27 AC-22

AC-23 DATA MINING PROTECTION 29 • • AC-23

AC-24 ACCESS CONTROL DECISIONS 36 • AC-24

AC-25 REFERENCE MONITOR AC-25

AUDIT AND ACCOUNTABILITY 9 AUDIT AND ACCOUNTABILITY

AU-01 AUDIT AND ACCOUNTABILITY POLICY AND PROCEDURES 32 AU-01

AU-02 AUDIT EVENTS 22 • AU-02

AU-03 CONTENT OF AUDIT RECORDS 63 • AU-03

AU-04 AUDIT STORAGE CAPACITY 51 • AU-04

AU-05 RESPONSE TO AUDIT PROCESSING FAILURES 24 • AU-05

AU-06 AUDIT REVIEW, ANALYSIS, AND REPORTING 27 • AU-06

AU-07 AUDIT REDUCTION AND REPORT GENERATION 24 • AU-07

AU-08 TIME STAMPS 42 • AU-08

AU-09 PROTECTION OF AUDIT INFORMATION 35 • AU-09

AU-10 NON-REPUDIATION 42 • AU-10

AU-11 AUDIT RECORD RETENTION 2 • AU-11

AU-12 AUDIT GENERATION 62 • AU-12

AU-13 MONITORING FOR INFORMATION DISCLOSURE 2 • AU-13

AU-14 SESSION AUDIT 25 • AU-14

AU-15 ALTERNATE AUDIT CAPABILITY 46 AU-15

AU-16 CROSS-ORGANIZATIONAL AUDITING 21 AU-16

AWARENESS AND TRAINING 42 AWARENESS AND TRAINING

AT-01 SECURITY AWARENESS AND TRAINING POLICY AND PROCEDURES 35 • AT-01

AT-02 SECURITY AWARENESS TRAINING 2 • AT-02

AT-03 ROLE-BASED SECURITY TRAINING 35 • AT-03

AT-04 SECURITY TRAINING RECORDS 37 • AT-04

AT-05 CONTACTS WITH SECURITY GROUPS AND ASSOCIATIONS AT-05

CONFIGURATION MANAGEMENT 9 CONFIGURATION MANAGEMENT

CM-01 CONFIGURATION MANAGEMENT POLICY AND PROCEDURES 25 CM-01

CM-02 BASELINE CONFIGURATION 31 • • • • • • CM-02

CM-03 CONFIGURATION CHANGE CONTROL 2 • • CM-03

CM-04 SECURITY IMPACT ANALYSIS 26 CM-04

CM-05 ACCESS RESTRICTIONS FOR CHANGE 2 • • CM-05

CM-06 CONFIGURATION SETTINGS 24 • • • CM-06

CM-07 LEAST FUNCTIONALITY 44 • CM-07

CM-08 INFORMATION SYSTEM COMPONENT INVENTORY 78 • • • • • CM-08

CM-09 CONFIGURATION MANAGEMENT PLAN 35 • CM-09

CM-10 SOFTWARE USAGE RESTRICTIONS 25 • CM-10

CM-11 USER-INSTALLED SOFTWARE 32 • • CM-11

CONTINGENCY PLANNING 39 CONTINGENCY PLANNING

Cou

nt

CONTROL TABLE PORTRAIT Page 1 of 5

MAP CSC 5.0 to NIST SP 800‐53 Revision 4 Security Controls01: I 06: A 11: L 16: A

02: I 07: W 12: C 17: D

03: S 08: D 13: B 18: I

04: C 09: S 14: M 19: S

05: M 10: S 15: C 20: P

203 7 10 16 6 6 15 10 3 9 12 11 9 11 17 10 11 13 9 9 9

FAMILY CTRL-ID

CTRL-TITLE PRI

BASELINE-IMPACT

ENHANCE-ID

ENHANCEMENT-TITLE

Len 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20

FAMILY CTRL-ID

(ENH)

