• xPriority: P1: Implement P1 security controls first.
IDNameBaselinesPriorityThreats
LowModerateHigh
AC-1Access Control Policy And Procedures
  • P1
STRIDE-LM
AC-2Account Management
  • P1
STRIDE-LM
(1)Automated System Account Management 
  • P1
STRIDE-LM
(2)Removal Of Temporary / Emergency Accounts 
  • P1
STRIDE-LM
(3)Disable Inactive Accounts 
  • P1
STRIDE-LM
(4)Automated Audit Actions 
  • P1
STRIDE-LM
(5)Inactivity Logout  
  • P1
STRIDE-LM
(6)Dynamic Privilege Management   
  • P1
STRIDE-LM
(7)Role-Based Schemes   
  • P1
STRIDE-LM
(8)Dynamic Account Creation   
  • P1
STRIDE-LM
(9)Restrictions On Use Of Shared / Group Accounts   
  • P1
STRIDE-LM
(10)Shared / Group Account Credential Termination   
  • P1
STRIDE-LM
(11)Usage Conditions  
  • P1
STRIDE-LM
(12)Account Monitoring / Atypical Usage  
  • P1
STRIDE-LM
(13)Disable Accounts For High-Risk Individuals  
  • P1
STRIDE-LM
AC-3Access Enforcement
  • P1
STRIDE-LM
(2)Dual Authorization   
  • P1
STRIDE-LM
(3)Mandatory Access Control   
  • P1
STRIDE-LM
(4)Discretionary Access Control   
  • P1
STRIDE-LM
(5)Security-Relevant Information   
  • P1
STRIDE-LM
(7)Role-Based Access Control   
  • P1
STRIDE-LM
(8)Revocation Of Access Authorizations   
  • P1
STRIDE-LM
(9)Controlled Release   
  • P1
STRIDE-LM
(10)Audited Override Of Access Control Mechanisms   
  • P1
STRIDE-LM
AC-4Information Flow Enforcement 
  • P1
STRIDE-LM
(1)Object Security Attributes   
  • P1
STRIDE-LM
(2)Processing Domains   
  • P1
STRIDE-LM
(3)Dynamic Information Flow Control   
  • P1
STRIDE-LM
(4)Content Check Encrypted Information   
  • P1
STRIDE-LM
(5)Embedded Data Types   
  • P1
STRIDE-LM
(6)Metadata   
  • P1
STRIDE-LM
(7)One-Way Flow Mechanisms   
  • P1
STRIDE-LM
(8)Security Policy Filters   
  • P1
STRIDE-LM
(9)Human Reviews   
  • P1
STRIDE-LM
(10)Enable / Disable Security Policy Filters   
  • P1
STRIDE-LM
(11)Configuration Of Security Policy Filters   
  • P1
STRIDE-LM
(12)Data Type Identifiers   
  • P1
STRIDE-LM
(13)Decomposition Into Policy-Relevant Subcomponents   
  • P1
STRIDE-LM
(14)Security Policy Filter Constraints   
  • P1
STRIDE-LM
(15)Detection Of Unsanctioned Information   
  • P1
STRIDE-LM
(17)Domain Authentication   
  • P1
STRIDE-LM
(18)Security Attribute Binding   
  • P1
STRIDE-LM
(19)Validation Of Metadata   
  • P1
STRIDE-LM
(20)Approved Solutions   
  • P1
STRIDE-LM
(21)Physical / Logical Separation Of Information Flows   
  • P1
STRIDE-LM
(22)Access Only   
  • P1
STRIDE-LM
AC-5Separation Of Duties 
  • P1
STRIDE-LM
AC-6Least Privilege 
  • P1
STRIDE-LM
(1)Authorize Access To Security Functions 
  • P1
STRIDE-LM
(2)Non-Privileged Access For Nonsecurity Functions 
  • P1
STRIDE-LM