| 💼 SC-1 SYSTEM AND COMMUNICATIONS PROTECTION POLICY AND PROCEDURES | | | | |
| 💼 SC-2 APPLICATION PARTITIONING | 1 | | | |
| 💼 SC-2 (1) INTERFACES FOR NON-PRIVILEGED USERS | | | | |
| 💼 SC-3 SECURITY FUNCTION ISOLATION | 5 | | | |
| 💼 SC-3 (1) HARDWARE SEPARATION | | | | |
| 💼 SC-3 (2) ACCESS _ FLOW CONTROL FUNCTIONS | | | | |
| 💼 SC-3 (3) MINIMIZE NONSECURITY FUNCTIONALITY | | | | |
| 💼 SC-3 (4) MODULE COUPLING AND COHESIVENESS | | | | |
| 💼 SC-3 (5) LAYERED STRUCTURES | | | | |
| 💼 SC-4 INFORMATION IN SHARED RESOURCES | 2 | | | |
| 💼 SC-4 (1) SECURITY LEVELS | | | | |
| 💼 SC-4 (2) PERIODS PROCESSING | | | | |
| 💼 SC-5 DENIAL OF SERVICE PROTECTION | 3 | | | |
| 💼 SC-5 (1) RESTRICT INTERNAL USERS | | | | |
| 💼 SC-5 (2) EXCESS CAPACITY _ BANDWIDTH _ REDUNDANCY | | | | |
| 💼 SC-5 (3) DETECTION _ MONITORING | | | | |
| 💼 SC-6 RESOURCE AVAILABILITY | | | | |
| 💼 SC-7 BOUNDARY PROTECTION | 23 | 5 | 6 | |
| 💼 SC-7 (1) PHYSICALLY SEPARATED SUBNETWORKS | | | | |
| 💼 SC-7 (2) PUBLIC ACCESS | | | | |
| 💼 SC-7 (3) ACCESS POINTS | | | | |
| 💼 SC-7 (4) EXTERNAL TELECOMMUNICATIONS SERVICES | | | | |
| 💼 SC-7 (5) DENY BY DEFAULT _ ALLOW BY EXCEPTION | | | | |
| 💼 SC-7 (6) RESPONSE TO RECOGNIZED FAILURES | | | | |
| 💼 SC-7 (7) PREVENT SPLIT TUNNELING FOR REMOTE DEVICES | | | | |
| 💼 SC-7 (8) ROUTE TRAFFIC TO AUTHENTICATED PROXY SERVERS | | | | |
| 💼 SC-7 (9) RESTRICT THREATENING OUTGOING COMMUNICATIONS TRAFFIC | | | | |
| 💼 SC-7 (10) PREVENT UNAUTHORIZED EXFILTRATION | | | | |
| 💼 SC-7 (11) RESTRICT INCOMING COMMUNICATIONS TRAFFIC | | | | |
| 💼 SC-7 (12) HOST-BASED PROTECTION | | | | |
| 💼 SC-7 (13) ISOLATION OF SECURITY TOOLS _ MECHANISMS _ SUPPORT COMPONENTS | | | | |
| 💼 SC-7 (14) PROTECTS AGAINST UNAUTHORIZED PHYSICAL CONNECTIONS | | | | |
| 💼 SC-7 (15) ROUTE PRIVILEGED NETWORK ACCESSES | | | | |
| 💼 SC-7 (16) PREVENT DISCOVERY OF COMPONENTS _ DEVICES | | | | |
| 💼 SC-7 (17) AUTOMATED ENFORCEMENT OF PROTOCOL FORMATS | | | | |
| 💼 SC-7 (18) FAIL SECURE | | | | |
| 💼 SC-7 (19) BLOCKS COMMUNICATION FROM NON-ORGANIZATIONALLY CONFIGURED HOSTS | | | | |
| 💼 SC-7 (20) DYNAMIC ISOLATION _ SEGREGATION | | | | |
| 💼 SC-7 (21) ISOLATION OF INFORMATION SYSTEM COMPONENTS | | | | |
| 💼 SC-7 (22) SEPARATE SUBNETS FOR CONNECTING TO DIFFERENT SECURITY DOMAINS | | | | |
| 💼 SC-7 (23) DISABLE SENDER FEEDBACK ON PROTOCOL VALIDATION FAILURE | | | | |
| 💼 SC-8 TRANSMISSION CONFIDENTIALITY AND INTEGRITY | 4 | 2 | 2 | |