Cou

nt

CP-01 CONTINGENCY PLANNING POLICY AND PROCEDURES 37 CP-01

CP-02 CONTINGENCY PLAN 2 CP-02

CP-03 CONTINGENCY TRAINING 29 CP-03

CP-04 CONTINGENCY PLAN TESTING 53 CP-04

CP-05 CONTINGENCY PLAN UPDATE 48 CP-05

CP-06 ALTERNATE STORAGE SITE 32 CP-06

CP-07 ALTERNATE PROCESSING SITE 56 CP-07

CP-08 TELECOMMUNICATIONS SERVICES 25 CP-08

CP-09 INFORMATION SYSTEM BACKUP 2 • CP-09

CP-10 INFORMATION SYSTEM RECOVERY AND RECONSTITUTION 38 • CP-10

CP-11 ALTERNATE COMMUNICATIONS PROTOCOLS 2 CP-11

CP-12 SAFE MODE 48 CP-12

CP-13 ALTERNATIVE SECURITY MECHANISMS 27 CP-13

IDENTIFICATION AND AUTHENTICATION 43 IDENTIFICATION AND AUTHENTICATION

IA-01 IDENTIFICATION AND AUTHENTICATION POLICY AND PROCEDURES 2 IA-01

IA-02 IDENTIFICATION AND AUTHENTICATION (ORGANIZATIONAL USERS) 50 • IA-02

IA-03 DEVICE IDENTIFICATION AND AUTHENTICATION 51 • • IA-03

IA-04 IDENTIFIER MANAGEMENT 29 • IA-04

IA-05 AUTHENTICATOR MANAGEMENT 33 • • IA-05

IA-06 AUTHENTICATOR FEEDBACK 2 IA-06

IA-07 CRYPTOGRAPHIC MODULE AUTHENTICATION 62 IA-07

IA-08 IDENTIFICATION AND AUTHENTICATION (NON-ORGANIZATIONAL USERS) 34 IA-08

IA-09 SERVICE IDENTIFICATION AND AUTHENTICATION 28 IA-09

IA-10 ADAPTIVE IDENTIFICATION AND AUTHENTICATION 2 • • IA-10

IA-11 RE-AUTHENTICATION 44 IA-11

INCIDENT RESPONSE 62 INCIDENT RESPONSE

IR-01 INCIDENT RESPONSE POLICY AND PROCEDURES 47 • IR-01

IR-02 INCIDENT RESPONSE TRAINING 53 • IR-02

IR-03 INCIDENT RESPONSE TESTING 44 • IR-03

IR-04 INCIDENT HANDLING 45 • IR-04

IR-05 INCIDENT MONITORING 2 • IR-05

IR-06 INCIDENT REPORTING 33 • IR-06

IR-07 INCIDENT RESPONSE ASSISTANCE 6 • IR-07

IR-08 INCIDENT RESPONSE PLAN 9 • IR-08

IR-09 INFORMATION SPILLAGE RESPONSE 31 • IR-09

IR-10 INTEGRATED INFORMATION SECURITY ANALYSIS TEAM 2 • IR-10

MAINTENANCE 31 MAINTENANCE

MA-01 SYSTEM MAINTENANCE POLICY AND PROCEDURES 32 MA-01

MA-02 CONTROLLED MAINTENANCE 49 MA-02

MA-03 MAINTENANCE TOOLS 35 MA-03

MA-04 NONLOCAL MAINTENANCE 23 • • MA-04

MA-05 MAINTENANCE PERSONNEL 27 MA-05

MA-06 TIMELY MAINTENANCE 2 MA-06

MEDIA PROTECTION 9 MEDIA PROTECTION

MP-01 MEDIA PROTECTION POLICY AND PROCEDURES 27 MP-01

MP-02 MEDIA ACCESS 40 MP-02

MP-03 MEDIA MARKING 21 • MP-03

MP-04 MEDIA STORAGE 27 • MP-04

MP-05 MEDIA TRANSPORT 37 • MP-05

MP-06 MEDIA SANITIZATION 2 MP-06

MP-07 MEDIA USE 30 MP-07

MP-08 MEDIA DOWNGRADING 16 MP-08

PERSONNEL SECURITY 18 PERSONNEL SECURITY

PS-01 PERSONNEL SECURITY POLICY AND PROCEDURES 14 PS-01

PS-02 POSITION RISK DESIGNATION 44 PS-02

PS-03 PERSONNEL SCREENING 2 PS-03

PS-04 PERSONNEL TERMINATION 32 PS-04

PS-05 PERSONNEL TRANSFER 25 PS-05

PS-06 ACCESS AGREEMENTS 43 PS-06

PS-07 THIRD-PARTY PERSONNEL SECURITY 2 PS-07

PS-08 PERSONNEL SANCTIONS 41 PS-08

PHYSICAL AND ENVIRONMENTAL PROTECTION 22 PHYSICAL AND ENVIRONMENTAL PROTECTION

CONTROL TABLE PORTRAIT Page 2 of 5

MAP CSC 5.0 to NIST SP 800‐53 Revision 4 Security Controls01: I 06: A 11: L 16: A

02: I 07: W 12: C 17: D

03: S 08: D 13: B 18: I

04: C 09: S 14: M 19: S

05: M 10: S 15: C 20: P

203 7 10 16 6 6 15 10 3 9 12 11 9 11 17 10 11 13 9 9 9

FAMILY CTRL-ID

CTRL-TITLE PRI

BASELINE-IMPACT

ENHANCE-ID

ENHANCEMENT-TITLE

Len 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20

FAMILY CTRL-ID

(ENH)

