Federal Information Security Management Act of 2002/Catalogs

	Main Article	Discussion	Related Articles  [?]	Bibliography  [?]	External Links  [?]	Citable Version  [?]	Catalogs [?]
	An informational catalog, or several catalogs, about Federal Information Security Management Act of 2002.

Baseline common controls at low impact

A low-impact system must have impairment to availability, confidentiality and integrity all rated in the low category of FIPS 199: "limited adverse effect on organizational operations, organizational assets, or individuals," causing minor degradation, financial loss, or harm to individuals. ^[1]

• Access control
  • AC-1, Access Control Policies and Procedures
  • AC-2, Account management
  • AC-3, Access enforcement
  • AC-7, unsuccessful login attempts
  • AC-8, system use notification
  • AC-14, permitted use without identification or authentication
  • AC-17, remote access controls
  • AC-18, wireless access controls
  • AC-19, access controls for mobile devices
  • AC-20, external information systems
  • AC-22, publicly accessible content
• Awareness and training
• Audit and accountability
• Security assessment and authorization
• Configuration management
• Contingency planning
• Identification and authentication
• Incident response
• Maintenance
• Media protection
• Physical and environmental protection
• Security planning
• Personnel security
• Information system risk assessment
• Information system and services acquisition
• Information system and communications protection
• Information system and integity
  • SI-1, policy and procedures
  • SI-2, flaw remediation
  • SI-3, Malicious code protection