Gemeinsames FedRAMP Moderate-Sicherheitsmodell

Mit Sammlungen den Überblick behalten Sie können Inhalte basierend auf Ihren Einstellungen speichern und kategorisieren.

Die FedRAMP Moderate-Autorisierungsebene enthält über 300 Steuerelemente, die von NIST 800-53 abgeleitet sind. Google Cloud bietet Compliance-Support für Steuerelemente, die in der folgenden Tabelle mit dem Label Von Google übernommen gekennzeichnet sind. Dieses bedeutet, dass Nutzer diese Steuerelemente bei der Verwendung von Google Cloud standardmäßig übernehmen können. Nutzer sind dafür verantwortlich, die in der folgenden Tabelle mit Kunde gekennzeichneten Steuerelemente zu implementieren. Google Cloud kann durch die Implementierung von Produkten und Diensten die Compliance für ausgewählte Steuerelemente unterstützen, für die der Kunde verantwortlich ist. Das FedRAMP-Kundenpaket enthält zusätzliche Informationen zu jedem Steuerelement und zu den spezifischen Produkten und Diensten, die die Compliance unterstützen können. Steuerelemente, die in der folgenden Tabelle mit gekennzeichnet sind, sind nicht in die Bewertung von FedRAMP Moderate in Google Cloud einbezogen und können sich je nach Kundenanwendungsfall und Audit-Bereich ändern.

Gemeinsame Sicherheitsmatrix

Wählen Sie zum Filtern und Sortieren der folgenden Tabelle eine Menüoption aus, geben Sie etwas in das Feld ein oder klicken Sie auf eine Spaltenüberschrift.

Familie ID Name des Steuerelements Verantwortung für Steuerelement
ACCESS CONTROL AC-1 ACCESS CONTROL POLICY AND PROCEDURES Kunde
ACCESS CONTROL AC-2 ACCOUNT MANAGEMENT Kunde
ACCESS CONTROL AC-2 (1) ACCOUNT MANAGEMENT | AUTOMATED SYSTEM ACCOUNT MANAGEMENT Kunde
ACCESS CONTROL AC-2 (2) ACCOUNT MANAGEMENT | REMOVAL OF TEMPORARY / EMERGENCY ACCOUNTS Kunde
ACCESS CONTROL AC-2 (3) ACCOUNT MANAGEMENT | DISABLE INACTIVE ACCOUNTS Kunde
ACCESS CONTROL AC-2 (4) ACCOUNT MANAGEMENT | AUTOMATED AUDIT ACTIONS Kunde
ACCESS CONTROL AC-2 (5) ACCOUNT MANAGEMENT | INACTIVITY LOGOUT Kunde
ACCESS CONTROL AC-2 (7) ACCOUNT MANAGEMENT | ROLE-BASED SCHEMES Kunde
ACCESS CONTROL AC-2 (9) ACCOUNT MANAGEMENT | RESTRICTIONS ON USE OF SHARED GROUPS / ACCOUNTS Kunde
ACCESS CONTROL AC-2 (10) ACCOUNT MANAGEMENT | SHARED / GROUP ACCOUNT CREDENTIAL TERMINATION Kunde
ACCESS CONTROL AC-2 (12) ACCOUNT MANAGEMENT | ACCOUNT MONITORING / ATYPICAL USAGE Kunde
ACCESS CONTROL AC-3 ACCESS ENFORCEMENT Kunde
ACCESS CONTROL AC-4 INFORMATION FLOW ENFORCEMENT Kunde
ACCESS CONTROL AC-4 (21) INFORMATION FLOW ENFORCEMENT | PHYSICAL / LOGICAL SEPARATION OF INFORMATION FLOWS Kunde
ACCESS CONTROL AC-5 SEPARATION OF DUTIES Kunde
ACCESS CONTROL AC-6 LEAST PRIVILEGE Kunde
ACCESS CONTROL AC-6 (1) LEAST PRIVILEGE | AUTHORIZE ACCESS TO SECURITY FUNCTIONS Von Google übernommen
ACCESS CONTROL AC-6 (2) LEAST PRIVILEGE | NON-PRIVILEGED ACCESS FOR NONSECURITY FUNCTIONS Von Google übernommen
ACCESS CONTROL AC-6 (5) LEAST PRIVILEGE | PRIVILEGED ACCOUNTS Von Google übernommen
ACCESS CONTROL AC-6 (9) LEAST PRIVILEGE | AUDITING USE OF PRIVILEGED FUNCTIONS Kunde
ACCESS CONTROL AC-6 (10) LEAST PRIVILEGE | PROHIBIT NON-PRIVILEGED USERS FROM EXECUTING PRIVILEGED FUNCTIONS Kunde
ACCESS CONTROL AC-7 UNSUCCESSFUL LOGON ATTEMPTS Von Google übernommen
ACCESS CONTROL AC-8 SYSTEM USE NOTIFICATION Kunde
ACCESS CONTROL AC-10 CONCURRENT SESSION CONTROL Kunde
ACCESS CONTROL AC-11 SESSION LOCK Kunde
ACCESS CONTROL AC-11 (1) SESSION LOCK | PATTERN-HIDING DISPLAYS Kunde
ACCESS CONTROL AC-12 SESSION TERMINATION Kunde
ACCESS CONTROL AC-14 PERMITTED ACTIONS WITHOUT IDENTIFICATION OR AUTHENTICATION Von Google übernommen
ACCESS CONTROL AC-17 REMOTE ACCESS Von Google übernommen
ACCESS CONTROL AC-17 (1) REMOTE ACCESS | AUTOMATED MONITORING / CONTROL Kunde
ACCESS CONTROL AC-17 (2) REMOTE ACCESS | PROTECTION OF CONFIDENTIALITY / INTEGRITY USING ENCRYPTION Kunde
ACCESS CONTROL AC-17 (3) REMOTE ACCESS | MANAGED ACCESS CONTROL POINTS Kunde
ACCESS CONTROL AC-17 (4) REMOTE ACCESS | PRIVILEGED COMMANDS / ACCESS Von Google übernommen