Cou

nt

PE-01 PHYSICAL AND ENVIRONMENTAL PROTECTION POLICY AND PROCEDURES 36 PE-01

PE-02 PHYSICAL ACCESS AUTHORIZATIONS 43 PE-02

PE-03 PHYSICAL ACCESS CONTROL 64 PE-03

PE-04 ACCESS CONTROL FOR TRANSMISSION MEDIUM 40 PE-04

PE-05 ACCESS CONTROL FOR OUTPUT DEVICES 47 PE-05

PE-06 MONITORING PHYSICAL ACCESS 43 PE-06

PE-07 VISITOR CONTROL 2 PE-07

PE-08 VISITOR ACCESS RECORDS 56 PE-08

PE-09 POWER EQUIPMENT AND CABLING 2 PE-09

PE-10 EMERGENCY SHUTOFF 53 PE-10

PE-11 EMERGENCY POWER 32 PE-11

PE-12 EMERGENCY LIGHTING 22 PE-12

PE-13 FIRE PROTECTION 20 PE-13

PE-14 TEMPERATURE AND HUMIDITY CONTROLS 2 PE-14

PE-15 WATER DAMAGE PROTECTION 35 PE-15

PE-16 DELIVERY AND REMOVAL 38 PE-16

PE-17 ALTERNATE WORK SITE 47 PE-17

PE-18 LOCATION OF INFORMATION SYSTEM COMPONENTS 28 PE-18

PE-19 INFORMATION LEAKAGE 25 PE-19

PE-20 ASSET MONITORING AND TRACKING 14 PE-20

PLANNING 2 PLANNING

PL-01 SECURITY PLANNING POLICY AND PROCEDURES 24 PL-01

PL-02 SYSTEM SECURITY PLAN 2 PL-02

PL-03 SYSTEM SECURITY PLAN UPDATE 44 PL-03

PL-04 RULES OF BEHAVIOR 25 PL-04

PL-05 PRIVACY IMPACT ASSESSMENT 60 PL-05

PL-06 SECURITY-RELATED ACTIVITY PLANNING 32 PL-06

PL-07 SECURITY CONCEPT OF OPERATIONS 22 PL-07

PL-08 INFORMATION SECURITY ARCHITECTURE 2 PL-08

PL-09 CENTRAL MANAGEMENT 4 PL-09

Program Management 38 Program Management

PM-01 INFORMATION SECURITY PROGRAM PLAN 36 PM-01

PM-02 SENIOR INFORMATION SECURITY OFFICER 2 PM-02

PM-03 INFORMATION SECURITY RESOURCES 6 PM-03

PM-04 PLAN OF ACTION AND MILESTONES PROCESS 18 PM-04

PM-05 INFORMATION SYSTEM INVENTORY 4 • • PM-05

PM-06 INFORMATION SECURITY MEASURES OF PERFORMANCE 4 • PM-06

