O'Reilly logo

Risk Management Framework by James Broad

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Appendix B: Control Families and Classes

The following table lists the eighteen control families and each control’s associated class: operational, managerial, or technical. The two-letter identifier for each family is also listed. All the families in this table are closely related to the seventeen minimum security requirements for federal information and information systems required by FISMA that are detailed in FIPS 200, with the exception of Program Management (PM). The PM family provides organizational-level security controls that are normally not implemented by information systems but rather by the overall organization.

IdFamilyClass
ACAccess ControlTechnical
ATAwareness and TrainingOperational
AUAudit and AccountabilityTechnical
CASecurity Assessment ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required