Overview
  1. 03.01: Access Control
  2. 03.02: Awareness and Training
  3. 03.03: Audit and Accountability
  4. 03.04: Configuration Management
  5. 03.05: Identification and Authentication
  6. 03.06: Incident Response
  7. 03.07: Maintenance
  8. 03.08: Media Protection
  9. 03.09: Personnel Security
  10. 03.10: Physical Protection
  11. 03.11: Risk Assessment
  12. 03.12: Security Assessment and Monitoring
  13. 03.13: System and Communications Protection
  14. 03.14: System and Information Integrity

Requirements for 03.13: System and Communications Protection

Requirements from NIST 800-171 R2

  1. 03.13.01: Boundary Protection

  2. 03.13.02: System Security Engineering

  3. 03.13.03: User and System Functionality

  4. 03.13.04: Information in Shared System Resources

  5. 03.13.05: Subnetworks

  6. 03.13.06: Network Communications – Deny by Default – Allow by Exception

  7. 03.13.07: Split Tunneling

  8. 03.13.08: Transmission and Storage Confidentiality

  9. 03.13.09: Network Disconnect

  10. 03.13.10: Cryptographic Key Establishment and Management

  11. 03.13.11: Cryptographic Protection

  12. 03.13.12: Collaborative Computing Devices and Applications

  13. 03.13.13: Mobile Code

  14. 03.13.14: Voice over Internet Protocols

  15. 03.13.15: Session Authenticity

  16. 03.13.16: CUI at Rest Confidentiality