PM-07 ENTERPRISE ARCHITECTURE 4 PM-07

PM-08 CRITICAL INFRASTRUCTURE PLAN 4 PM-08

PM-09 RISK MANAGEMENT STRATEGY 4 PM-09

PM-10 SECURITY AUTHORIZATION PROCESS 4 PM-10

PM-11 MISSION/BUSINESS PROCESS DEFINITION 4 PM-11

PM-12 INSIDER THREAT PROGRAM 4 PM-12

PM-13 INFORMATION SECURITY WORKFORCE 4 • PM-13

PM-14 TESTING, TRAINING, AND MONITORING 4 • • PM-14

PM-15 CONTACTS WITH SECURITY GROUPS AND ASSOCIATIONS 4 PM-15

PM-16 THREAT AWARENESS PROGRAM 4 • • PM-16

RISK ASSESSMENT 38 RISK ASSESSMENT

RA-01 RISK ASSESSMENT POLICY AND PROCEDURES 4 RA-01

RA-02 SECURITY CATEGORIZATION 4 • RA-02

RA-03 RISK ASSESSMENT 4 RA-03

RA-04 RISK ASSESSMENT UPDATE 18 RA-04

RA-05 VULNERABILITY SCANNING 9 • • • RA-05

RA-06 TECHNICAL SURVEILLANCE COUNTERMEASURES SURVEY 23 • RA-06

SECURITY ASSESSMENT AND AUTHORIZATION 55 SECURITY ASSESSMENT AND AUTHORIZATION

CA-01 SECURITY ASSESSMENT AND AUTHORIZATION POLICY AND PROCEDURES 59 CA-01

CA-02 SECURITY ASSESSMENTS 2 • • CA-02

CA-03 SYSTEM INTERCONNECTIONS • • • • CA-03

CA-04 SECURITY CERTIFICATION 9 CA-04

CA-05 PLAN OF ACTION AND MILESTONES 4 • CA-05

CA-06 SECURITY AUTHORIZATION 65 • CA-06

CA-07 CONTINUOUS MONITORING 32 • • • • • • • • • • • • • • CA-07

CONTROL TABLE PORTRAIT Page 3 of 5

MAP CSC 5.0 to NIST SP 800‐53 Revision 4 Security Controls01: I 06: A 11: L 16: A

02: I 07: W 12: C 17: D

03: S 08: D 13: B 18: I

04: C 09: S 14: M 19: S

05: M 10: S 15: C 20: P

203 7 10 16 6 6 15 10 3 9 12 11 9 11 17 10 11 13 9 9 9

FAMILY CTRL-ID

CTRL-TITLE PRI

BASELINE-IMPACT

ENHANCE-ID

ENHANCEMENT-TITLE

Len 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20

FAMILY CTRL-ID

(ENH)