ACCESS CONTROL AC-17 (9) REMOTE ACCESS | DISCONNECT / DISABLE ACCESS Von Google übernommen
ACCESS CONTROL AC-18 WIRELESS ACCESS Von Google übernommen
ACCESS CONTROL AC-18 (1) WIRELESS ACCESS | AUTHENTICATION AND ENCRYPTION
ACCESS CONTROL AC-19 ACCESS CONTROL FOR MOBILE DEVICES Von Google übernommen
ACCESS CONTROL AC-19 (5) ACCESS CONTROL FOR MOBILE DEVICES | FULL DEVICE / CONTAINER-BASED ENCRYPTION Von Google übernommen
ACCESS CONTROL AC-20 USE OF EXTERNAL INFORMATION SYSTEMS
ACCESS CONTROL AC-20 (1) USE OF EXTERNAL INFORMATION SYSTEMS | LIMITS ON AUTHORIZED USE
ACCESS CONTROL AC-20 (2) USE OF EXTERNAL INFORMATION SYSTEMS | PORTABLE STORAGE DEVICES
ACCESS CONTROL AC-21 INFORMATION SHARING Kunde
ACCESS CONTROL AC-22 PUBLICLY ACCESSIBLE CONTENT Kunde
AWARENESS AND TRAINING AT-1 SECURITY AWARENESS AND TRAINING POLICY ANDPROCEDURES Kunde
AWARENESS AND TRAINING AT-2 SECURITY AWARENESS TRAINING Von Google übernommen
AWARENESS AND TRAINING AT-2 (2) SECURITY AWARENESS | INSIDER THREAT Von Google übernommen
AWARENESS AND TRAINING AT-3 ROLE-BASED SECURITY TRAINING Von Google übernommen
AWARENESS AND TRAINING AT-4 SECURITY TRAINING RECORDS Von Google übernommen
AUDIT AND ACCOUNTABILITY AU-1 AUDIT AND ACCOUNTABILITY POLICY AND PROCEDURES Kunde
AUDIT AND ACCOUNTABILITY AU-2 AUDIT EVENTS Kunde
AUDIT AND ACCOUNTABILITY AU-2 (3) AUDIT EVENTS | REVIEWS AND UPDATES Von Google übernommen
AUDIT AND ACCOUNTABILITY AU-3 CONTENT OF AUDIT RECORDS Kunde
AUDIT AND ACCOUNTABILITY AU-3 (1) CONTENT OF AUDIT RECORDS | ADDITIONAL AUDIT INFORMATION Kunde
AUDIT AND ACCOUNTABILITY AU-4 AUDIT STORAGE CAPACITY Kunde
AUDIT AND ACCOUNTABILITY AU-5 RESPONSE TO AUDIT PROCESSING FAILURES Von Google übernommen
AUDIT AND ACCOUNTABILITY AU-6 AUDIT REVIEW, ANALYSIS, AND REPORTING Kunde
AUDIT AND ACCOUNTABILITY AU-6 (1) AUDIT REVIEW, ANALYSIS, AND REPORTING | PROCESS INTEGRATION Von Google übernommen
AUDIT AND ACCOUNTABILITY AU-6 (3) AUDIT REVIEW, ANALYSIS, AND REPORTING | CORRELATE AUDIT REPOSITORIES Von Google übernommen
AUDIT AND ACCOUNTABILITY AU-7 AUDIT REDUCTION AND REPORT GENERATION Von Google übernommen
AUDIT AND ACCOUNTABILITY AU-7 (1) AUDIT REDUCTION AND REPORT GENERATION | AUTOMATIC PROCESSING Von Google übernommen
AUDIT AND ACCOUNTABILITY AU-8 timestamps Kunde
AUDIT AND ACCOUNTABILITY AU-8 (1) timestamps | SYNCHRONIZATION WITH AUTHORITATIVE TIME SOURCE Von Google übernommen
AUDIT AND ACCOUNTABILITY AU-9 PROTECTION OF AUDIT INFORMATION Von Google übernommen
AUDIT AND ACCOUNTABILITY AU-9 (2) PROTECTION OF AUDIT INFORMATION | AUDIT BACKUP ON SEPARATE PHYSICAL SYSTEMS / COMPONENTS Kunde
AUDIT AND ACCOUNTABILITY AU-9 (4) PROTECTION OF AUDIT INFORMATION | ACCESS BY SUBSET OF PRIVILEGED USERS Kunde
AUDIT AND ACCOUNTABILITY AU-11 AUDIT RECORD RETENTION Kunde
AUDIT AND ACCOUNTABILITY AU-12 AUDIT GENERATION Von Google übernommen
SECURITY ASSESSMENT AND AUTHORIZATION CA-1 SECURITY ASSESSMENT AND AUTHORIZATION POLICY AND PROCEDURES Kunde
SECURITY ASSESSMENT AND AUTHORIZATION CA-2 SECURITY ASSESSMENTS Von Google übernommen
SECURITY ASSESSMENT AND AUTHORIZATION CA-2 (1) SECURITY ASSESSMENTS | INDEPENDENT ASSESSORS Von Google übernommen
SECURITY ASSESSMENT AND AUTHORIZATION CA-2 (2) SECURITY ASSESSMENTS | SPECIALIZED ASSESSMENTS Von Google übernommen
SECURITY ASSESSMENT AND AUTHORIZATION CA-2 (3) SECURITY ASSESSMENTS | EXTERNAL ORGANIZATIONS Von Google übernommen
SECURITY ASSESSMENT AND AUTHORIZATION CA-3 SYSTEM INTERCONNECTIONS Kunde
SECURITY ASSESSMENT AND AUTHORIZATION CA-3 (3) SYSTEM INTERCONNECTIONS | UNCLASSIFIED NON-NATIONAL SECURITY SYSTEM CONNECTIONS Kunde
SECURITY ASSESSMENT AND AUTHORIZATION CA-3 (5) SYSTEM INTERCONNECTIONS | RESTRICTIONS ON EXTERNAL SYSTEM CONNECTIONS Kunde
SECURITY ASSESSMENT AND AUTHORIZATION CA-5 PLAN OF ACTION AND MILESTONES Von Google übernommen
SECURITY ASSESSMENT AND AUTHORIZATION CA-6 SECURITY AUTHORIZATION Kunde
SECURITY ASSESSMENT AND AUTHORIZATION CA-7 CONTINUOUS MONITORING Kunde
