AU-16(2)Sharing of Audit Information    STRIDE-LM
    (3)Disassociability    STRIDE-LM
    CA-1Policy and ProceduresSTRIDE-LM
    CA-2Control AssessmentsSTRIDE-LM
    (1)Independent Assessors  STRIDE-LM
    (2)Specialized Assessments   STRIDE-LM
    (3)Leveraging Results from External Organizations    STRIDE-LM
    CA-3Information Exchange STRIDE-LM
    (6)Transfer Authorizations   STRIDE-LM
    (7)Transitive Information Exchanges    STRIDE-LM
    CA-5Plan of Action and MilestonesSTRIDE-LM
    (1)Automation Support for Accuracy and Currency    STRIDE-LM
    (1)Joint Authorization - Intra-organization    STRIDE-LM
    (2)Joint Authorization - Inter-organization    STRIDE-LM
    CA-7Continuous MonitoringSTRIDE-LM
    (1)Independent Assessment  STRIDE-LM
    (3)Trend Analyses    STRIDE-LM
    (4)Risk MonitoringSTRIDE-LM
    (5)Consistency Analysis    STRIDE-LM
    (6)Automation Support for Monitoring    STRIDE-LM
    CA-8Penetration Testing   STRIDE-LM
    (1)Independent Penetration Testing Agent or Team   STRIDE-LM
    (2)Red Team Exercises    STRIDE-LM
    (3)Facility Penetration Testing    STRIDE-LM
    CA-9Internal System Connections STRIDE-LM
    (1)Compliance Checks    STRIDE-LM
    CM-1Policy and ProceduresSTRIDE-LM
    CM-2Baseline Configuration STRIDE-LM
    (2)Automation Support for Accuracy and Currency  STRIDE-LM
    (3)Retention of Previous Configurations  STRIDE-LM
    (6)Development and Test Environments    STRIDE-LM
    (7)Configure Systems and Components for High-risk Areas  STRIDE-LM
    CM-3Configuration Change Control  STRIDE-LM
    (1)Automated Documentation, Notification, and Prohibition of Changes   STRIDE-LM
    (2)Testing, Validation, and Documentation of Changes  STRIDE-LM
    (3)Automated Change Implementation    STRIDE-LM
    (4)Security and Privacy Representatives  STRIDE-LM
    (5)Automated Security Response    STRIDE-LM
    (6)Cryptography Management   STRIDE-LM
    (7)Review System Changes    STRIDE-LM
    (8)Prevent or Restrict Configuration Changes    STRIDE-LM
    CM-4Impact AnalysesSTRIDE-LM
    (1)Separate Test Environments   STRIDE-LM
    (2)Verification of Controls  STRIDE-LM
    CM-5Access Restrictions for Change STRIDE-LM
    (1)Automated Access Enforcement and Audit Records   STRIDE-LM
    (4)Dual Authorization    STRIDE-LM
    (5)Privilege Limitation for Production and Operation    STRIDE-LM
    (6)Limit Library Privileges    STRIDE-LM