Cou

nt

CA-08 PENETRATION TESTING 40 • CA-08

CA-09 INTERNAL SYSTEM CONNECTIONS 6 • • • • • CA-09

SYSTEM AND COMMUNICATIONS PROTECTION 9 SYSTEM AND COMMUNICATIONS PROTECTION

SC-01 SYSTEM AND COMMUNICATIONS PROTECTION POLICY AND PROCEDURES 28 SC-01

SC-02 APPLICATION PARTITIONING 34 SC-02

SC-03 SECURITY FUNCTION ISOLATION 57 SC-03

SC-04 INFORMATION IN SHARED RESOURCES 34 SC-04

SC-05 DENIAL OF SERVICE PROTECTION 37 SC-05

SC-06 RESOURCE AVAILABILITY 19 SC-06

SC-07 BOUNDARY PROTECTION 32 • SC-07

SC-08 TRANSMISSION CONFIDENTIALITY AND INTEGRITY 28 • • • SC-08

SC-09 TRANSMISSION CONFIDENTIALITY 28 SC-09

SC-10 NETWORK DISCONNECT 25 SC-10

SC-11 TRUSTED PATH 31 SC-11

SC-12 CRYPTOGRAPHIC KEY ESTABLISHMENT AND MANAGEMENT 61 SC-12

SC-13 CRYPTOGRAPHIC PROTECTION 35 SC-13

SC-14 PUBLIC ACCESS PROTECTIONS 69 SC-14

SC-15 COLLABORATIVE COMPUTING DEVICES 46 • SC-15

SC-16 TRANSMISSION OF SECURITY ATTRIBUTES 31 • SC-16

SC-17 PUBLIC KEY INFRASTRUCTURE CERTIFICATES 25 • • SC-17

SC-18 MOBILE CODE 48 • SC-18

SC-19 VOICE OVER INTERNET PROTOCOL 30 SC-19

SC-20 SECURE NAME / ADDRESS RESOLUTION SERVICE (AUTHORITATIVE SOURCE) 35 • • SC-20

SC-21 SECURE NAME / ADDRESS RESOLUTION SERVICE (RECURSIVE OR CACHING RESOLVER) 36 • • SC-21

SC-22 ARCHITECTURE AND PROVISIONING FOR NAME / ADDRESS RESOLUTION SERVICE 2 • • SC-22

SC-23 SESSION AUTHENTICITY 38 • SC-23

SC-24 FAIL IN KNOWN STATE 24 • SC-24

SC-25 THIN NODES 2 SC-25

SC-26 HONEYPOTS 54 SC-26

SC-27 PLATFORM-INDEPENDENT APPLICATIONS 36 SC-27

SC-28 PROTECTION OF INFORMATION AT REST 9 • SC-28

SC-29 HETEROGENEITY 32 SC-29

SC-30 CONCEALMENT AND MISDIRECTION 42 SC-30

SC-31 COVERT CHANNEL ANALYSIS 2 • SC-31

SC-32 INFORMATION SYSTEM PARTITIONING 2 • SC-32

SC-33 TRANSMISSION PREPARATION INTEGRITY 6 SC-33

SC-34 NON-MODIFIABLE EXECUTABLE PROGRAMS 47 • • • SC-34

SC-35 HONEYCLIENTS 39 SC-35

SC-36 DISTRIBUTED PROCESSING AND STORAGE 52 SC-36

SC-37 OUT-OF-BAND CHANNELS 49 • SC-37

SC-38 OPERATIONS SECURITY 59 SC-38

SC-39 PROCESS ISOLATION 50 • • SC-39

SC-40 WIRELESS LINK PROTECTION 40 • SC-40

SC-41 PORT AND I/O DEVICE ACCESS 66 • • SC-41

SC-42 SENSOR CAPABILITY AND DATA 54 SC-42

SC-43 USAGE RESTRICTIONS 23 SC-43

SC-44 DETONATION CHAMBERS 17 • SC-44

SYSTEM AND INFORMATION INTEGRITY 51 SYSTEM AND INFORMATION INTEGRITY

SI-01 SYSTEM AND INFORMATION INTEGRITY POLICY AND PROCEDURES 28 SI-01