SECURITY ASSESSMENT AND AUTHORIZATION CA-7 (1) CONTINUOUS MONITORING | INDEPENDENT ASSESSMENT Von Google übernommen
SECURITY ASSESSMENT AND AUTHORIZATION CA-8 PENETRATION TESTING Von Google übernommen
SECURITY ASSESSMENT AND AUTHORIZATION CA-8 (1) PENETRATION TESTING | INDEPENDENT PENETRATION AGENT OR TEAM Von Google übernommen
SECURITY ASSESSMENT AND AUTHORIZATION CA-9 INTERNAL SYSTEM CONNECTIONS Von Google übernommen
CONFIGURATION MANAGEMENT CM-1 CONFIGURATION MANAGEMENT POLICY AND PROCEDURES Kunde
CONFIGURATION MANAGEMENT CM-2 BASELINE CONFIGURATION Kunde
CONFIGURATION MANAGEMENT CM-2 (1) BASELINE CONFIGURATION | REVIEWS AND UPDATES Von Google übernommen
CONFIGURATION MANAGEMENT CM-2 (2) BASELINE CONFIGURATION | AUTOMATION SUPPORT FOR ACCURACY / CURRENCY Von Google übernommen
CONFIGURATION MANAGEMENT CM-2 (3) BASELINE CONFIGURATION | RETENTION OF PREVIOUS CONFIGURATIONS Von Google übernommen
CONFIGURATION MANAGEMENT CM-2 (7) BASELINE CONFIGURATION | CONFIGURE SYSTEMS, COMPONENTS, OR DEVICES FOR HIGH-RISK AREAS Von Google übernommen
CONFIGURATION MANAGEMENT CM-3 CONFIGURATION CHANGE CONTROL Von Google übernommen
CONFIGURATION MANAGEMENT CM-4 SECURITY IMPACT ANALYSIS Von Google übernommen
CONFIGURATION MANAGEMENT CM-5 ACCESS RESTRICTIONS FOR CHANGE Von Google übernommen
CONFIGURATION MANAGEMENT CM-5 (1) ACCESS RESTRICTIONS FOR CHANGE | AUTOMATED ACCESS ENFORCEMENT / AUDITING Von Google übernommen
CONFIGURATION MANAGEMENT CM-5 (3) ACCESS RESTRICTIONS FOR CHANGE | SIGNED COMPONENTS Von Google übernommen
CONFIGURATION MANAGEMENT CM-5 (5) ACCESS RESTRICTIONS FOR CHANGE | LIMIT PRODUCTION / OPERATIONAL PRIVILEGES Von Google übernommen
CONFIGURATION MANAGEMENT CM-6 CONFIGURATION SETTINGS Kunde
CONFIGURATION MANAGEMENT CM-6 (1) CONFIGURATION SETTINGS | AUTOMATED CENTRAL MANAGEMENT / APPLICATION / VERIFICATION Von Google übernommen
CONFIGURATION MANAGEMENT CM-7 LEAST FUNCTIONALITY Von Google übernommen
CONFIGURATION MANAGEMENT CM-7 (1) LEAST FUNCTIONALITY | PERIODIC REVIEW Von Google übernommen
CONFIGURATION MANAGEMENT CM-7 (2) LEAST FUNCTIONALITY | PREVENT PROGRAM EXECUTION Von Google übernommen
CONFIGURATION MANAGEMENT CM-7 (5) LEAST FUNCTIONALITY | AUTHORIZED SOFTWARE / WHITELISTING Von Google übernommen
CONFIGURATION MANAGEMENT CM-8 INFORMATION SYSTEM COMPONENT INVENTORY Von Google übernommen
CONFIGURATION MANAGEMENT CM-8 (1) INFORMATION SYSTEM COMPONENT INVENTORY | UPDATES DURING INSTALLATIONS / REMOVALS Von Google übernommen
CONFIGURATION MANAGEMENT CM-8 (3) INFORMATION SYSTEM COMPONENT INVENTORY | AUTOMATED UNAUTHORIZED COMPONENT DETECTION Von Google übernommen
CONFIGURATION MANAGEMENT CM-8 (5) INFORMATION SYSTEM COMPONENT INVENTORY | NO DUPLICATE ACCOUNTING OF COMPONENTS Von Google übernommen
CONFIGURATION MANAGEMENT CM-9 CONFIGURATION MANAGEMENT PLAN Von Google übernommen
CONFIGURATION MANAGEMENT CM-10 SOFTWARE USAGE RESTRICTIONS Von Google übernommen
CONFIGURATION MANAGEMENT CM-10 (1) SOFTWARE USAGE RESTRICTIONS | OPEN SOURCE SOFTWARE Von Google übernommen
CONFIGURATION MANAGEMENT CM-11 USER-INSTALLED SOFTWARE Von Google übernommen
CONTINGENCY PLANNING CP-1 CONTINGENCY PLANNING POLICY AND PROCEDURES Kunde
CONTINGENCY PLANNING CP-2 CONTINGENCY PLAN Von Google übernommen
CONTINGENCY PLANNING CP-2 (1) CONTINGENCY PLAN | COORDINATE WITH RELATED PLANS Von Google übernommen
CONTINGENCY PLANNING CP-2 (2) CONTINGENCY PLAN | CAPACITY PLANNING Von Google übernommen
CONTINGENCY PLANNING CP-2 (3) CONTINGENCY PLAN | RESUME ESSENTIAL MISSIONS / BUSINESS FUNCTIONS Von Google übernommen
CONTINGENCY PLANNING CP-2 (8) CONTINGENCY PLAN | IDENTIFY CRITICAL ASSETS Von Google übernommen
CONTINGENCY PLANNING CP-3 CONTINGENCY TRAINING Von Google übernommen
CONTINGENCY PLANNING CP-4 CONTINGENCY PLAN TESTING Von Google übernommen
CONTINGENCY PLANNING CP-4 (1) CONTINGENCY PLAN TESTING | COORDINATE WITH RELATED PLANS Von Google übernommen
CONTINGENCY PLANNING CP-6 ALTERNATE STORAGE SITE Von Google übernommen