| 💼 SC-8 (1) CRYPTOGRAPHIC OR ALTERNATE PHYSICAL PROTECTION | | | | |
| 💼 SC-8 (2) PRE _ POST TRANSMISSION HANDLING | | | | |
| 💼 SC-8 (3) CRYPTOGRAPHIC PROTECTION FOR MESSAGE EXTERNALS | | | | |
| 💼 SC-8 (4) CONCEAL _ RANDOMIZE COMMUNICATIONS | | | | |
| 💼 SC-9 TRANSMISSION CONFIDENTIALITY | | | | |
| 💼 SC-10 NETWORK DISCONNECT | | | | |
| 💼 SC-11 TRUSTED PATH | 1 | | | |
| 💼 SC-11 (1) LOGICAL ISOLATION | | | | |
| 💼 SC-12 CRYPTOGRAPHIC KEY ESTABLISHMENT AND MANAGEMENT | 5 | 4 | 4 | |
| 💼 SC-12 (1) AVAILABILITY | | | | |
| 💼 SC-12 (2) SYMMETRIC KEYS | | 1 | 1 | |
| 💼 SC-12 (3) ASYMMETRIC KEYS | | 1 | 1 | |
| 💼 SC-12 (4) PKI CERTIFICATES | | | | |
| 💼 SC-12 (5) PKI CERTIFICATES _ HARDWARE TOKENS | | | | |
| 💼 SC-13 CRYPTOGRAPHIC PROTECTION | 4 | 1 | 1 | |
| 💼 SC-13 (1) FIPS-VALIDATED CRYPTOGRAPHY | | | | |
| 💼 SC-13 (2) NSA-APPROVED CRYPTOGRAPHY | | | | |
| 💼 SC-13 (3) INDIVIDUALS WITHOUT FORMAL ACCESS APPROVALS | | | | |
| 💼 SC-13 (4) DIGITAL SIGNATURES | | | | |
| 💼 SC-14 PUBLIC ACCESS PROTECTIONS | | | | |
| 💼 SC-15 COLLABORATIVE COMPUTING DEVICES | 4 | | | |
| 💼 SC-15 (1) PHYSICAL DISCONNECT | | | | |
| 💼 SC-15 (2) BLOCKING INBOUND _ OUTBOUND COMMUNICATIONS TRAFFIC | | | | |
| 💼 SC-15 (3) DISABLING _ REMOVAL IN SECURE WORK AREAS | | | | |
| 💼 SC-15 (4) EXPLICITLY INDICATE CURRENT PARTICIPANTS | | | | |
| 💼 SC-16 TRANSMISSION OF SECURITY ATTRIBUTES | 1 | | | |
| 💼 SC-16 (1) INTEGRITY VALIDATION | | | | |
| 💼 SC-17 PUBLIC KEY INFRASTRUCTURE CERTIFICATES | | 2 | 2 | |
| 💼 SC-18 MOBILE CODE | 5 | | | |
| 💼 SC-18 (1) IDENTIFY UNACCEPTABLE CODE _ TAKE CORRECTIVE ACTIONS | | | | |
| 💼 SC-18 (2) ACQUISITION _ DEVELOPMENT _ USE | | | | |
| 💼 SC-18 (3) PREVENT DOWNLOADING _ EXECUTION | | | | |
| 💼 SC-18 (4) PREVENT AUTOMATIC EXECUTION | | | | |
| 💼 SC-18 (5) ALLOW EXECUTION ONLY IN CONFINED ENVIRONMENTS | | | | |
| 💼 SC-19 VOICE OVER INTERNET PROTOCOL | | | | |
| 💼 SC-20 SECURE NAME _ ADDRESS RESOLUTION SERVICE (AUTHORITATIVE SOURCE) | 2 | | | |
| 💼 SC-20 (1) CHILD SUBSPACES | | | | |
| 💼 SC-20 (2) DATA ORIGIN _ INTEGRITY | | | | |
| 💼 SC-21 SECURE NAME _ ADDRESS RESOLUTION SERVICE (RECURSIVE OR CACHING RESOLVER) | 1 | | | |
| 💼 SC-21 (1) DATA ORIGIN _ INTEGRITY | | | | |
| 💼 SC-22 ARCHITECTURE AND PROVISIONING FOR NAME _ ADDRESS RESOLUTION SERVICE | | | | |
| 💼 SC-23 SESSION AUTHENTICITY | 4 | | | |
| 💼 SC-23 (1) INVALIDATE SESSION IDENTIFIERS AT LOGOUT | | | | |
| 💼 SC-23 (2) USER-INITIATED LOGOUTS _ MESSAGE DISPLAYS | | | | |