SI-02 FLAW REMEDIATION 24 • SI-02

SI-03 MALICIOUS CODE PROTECTION 27 • SI-03

SI-04 INFORMATION SYSTEM MONITORING 2 • • • • • • • • • • • • • • SI-04

SI-05 SECURITY ALERTS, ADVISORIES, AND DIRECTIVES 40 SI-05

SI-06 SECURITY FUNCTION VERIFICATION 10 • SI-06

SI-07 SOFTWARE, FIRMWARE, AND INFORMATION INTEGRITY 2 • SI-07

SI-08 SPAM PROTECTION 52 • SI-08

SI-09 INFORMATION INPUT RESTRICTIONS 6 SI-09

SI-10 INFORMATION INPUT VALIDATION 4 • SI-10

SI-11 ERROR HANDLING 6 • SI-11

SI-12 INFORMATION HANDLING AND RETENTION 31 SI-12

SI-13 PREDICTABLE FAILURE PREVENTION 25 SI-13

SI-14 NON-PERSISTENCE 25 SI-14

CONTROL TABLE PORTRAIT Page 4 of 5

MAP CSC 5.0 to NIST SP 800‐53 Revision 4 Security Controls01: I 06: A 11: L 16: A

02: I 07: W 12: C 17: D

03: S 08: D 13: B 18: I

04: C 09: S 14: M 19: S

05: M 10: S 15: C 20: P

203 7 10 16 6 6 15 10 3 9 12 11 9 11 17 10 11 13 9 9 9

FAMILY CTRL-ID

CTRL-TITLE PRI

BASELINE-IMPACT

ENHANCE-ID

ENHANCEMENT-TITLE

Len 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20

FAMILY CTRL-ID

(ENH)

Cou

nt

SI-15 INFORMATION OUTPUT FILTERING 41 • SI-15

SI-16 MEMORY PROTECTION 59 • SI-16

SI-17 FAIL-SAFE PROCEDURES 2 SI-17

SYSTEM AND SERVICES ACQUISITION 31 SYSTEM AND SERVICES ACQUISITION

SA-01 SYSTEM AND SERVICES ACQUISITION POLICY AND PROCEDURES 57 SA-01

SA-02 ALLOCATION OF RESOURCES 32 SA-02

SA-03 SYSTEM DEVELOPMENT LIFE CYCLE 23 • SA-03

SA-04 ACQUISITION PROCESS 24 • • • SA-04

SA-05 INFORMATION SYSTEM DOCUMENTATION 59 SA-05

SA-06 SOFTWARE USAGE RESTRICTIONS 32 SA-06

SA-07 USER-INSTALLED SOFTWARE 36 SA-07

SA-08 SECURITY ENGINEERING PRINCIPLES 36 • SA-08

SA-09 EXTERNAL INFORMATION SYSTEM SERVICES 2 • SA-09

SA-10 DEVELOPER CONFIGURATION MANAGEMENT 37 • SA-10

SA-11 DEVELOPER SECURITY TESTING AND EVALUATION 37 • • SA-11

SA-12 SUPPLY CHAIN PROTECTION 33 SA-12

SA-13 TRUSTWORTHINESS 45 • SA-13

SA-14 CRITICALITY ANALYSIS 27 SA-14

SA-15 DEVELOPMENT PROCESS, STANDARDS, AND TOOLS 31 • SA-15

SA-16 DEVELOPER-PROVIDED TRAINING 33 • • SA-16

SA-17 DEVELOPER SECURITY ARCHITECTURE AND DESIGN 38 • • SA-17

SA-18 TAMPER RESISTANCE AND DETECTION 35 • SA-18

SA-19 COMPONENT AUTHENTICITY 54 SA-19

SA-20 CUSTOMIZED DEVELOPMENT OF CRITICAL COMPONENTS 33 • SA-20

SA-21 DEVELOPER SCREENING 22 • SA-21

SA-22 UNSUPPORTED SYSTEM COMPONENTS 6 SA-22

CONTROL TABLE PORTRAIT Page 5 of 5