CONTINGENCY PLANNING CP-6 (1) ALTERNATE STORAGE SITE | SEPARATION FROM PRIMARY SITE Kunde
CONTINGENCY PLANNING CP-6 (3) ALTERNATE STORAGE SITE | ACCESSIBILITY Von Google übernommen
CONTINGENCY PLANNING CP-7 ALTERNATE PROCESSING SITE Von Google übernommen
CONTINGENCY PLANNING CP-7 (1) ALTERNATE PROCESSING SITE | SEPARATION FROM PRIMARY SITE Kunde
CONTINGENCY PLANNING CP-7 (2) ALTERNATE PROCESSING SITE | ACCESSIBILITY Von Google übernommen
CONTINGENCY PLANNING CP-7 (3) ALTERNATE PROCESSING SITE | PRIORITY OF SERVICE
CONTINGENCY PLANNING CP-8 TELECOMMUNICATIONS SERVICES Von Google übernommen
CONTINGENCY PLANNING CP-8 (1) TELECOMMUNICATIONS SERVICES | PRIORITY OF SERVICE PROVISIONS Von Google übernommen
CONTINGENCY PLANNING CP-8 (2) TELECOMMUNICATIONS SERVICES | SINGLE POINTS OF FAILURE Von Google übernommen
CONTINGENCY PLANNING CP-9 INFORMATION SYSTEM BACKUP Von Google übernommen
CONTINGENCY PLANNING CP-9 (1) INFORMATION SYSTEM BACKUP | TESTING FOR RELIABILITY / INTEGRITY Von Google übernommen
CONTINGENCY PLANNING CP-9 (3) INFORMATION SYSTEM BACKUP | SEPARATE STORAGE FOR CRITICAL INFORMATION Von Google übernommen
CONTINGENCY PLANNING CP-10 INFORMATION SYSTEM RECOVERY AND RECONSTITUTION Von Google übernommen
CONTINGENCY PLANNING CP-10 (2) INFORMATION SYSTEM RECOVERY AND RECONSTITUTION | TRANSACTION RECOVERY Von Google übernommen
IDENTIFICATION AND AUTHENTICATION IA-1 IDENTIFICATION AND AUTHENTICATION POLICY AND PROCEDURES Kunde
IDENTIFICATION AND AUTHENTICATION IA-2 IDENTIFICATION AND AUTHENTICATION (ORGANIZATIONAL USERS) Kunde
IDENTIFICATION AND AUTHENTICATION IA-2 (1) IDENTIFICATION AND AUTHENTICATION | NETWORK ACCESS TO PRIVILEGED ACCOUNTS Kunde
IDENTIFICATION AND AUTHENTICATION IA-2 (2) IDENTIFICATION AND AUTHENTICATION | NETWORK ACCESS TO NON-PRIVILEGED ACCOUNTS Kunde
IDENTIFICATION AND AUTHENTICATION IA-2 (3) IDENTIFICATION AND AUTHENTICATION | LOCAL ACCESS TO PRIVILEGED ACCOUNTS
IDENTIFICATION AND AUTHENTICATION IA-2 (5) IDENTIFICATION AND AUTHENTICATION (ORGANIZATIONAL USERS) | GROUP AUTHENTICATION Kunde
IDENTIFICATION AND AUTHENTICATION IA-2 (8) IDENTIFICATION AND AUTHENTICATION | NETWORK ACCESS TO PRIVILEGED ACCOUNTS - REPLAY RESISTANT Kunde
IDENTIFICATION AND AUTHENTICATION IA-2 (11) IDENTIFICATION AND AUTHENTICATION | REMOTE ACCESS - SEPARATE DEVICE Kunde
IDENTIFICATION AND AUTHENTICATION IA-2 (12) IDENTIFICATION AND AUTHENTICATION | ACCEPTANCE OF PIV CREDENTIALS Kunde
IDENTIFICATION AND AUTHENTICATION IA-3 DEVICE IDENTIFICATION AND AUTHENTICATION Kunde
IDENTIFICATION AND AUTHENTICATION IA-4 IDENTIFIER MANAGEMENT Kunde
IDENTIFICATION AND AUTHENTICATION IA-4 (4) IDENTIFIER MANAGEMENT | IDENTIFY USER STATUS Kunde
IDENTIFICATION AND AUTHENTICATION IA-5 AUTHENTICATOR MANAGEMENT Kunde
IDENTIFICATION AND AUTHENTICATION IA-5 (1) AUTHENTICATOR MANAGEMENT | PASSWORD-BASED AUTHENTICATION Kunde
IDENTIFICATION AND AUTHENTICATION IA-5 (2) AUTHENTICATOR MANAGEMENT | PKI-BASED AUTHENTICATION Kunde
IDENTIFICATION AND AUTHENTICATION IA-5 (3) AUTHENTICATOR MANAGEMENT | IN-PERSON OR TRUSTED THIRD-PARTY REGISTRATION Kunde
IDENTIFICATION AND AUTHENTICATION IA-5 (4) AUTHENTICATOR MANAGEMENT | AUTOMATED SUPPORT FOR PASSWORD STRENGTH DETERMINATION Kunde
IDENTIFICATION AND AUTHENTICATION IA-5 (6) AUTHENTICATOR MANAGEMENT | PROTECTION OF AUTHENTICATORS Kunde
IDENTIFICATION AND AUTHENTICATION IA-5 (7) AUTHENTICATOR MANAGEMENT | NO EMBEDDED UNENCRYPTED STATIC AUTHENTICATORS Kunde
IDENTIFICATION AND AUTHENTICATION IA-5 (11) AUTHENTICATOR MANAGEMENT | HARDWARE TOKEN-BASED AUTHENTICATION Kunde
IDENTIFICATION AND AUTHENTICATION IA-6 AUTHENTICATOR FEEDBACK Kunde
IDENTIFICATION AND AUTHENTICATION IA-7 CRYPTOGRAPHIC MODULE AUTHENTICATION Kunde
IDENTIFICATION AND AUTHENTICATION IA-8 IDENTIFICATION AND AUTHENTICATION (NON- ORGANIZATIONAL USERS) Kunde
IDENTIFICATION AND AUTHENTICATION IA-8 (1) IDENTIFICATION AND AUTHENTICATION | ACCEPTANCE OF PIV CREDENTIALS FROM OTHER AGENCIES Kunde
