IDNameBaselinesThreats
    LowModerateHighPrivacy
    AC-1Policy and ProceduresSTRIDE-LM
    AC-2Account Management STRIDE-LM
    (1)Automated System Account Management  STRIDE-LM
    (2)Automated Temporary and Emergency Account Management  STRIDE-LM
    (3)Disable Accounts  STRIDE-LM
    (4)Automated Audit Actions  STRIDE-LM
    (5)Inactivity Logout  STRIDE-LM
    (6)Dynamic Privilege Management    STRIDE-LM
    (7)Privileged User Accounts    STRIDE-LM
    (8)Dynamic Account Management    STRIDE-LM
    (9)Restrictions on Use of Shared and Group Accounts    STRIDE-LM
    (11)Usage Conditions   STRIDE-LM
    (12)Account Monitoring for Atypical Usage   STRIDE-LM
    (13)Disable Accounts for High-risk Individuals  STRIDE-LM
    AC-3Access Enforcement STRIDE-LM
    (2)Dual Authorization    STRIDE-LM
    (3)Mandatory Access Control    STRIDE-LM
    (4)Discretionary Access Control    STRIDE-LM
    (5)Security-relevant Information    STRIDE-LM
    (7)Role-based Access Control    STRIDE-LM
    (8)Revocation of Access Authorizations    STRIDE-LM
    (9)Controlled Release    STRIDE-LM
    (10)Audited Override of Access Control Mechanisms    STRIDE-LM
    (11)Restrict Access to Specific Information Types    STRIDE-LM
    (12)Assert and Enforce Application Access    STRIDE-LM
    (13)Attribute-based Access Control    STRIDE-LM
    (14)Individual Access   STRIDE-LM
    (15)Discretionary and Mandatory Access Control    STRIDE-LM
    AC-4Information Flow Enforcement  STRIDE-LM
    (1)Object Security and Privacy Attributes    STRIDE-LM
    (2)Processing Domains    STRIDE-LM
    (3)Dynamic Information Flow Control    STRIDE-LM
    (4)Flow Control of Encrypted Information   STRIDE-LM
    (5)Embedded Data Types    STRIDE-LM
    (6)Metadata    STRIDE-LM
    (7)One-way Flow Mechanisms    STRIDE-LM
    (8)Security and Privacy Policy Filters    STRIDE-LM
    (9)Human Reviews    STRIDE-LM
    (10)Enable and Disable Security or Privacy Policy Filters    STRIDE-LM
    (11)Configuration of Security or Privacy Policy Filters    STRIDE-LM
    (12)Data Type Identifiers    STRIDE-LM
    (13)Decomposition into Policy-relevant Subcomponents    STRIDE-LM
    (14)Security or Privacy Policy Filter Constraints    STRIDE-LM
    (15)Detection of Unsanctioned Information    STRIDE-LM
    (17)Domain Authentication    STRIDE-LM
    (19)Validation of Metadata    STRIDE-LM
    (20)Approved Solutions    STRIDE-LM
    (21)Physical or Logical Separation of Information Flows    STRIDE-LM
    (22)Access Only    STRIDE-LM
    (23)Modify Non-releasable Information    STRIDE-LM