| 💼 SC-23 (4) UNIQUE SESSION IDENTIFIERS WITH RANDOMIZATION | | | | |
| 💼 SC-23 (5) ALLOWED CERTIFICATE AUTHORITIES | | | | |
| 💼 SC-24 FAIL IN KNOWN STATE | | | | |
| 💼 SC-25 THIN NODES | | | | |
| 💼 SC-26 HONEYPOTS | 1 | | | |
| 💼 SC-26 (1) DETECTION OF MALICIOUS CODE | | | | |
| 💼 SC-27 PLATFORM-INDEPENDENT APPLICATIONS | | | | |
| 💼 SC-28 PROTECTION OF INFORMATION AT REST | 2 | 3 | 3 | |
| 💼 SC-28 (1) CRYPTOGRAPHIC PROTECTION | | | | |
| 💼 SC-28 (2) OFF-LINE STORAGE | | | | |
| 💼 SC-29 HETEROGENEITY | 1 | | | |
| 💼 SC-29 (1) VIRTUALIZATION TECHNIQUES | | | | |
| 💼 SC-30 CONCEALMENT AND MISDIRECTION | 5 | | | |
| 💼 SC-30 (1) VIRTUALIZATION TECHNIQUES | | | | |
| 💼 SC-30 (2) RANDOMNESS | | | | |
| 💼 SC-30 (3) CHANGE PROCESSING _ STORAGE LOCATIONS | | | | |
| 💼 SC-30 (4) MISLEADING INFORMATION | | | | |
| 💼 SC-30 (5) CONCEALMENT OF SYSTEM COMPONENTS | | | | |
| 💼 SC-31 COVERT CHANNEL ANALYSIS | 3 | | | |
| 💼 SC-31 (1) TEST COVERT CHANNELS FOR EXPLOITABILITY | | | | |
| 💼 SC-31 (2) MAXIMUM BANDWIDTH | | | | |
| 💼 SC-31 (3) MEASURE BANDWIDTH IN OPERATIONAL ENVIRONMENTS | | | | |
| 💼 SC-32 INFORMATION SYSTEM PARTITIONING | | | | |
| 💼 SC-33 TRANSMISSION PREPARATION INTEGRITY | | | | |
| 💼 SC-34 NON-MODIFIABLE EXECUTABLE PROGRAMS | 3 | | | |
| 💼 SC-34 (1) NO WRITABLE STORAGE | | | | |
| 💼 SC-34 (2) INTEGRITY PROTECTION _ READ-ONLY MEDIA | | | | |
| 💼 SC-34 (3) HARDWARE-BASED PROTECTION | | | | |
| 💼 SC-35 HONEYCLIENTS | | | | |
| 💼 SC-36 DISTRIBUTED PROCESSING AND STORAGE | 1 | | | |
| 💼 SC-36 (1) POLLING TECHNIQUES | | | | |
| 💼 SC-37 OUT-OF-BAND CHANNELS | 1 | | | |
| 💼 SC-37 (1) ENSURE DELIVERY _ TRANSMISSION | | | | |
| 💼 SC-38 OPERATIONS SECURITY | | | | |
| 💼 SC-39 PROCESS ISOLATION | 2 | | | |
| 💼 SC-39 (1) HARDWARE SEPARATION | | | | |
| 💼 SC-39 (2) THREAD ISOLATION | | | | |
| 💼 SC-40 WIRELESS LINK PROTECTION | 4 | | | |
| 💼 SC-40 (1) ELECTROMAGNETIC INTERFERENCE | | | | |
| 💼 SC-40 (2) REDUCE DETECTION POTENTIAL | | | | |
| 💼 SC-40 (3) IMITATIVE OR MANIPULATIVE COMMUNICATIONS DECEPTION | | | | |
| 💼 SC-40 (4) SIGNAL PARAMETER IDENTIFICATION | | | | |
| 💼 SC-41 PORT AND I_O DEVICE ACCESS | | | | |
| 💼 SC-42 SENSOR CAPABILITY AND DATA | 3 | | | |
| 💼 SC-42 (1) REPORTING TO AUTHORIZED INDIVIDUALS OR ROLES | | | | |
| 💼 SC-42 (2) AUTHORIZED USE | | | | |
| 💼 SC-42 (3) PROHIBIT USE OF DEVICES | | | | |
| 💼 SC-43 USAGE RESTRICTIONS | | | | |
| 💼 SC-44 DETONATION CHAMBERS | | | | |