IDENTIFICATION AND AUTHENTICATION IA-8 (2) IDENTIFICATION AND AUTHENTICATION | ACCEPTANCE OF THIRD-PARTY CREDENTIALS Kunde
IDENTIFICATION AND AUTHENTICATION IA-8 (3) IDENTIFICATION AND AUTHENTICATION | USE OF FICAM-APPROVED PRODUCTS Kunde
IDENTIFICATION AND AUTHENTICATION IA-8 (4) IDENTIFICATION AND AUTHENTICATION | USE OF FICAM-ISSUED PROFILES Kunde
INCIDENT RESPONSE IR-1 INCIDENT RESPONSE POLICY AND PROCEDURES Kunde
INCIDENT RESPONSE IR-2 INCIDENT RESPONSE TRAINING Von Google übernommen
INCIDENT RESPONSE IR-3 INCIDENT RESPONSE TESTING Von Google übernommen
INCIDENT RESPONSE IR-3 (2) INCIDENT RESPONSE TESTING | COORDINATION WITH RELATED PLANS Von Google übernommen
INCIDENT RESPONSE IR-4 INCIDENT HANDLING Von Google übernommen
INCIDENT RESPONSE IR-4 (1) INCIDENT HANDLING | AUTOMATED INCIDENT HANDLING PROCESSES Von Google übernommen
INCIDENT RESPONSE IR-5 INCIDENT MONITORING Von Google übernommen
INCIDENT RESPONSE IR-6 INCIDENT REPORTING Kunde
INCIDENT RESPONSE IR-6 (1) INCIDENT REPORTING | AUTOMATED REPORTING Von Google übernommen
INCIDENT RESPONSE IR-7 INCIDENT RESPONSE ASSISTANCE Von Google übernommen
INCIDENT RESPONSE IR-7 (1) INCIDENT RESPONSE ASSISTANCE | AUTOMATION SUPPORT FOR AVAILABILITY OF INFORMATION / SUPPORT Von Google übernommen
INCIDENT RESPONSE IR-7 (2) INCIDENT RESPONSE ASSISTANCE | COORDINATION WITH EXTERNAL PROVIDERS
INCIDENT RESPONSE IR-8 INCIDENT RESPONSE PLAN Kunde
INCIDENT RESPONSE IR-9 INFORMATION SPILLAGE RESPONSE Kunde
INCIDENT RESPONSE IR-9 (1) INFORMATION SPILLAGE RESPONSE | RESPONSIBLE PERSONNEL Kunde
INCIDENT RESPONSE IR-9 (2) INFORMATION SPILLAGE RESPONSE | TRAINING Kunde
INCIDENT RESPONSE IR-9 (3) INFORMATION SPILLAGE RESPONSE | POST-SPILL OPERATIONS Kunde
INCIDENT RESPONSE IR-9 (4) INFORMATION SPILLAGE RESPONSE | EXPOSURE TO UNAUTHORIZED PERSONNEL Kunde
MAINTENANCE MA-1 SYSTEM MAINTENANCE POLICY AND PROCEDURES Kunde
MAINTENANCE MA-2 CONTROLLED MAINTENANCE Von Google übernommen
MAINTENANCE MA-3 MAINTENANCE TOOLS Von Google übernommen
MAINTENANCE MA-3 (1) MAINTENANCE TOOLS | INSPECT TOOLS Von Google übernommen
MAINTENANCE MA-3 (2) MAINTENANCE TOOLS | INSPECT MEDIA Von Google übernommen
MAINTENANCE MA-3 (3) MAINTENANCE TOOLS | PREVENT UNAUTHORIZED REMOVAL Von Google übernommen
MAINTENANCE MA-4 NONLOCAL MAINTENANCE Von Google übernommen
MAINTENANCE MA-4 (2) NONLOCAL MAINTENANCE | DOCUMENT NONLOCAL MAINTENANCE Von Google übernommen
MAINTENANCE MA-5 MAINTENANCE PERSONNEL Von Google übernommen
MAINTENANCE MA-5 (1) MAINTENANCE PERSONNEL | INDIVIDUALS WITHOUT APPROPRIATE ACCESS Von Google übernommen
MAINTENANCE MA-6 TIMELY MAINTENANCE Von Google übernommen
MEDIA PROTECTION MP-1 MEDIA PROTECTION POLICY AND PROCEDURES Kunde
MEDIA PROTECTION MP-2 MEDIA ACCESS Von Google übernommen
MEDIA PROTECTION MP-3 MEDIA MARKING Von Google übernommen
MEDIA PROTECTION MP-4 MEDIA STORAGE Von Google übernommen
MEDIA PROTECTION MP-5 MEDIA TRANSPORT Von Google übernommen
MEDIA PROTECTION MP-5 (4) MEDIA TRANSPORT | CRYPTOGRAPHIC PROTECTION Von Google übernommen
MEDIA PROTECTION MP-6 MEDIA SANITIZATION Von Google übernommen
MEDIA PROTECTION MP-6 (2) MEDIA SANITIZATION | EQUIPMENT TESTING Von Google übernommen
MEDIA PROTECTION MP-7 MEDIA USE Von Google übernommen
MEDIA PROTECTION MP-7 (1) MEDIA USE | PROHIBIT USE WITHOUT OWNER
PHYSICAL AND ENVIRONMENTAL PROTECTION PE-1 PHYSICAL AND ENVIRONMENTAL PROTECTION POLICY AND PROCEDURES Kunde
PHYSICAL AND ENVIRONMENTAL PROTECTION PE-2 PHYSICAL ACCESS AUTHORIZATIONS Von Google übernommen
PHYSICAL AND ENVIRONMENTAL PROTECTION PE-3 PHYSICAL ACCESS CONTROL Von Google übernommen
PHYSICAL AND ENVIRONMENTAL PROTECTION PE-4 ACCESS CONTROL FOR TRANSMISSION MEDIUM Von Google übernommen
PHYSICAL AND ENVIRONMENTAL PROTECTION PE-5 ACCESS CONTROL FOR OUTPUT DEVICES
PHYSICAL AND ENVIRONMENTAL PROTECTION PE-6 MONITORING PHYSICAL ACCESS Von Google übernommen
PHYSICAL AND ENVIRONMENTAL PROTECTION PE-6 (1) MONITORING PHYSICAL ACCESS | INTRUSION ALARMS / SURVEILLANCE EQUIPMENT Von Google übernommen
