SYSTEM and COMMUNICATIONS PROTECTION

• Policy and Procedures
• Separation of System and User Functionality
• Security Function Isolation
• Information in Shared System Resources
• Denial-of-Service Protection
• Resource Availability
• Boundary Protection
• Transmission Confidentiality and Integrity
• Network Disconnect
• Trusted Path
• Cryptographic Key Establishment and Management
• Cryptographic Protection
• Collaborative Computing Devices and Applications
• Transmission of Security and Privacy Attributes
• Public Key Infrastructure Certificates
• Mobile Code
• Secure Name/Address Resolution Service (Authoritative Source)
• Secure Name/Address Resolution Service (Recursive or Caching Resolver)
• Architecture and Provisioning for Name/Address Resolution Service
• Session Authenticity
• Fail in Known State
• Thin Nodes
• Decoys
• Platform-Independent Applications
• Protection of Information at Rest
• Heterogeneity
• Concealment and Misdirection
• Covert Channel Analysis
• System Partitioning
• Non-Modifiable Executable Programs
• External Malicious Code Identification
• Distributed Processing and Storage
• Out-of-Band Channels
• Operations Security
• Process Isolation
• Wireless Link Protection
• Port and I/O Device Access
• Sensor Capability and Data
• Usage Restrictions
• Detonation Chambers
• System Time Synchronization
• Cross Domain Policy Enforcement
• Alternate Communications Paths
• Sensor Relocation
• Hardware-Enforced Separation and Policy Enforcement
• Software-Enforced Separation and Policy Enforcement
• Hardware-Based Protection

The SYSTEM and COMMUNICATIONS PROTECTION Playbook is included in the Security and Privacy Controls for Information Systems and Organizations (NIST 80-53) Library which has been developed by the U.S. Department of Commerce's  National Institute of Standards and Technology (NIST).  It establishes controls for systems and organizations. The controls can be implemented within any organization or system that processes, stores, or transmits information.