PHYSICAL AND ENVIRONMENTAL PROTECTION PE-8 VISITOR ACCESS RECORDS Von Google übernommen
PHYSICAL AND ENVIRONMENTAL PROTECTION PE-9 POWER EQUIPMENT AND CABLING Von Google übernommen
PHYSICAL AND ENVIRONMENTAL PROTECTION PE-10 EMERGENCY shut off Von Google übernommen
PHYSICAL AND ENVIRONMENTAL PROTECTION PE-11 EMERGENCY POWER Von Google übernommen
PHYSICAL AND ENVIRONMENTAL PROTECTION PE-12 EMERGENCY LIGHTING Von Google übernommen
PHYSICAL AND ENVIRONMENTAL PROTECTION PE-13 FIRE PROTECTION Von Google übernommen
PHYSICAL AND ENVIRONMENTAL PROTECTION PE-13 (2) FIRE PROTECTION | SUPPRESSION DEVICES / SYSTEMS Von Google übernommen
PHYSICAL AND ENVIRONMENTAL PROTECTION PE-13 (3) FIRE PROTECTION | AUTOMATIC FIRE SUPPRESSION
PHYSICAL AND ENVIRONMENTAL PROTECTION PE-14 TEMPERATURE AND HUMIDITY CONTROLS Von Google übernommen
PHYSICAL AND ENVIRONMENTAL PROTECTION PE-14 (2) TEMPERATURE AND HUMIDITY CONTROLS | MONITORING WITH ALARMS / NOTIFICATIONS Von Google übernommen
PHYSICAL AND ENVIRONMENTAL PROTECTION PE-15 WATER DAMAGE PROTECTION Von Google übernommen
PHYSICAL AND ENVIRONMENTAL PROTECTION PE-16 DELIVERY AND REMOVAL Von Google übernommen
PHYSICAL AND ENVIRONMENTAL PROTECTION PE-17 ALTERNATE WORK SITE Von Google übernommen
PLANNING PL-1 SECURITY PLANNING POLICY AND PROCEDURES Kunde
PLANNING PL-2 SYSTEM SECURITY PLAN Von Google übernommen
PLANNING PL-2 (3) SYSTEM SECURITY PLAN | PLAN / COORDINATE WITH OTHER ORGANIZATIONAL ENTITIES Von Google übernommen
PLANNING PL-4 RULES OF BEHAVIOR Von Google übernommen
PLANNING PL-4 (1) RULES OF BEHAVIOR | SOCIAL MEDIA AND NETWORKING RESTRICTIONS Von Google übernommen
PLANNING PL-8 INFORMATION SECURITY ARCHITECTURE Von Google übernommen
PERSONNEL SECURITY PS-1 PERSONNEL SECURITY POLICY AND PROCEDURES Kunde
PERSONNEL SECURITY PS-2 POSITION RISK DESIGNATION Kunde
PERSONNEL SECURITY PS-3 PERSONNEL SCREENING Kunde
PERSONNEL SECURITY PS-3 (3) PERSONNEL SCREENING | INFORMATION WITH SPECIAL PROTECTION MEASURES Kunde
PERSONNEL SECURITY PS-4 PERSONNEL TERMINATION Von Google übernommen
PERSONNEL SECURITY PS-5 PERSONNEL TRANSFER Von Google übernommen
PERSONNEL SECURITY PS-6 ACCESS AGREEMENTS Von Google übernommen
PERSONNEL SECURITY PS-7 THIRD-PARTY PERSONNEL SECURITY Von Google übernommen
PERSONNEL SECURITY PS-8 PERSONNEL SANCTIONS Von Google übernommen
RISK ASSESSMENT RA-1 RISK ASSESSMENT POLICY AND PROCEDURES Kunde
RISK ASSESSMENT RA-2 SECURITY CATEGORIZATION Kunde
RISK ASSESSMENT RA-3 RISK ASSESSMENT Von Google übernommen
RISK ASSESSMENT RA-5 VULNERABILITY SCANNING Von Google übernommen
RISK ASSESSMENT RA-5 (1) VULNERABILITY SCANNING | UPDATE TOOL CAPABILITY Von Google übernommen
RISK ASSESSMENT RA-5 (2) VULNERABILITY SCANNING | UPDATE BY FREQUENCY / PRIOR TO NEW SCAN / WHEN IDENTIFIED Von Google übernommen
RISK ASSESSMENT RA-5 (3) VULNERABILITY SCANNING | BREADTH / DEPTH OF COVERAGE Von Google übernommen
RISK ASSESSMENT RA-5 (5) VULNERABILITY SCANNING | PRIVILEGED ACCESS Von Google übernommen
RISK ASSESSMENT RA-5 (6) VULNERABILITY SCANNING | AUTOMATED TREND ANALYSES Von Google übernommen
RISK ASSESSMENT RA-5 (8) VULNERABILITY SCANNING | REVIEW HISTORIC AUDIT LOGS Von Google übernommen
SYSTEM AND SERVICES ACQUISITION SA-1 SYSTEM AND SERVICES ACQUISITION POLICY AND PROCEDURES Kunde
SYSTEM AND SERVICES ACQUISITION SA-2 ALLOCATION OF RESOURCES Von Google übernommen
SYSTEM AND SERVICES ACQUISITION SA-3 SYSTEM DEVELOPMENT LIFE CYCLE Von Google übernommen
SYSTEM AND SERVICES ACQUISITION SA-4 ACQUISITION PROCESS Von Google übernommen
SYSTEM AND SERVICES ACQUISITION SA-4 (1) ACQUISITION PROCESS | FUNCTIONAL PROPERTIES OF SECURITY CONTROLS Von Google übernommen
SYSTEM AND SERVICES ACQUISITION SA-4 (2) ACQUISITION PROCESS | DESIGN / IMPLEMENTATION INFORMATION FOR SECURITY CONTROLS Von Google übernommen
SYSTEM AND SERVICES ACQUISITION SA-4 (8) ACQUISITION PROCESS | CONTINUOUS MONITORING PLAN Von Google übernommen
SYSTEM AND SERVICES ACQUISITION SA-4 (9) ACQUISITION PROCESS | FUNCTIONS / PORTS / PROTOCOLS / SERVICES IN USE Von Google übernommen
SYSTEM AND SERVICES ACQUISITION SA-4 (10) ACQUISITION PROCESS | USE OF APPROVED PIV PRODUCTS Kunde
SYSTEM AND SERVICES ACQUISITION SA-5 INFORMATION SYSTEM DOCUMENTATION Von Google übernommen
SYSTEM AND SERVICES ACQUISITION SA-8 SECURITY ENGINEERING PRINCIPLES Kunde
SYSTEM AND SERVICES ACQUISITION SA-9 EXTERNAL INFORMATION SYSTEM SERVICES
SYSTEM AND SERVICES ACQUISITION SA-9 (1) EXTERNAL INFORMATION SYSTEMS | RISK ASSESSMENTS / ORGANIZATIONAL APPROVALS
SYSTEM AND SERVICES ACQUISITION SA-9 (2) EXTERNAL INFORMATION SYSTEMS | IDENTIFICATION OF FUNCTIONS / PORTS / PROTOCOLS / SERVICES
SYSTEM AND SERVICES ACQUISITION SA-9 (4) EXTERNAL INFORMATION SYSTEMS | CONSISTENT INTERESTS OF CONSUMERS AND PROVIDERS
SYSTEM AND SERVICES ACQUISITION SA-9 (5) EXTERNAL INFORMATION SYSTEMS | PROCESSING, STORAGE, AND SERVICE LOCATION
SYSTEM AND SERVICES ACQUISITION SA-10 DEVELOPER CONFIGURATION MANAGEMENT Von Google übernommen
SYSTEM AND SERVICES ACQUISITION SA-10 (1) DEVELOPER CONFIGURATION MANAGEMENT | SOFTWARE / FIRMWARE INTEGRITY VERIFICATION Von Google übernommen
SYSTEM AND SERVICES ACQUISITION SA-11 DEVELOPER SECURITY TESTING AND EVALUATION Von Google übernommen
SYSTEM AND SERVICES ACQUISITION SA-11 (1) DEVELOPER SECURITY TESTING AND EVALUATION | STATIC CODE ANALYSIS Kunde
SYSTEM AND SERVICES ACQUISITION SA-11 (2) DEVELOPER SECURITY TESTING AND EVALUATION | THREAT AND VULNERABILITY ANALYSES Von Google übernommen
SYSTEM AND SERVICES ACQUISITION SA-11 (8) DEVELOPER SECURITY TESTING AND EVALUATION | DYNAMIC CODE ANALYSIS Von Google übernommen
SYSTEM AND COMMUNICATIONS PROTECTION SC-1 SYSTEM AND COMMUNICATIONS PROTECTION POLICY AND PROCEDURES Kunde
SYSTEM AND COMMUNICATIONS PROTECTION SC-2 APPLICATION PARTITIONING Von Google übernommen
SYSTEM AND COMMUNICATIONS PROTECTION SC-4 INFORMATION IN SHARED RESOURCES Von Google übernommen
SYSTEM AND COMMUNICATIONS PROTECTION SC-5 DENIAL OF SERVICE PROTECTION Kunde
SYSTEM AND COMMUNICATIONS PROTECTION SC-6 RESOURCE AVAILABILITY Von Google übernommen
SYSTEM AND COMMUNICATIONS PROTECTION SC-7 BOUNDARY PROTECTION Kunde
SYSTEM AND COMMUNICATIONS PROTECTION SC-7 (3) BOUNDARY PROTECTION | ACCESS POINTS Kunde
SYSTEM AND COMMUNICATIONS PROTECTION SC-7 (4) BOUNDARY PROTECTION | EXTERNAL TELECOMMUNICATIONS SERVICES Kunde
SYSTEM AND COMMUNICATIONS PROTECTION SC-7 (5) BOUNDARY PROTECTION | DENY BY DEFAULT / ALLOW BY EXCEPTION Kunde
SYSTEM AND COMMUNICATIONS PROTECTION SC-7 (7) BOUNDARY PROTECTION | PREVENT SPLIT TUNNELING FOR REMOTE DEVICES Von Google übernommen
SYSTEM AND COMMUNICATIONS PROTECTION SC-7 (8) BOUNDARY PROTECTION | ROUTE TRAFFIC TO AUTHENTICATED PROXY SERVERS Kunde
SYSTEM AND COMMUNICATIONS PROTECTION SC-7 (12) BOUNDARY PROTECTION | HOST-BASED PROTECTION Von Google übernommen
SYSTEM AND COMMUNICATIONS PROTECTION SC-7 (13) BOUNDARY PROTECTION | ISOLATION OF SECURITY TOOLS / MECHANISMS / SUPPORT COMPONENTS Von Google übernommen
SYSTEM AND COMMUNICATIONS PROTECTION SC-7 (18) BOUNDARY PROTECTION | FAIL SECURE Kunde
SYSTEM AND COMMUNICATIONS PROTECTION SC-8 TRANSMISSION CONFIDENTIALITY AND INTEGRITY Kunde
SYSTEM AND COMMUNICATIONS PROTECTION SC-8 (1) TRANSMISSION CONFIDENTIALITY AND INTEGRITY | CRYPTOGRAPHIC OR ALTERNATE PHYSICAL PROTECTION Kunde
SYSTEM AND COMMUNICATIONS PROTECTION SC-10 NETWORK DISCONNECT Von Google übernommen
SYSTEM AND COMMUNICATIONS PROTECTION SC-12 CRYPTOGRAPHIC KEY ESTABLISHMENT AND MANAGEMENT Kunde
SYSTEM AND COMMUNICATIONS PROTECTION SC-12 (2) CRYPTOGRAPHIC KEY ESTABLISHMENT AND MANAGEMENT | SYMMETRIC KEYS Von Google übernommen
SYSTEM AND COMMUNICATIONS PROTECTION SC-12 (3) CRYPTOGRAPHIC KEY ESTABLISHMENT AND MANAGEMENT | ASYMMETRIC KEYS Von Google übernommen
SYSTEM AND COMMUNICATIONS PROTECTION SC-13 CRYPTOGRAPHIC PROTECTION Kunde
SYSTEM AND COMMUNICATIONS PROTECTION SC-15 COLLABORATIVE COMPUTING DEVICES
SYSTEM AND COMMUNICATIONS PROTECTION SC-17 PUBLIC KEY INFRASTRUCTURE CERTIFICATES Von Google übernommen
SYSTEM AND COMMUNICATIONS PROTECTION SC-18 MOBILE CODE Von Google übernommen
SYSTEM AND COMMUNICATIONS PROTECTION SC-19 VOICE OVER INTERNET PROTOCOL
SYSTEM AND COMMUNICATIONS PROTECTION SC-20 SECURE NAME /ADDRESS RESOLUTION SERVICE (AUTHORITATIVE SOURCE) Kunde
SYSTEM AND COMMUNICATIONS PROTECTION SC-21 SECURE NAME /ADDRESS RESOLUTION SERVICE (RECURSIVE OR CACHING RESOLVER) Kunde
SYSTEM AND COMMUNICATIONS PROTECTION SC-22 ARCHITECTURE AND PROVISIONING FOR NAME/ADDRESS RESOLUTION SERVICE Von Google übernommen
SYSTEM AND COMMUNICATIONS PROTECTION SC-23 SESSION AUTHENTICITY Kunde
SYSTEM AND COMMUNICATIONS PROTECTION SC-28 PROTECTION OF INFORMATION AT REST Von Google übernommen
SYSTEM AND COMMUNICATIONS PROTECTION SC-28 (1) PROTECTION OF INFORMATION AT REST | CRYPTOGRAPHIC PROTECTION Von Google übernommen
SYSTEM AND COMMUNICATIONS PROTECTION SC-39 PROCESS ISOLATION Von Google übernommen
SYSTEM AND INFORMATION INTEGRITY SI-1 SYSTEM AND INFORMATION INTEGRITY POLICY AND PROCEDURES Kunde
SYSTEM AND INFORMATION INTEGRITY SI-2 FLAW REMEDIATION Von Google übernommen
SYSTEM AND INFORMATION INTEGRITY SI-2 (2) FLAW REMEDIATION | AUTOMATED FLAW REMEDIATION STATUS Von Google übernommen
SYSTEM AND INFORMATION INTEGRITY SI-2 (3) FLAW REMEDIATION | TIME TO REMEDIATE FLAWS / BENCHMARKS FOR CORRECTIVE ACTIONS Von Google übernommen
SYSTEM AND INFORMATION INTEGRITY SI-3 MALICIOUS CODE PROTECTION Kunde
SYSTEM AND INFORMATION INTEGRITY SI-3 (1) MALICIOUS CODE PROTECTION | CENTRAL MANAGEMENT Von Google übernommen
SYSTEM AND INFORMATION INTEGRITY SI-3 (2) MALICIOUS CODE PROTECTION | AUTOMATIC UPDATES Von Google übernommen
SYSTEM AND INFORMATION INTEGRITY SI-3 (7) MALICIOUS CODE PROTECTION | NONSIGNATURE-BASED DETECTION Von Google übernommen
SYSTEM AND INFORMATION INTEGRITY SI-4 INFORMATION SYSTEM MONITORING Von Google übernommen
SYSTEM AND INFORMATION INTEGRITY SI-4 (1) INFORMATION SYSTEM MONITORING | SYSTEM-WIDE INTRUSION DETECTION SYSTEM Von Google übernommen
SYSTEM AND INFORMATION INTEGRITY SI-4 (2) INFORMATION SYSTEM MONITORING | AUTOMATED TOOLS FOR REAL-TIME ANALYSIS Von Google übernommen
SYSTEM AND INFORMATION INTEGRITY SI-4 (4) INFORMATION SYSTEM MONITORING | INBOUND AND OUTBOUND COMMUNICATIONS TRAFFIC Von Google übernommen
SYSTEM AND INFORMATION INTEGRITY SI-4 (5) INFORMATION SYSTEM MONITORING | SYSTEM-GENERATED ALERTS Von Google übernommen
SYSTEM AND INFORMATION INTEGRITY SI-4 (14) INFORMATION SYSTEM MONITORING | WIRELESS INTRUSION DETECTION Von Google übernommen
SYSTEM AND INFORMATION INTEGRITY SI-4 (16) INFORMATION SYSTEM MONITORING | CORRELATE MONITORING INFORMATION Von Google übernommen
SYSTEM AND INFORMATION INTEGRITY SI-4 (23) INFORMATION SYSTEM MONITORING | HOST-BASED DEVICES Von Google übernommen
SYSTEM AND INFORMATION INTEGRITY SI-5 SECURITY ALERTS, ADVISORIES, AND DIRECTIVES Von Google übernommen
SYSTEM AND INFORMATION INTEGRITY SI-6 SECURITY FUNCTION VERIFICATION Von Google übernommen
SYSTEM AND INFORMATION INTEGRITY SI-7 SOFTWARE, FIRMWARE, AND INFORMATION INTEGRITY Von Google übernommen
SYSTEM AND INFORMATION INTEGRITY SI-7 (1) SOFTWARE, FIRMWARE, AND INFORMATION INTEGRITY | INTEGRITY CHECKS Von Google übernommen
SYSTEM AND INFORMATION INTEGRITY SI-7 (7) SOFTWARE, FIRMWARE, AND INFORMATION INTEGRITY | INTEGRATION OF DETECTION AND RESPONSE Von Google übernommen
SYSTEM AND INFORMATION INTEGRITY SI-8 SPAM PROTECTION Von Google übernommen
SYSTEM AND INFORMATION INTEGRITY SI-8 (1) SPAM PROTECTION | CENTRAL MANAGEMENT Von Google übernommen
SYSTEM AND INFORMATION INTEGRITY SI-8 (2) SPAM PROTECTION | AUTOMATIC UPDATES Von Google übernommen
SYSTEM AND INFORMATION INTEGRITY SI-10 INFORMATION INPUT VALIDATION Von Google übernommen
SYSTEM AND INFORMATION INTEGRITY SI-11 ERROR HANDLING Kunde
SYSTEM AND INFORMATION INTEGRITY SI-12 INFORMATION HANDLING AND RETENTION Kunde
SYSTEM AND INFORMATION INTEGRITY SI-16 MEMORY PROTECTION Von Google übernommen

Nächste Schritte