CJIS Security Policy Resource Center
Loading
Download CJIS_Security_Policy_v6-0_20241227 (1).pdf — 4451 KB
[{"dest": {"list": [{"ref": 1}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 1, "sub": [], "pageno": 1, "title": "Executive Summary"}, {"dest": {"list": [{"ref": 3}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 1, "sub": [], "pageno": 2, "title": "Change Management"}, {"dest": {"list": [{"ref": 5}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 1, "sub": [], "pageno": 3, "title": "Summary of Changes"}, {"dest": {"list": [{"ref": 9}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 1, "sub": [], "pageno": 5, "title": "Table of Contents"}, {"dest": {"list": [{"ref": 39}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 1, "sub": [], "pageno": 15, "title": "List of Figures"}, {"dest": {"list": [{"ref": 42}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 1, "sub": [], "pageno": 16, "title": "List of Priorities"}, {"dest": {"list": [{"ref": 52}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 1, "sub": [], "pageno": 21, "title": "1 Introduction"}, {"dest": {"list": [{"ref": 52}, {"literal": "XYZ"}, {"number": 70}, {"number": 654}, {"number": 0.0}], "size": 5}, "level": 2, "sub": [], "pageno": 21, "title": "1.1 Purpose"}, {"dest": {"list": [{"ref": 52}, {"literal": "XYZ"}, {"number": 70}, {"number": 523}, {"number": 0.0}], "size": 5}, "level": 2, "sub": [], "pageno": 21, "title": "1.2 Scope"}, {"dest": {"list": [{"ref": 52}, {"literal": "XYZ"}, {"number": 70}, {"number": 386}, {"number": 0.0}], "size": 5}, "level": 2, "sub": [], "pageno": 21, "title": "1.3 Relationship to Local Security Policy and Other Policies"}, {"dest": {"list": [{"ref": 52}, {"literal": "XYZ"}, {"number": 70}, {"number": 194}, {"number": 0.0}], "size": 5}, "level": 2, "sub": [], "pageno": 21, "title": "1.4 Terminology Used in This Document"}, {"dest": {"list": [{"ref": 54}, {"literal": "XYZ"}, {"number": 70}, {"number": 384}, {"number": 0.0}], "size": 5}, "level": 2, "sub": [], "pageno": 22, "title": "1.5 Distribution of the CJIS Security Policy"}, {"dest": {"list": [{"ref": 56}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 1, "sub": [], "pageno": 23, "title": "2 CJIS Security Policy Approach"}, {"dest": {"list": [{"ref": 56}, {"literal": "XYZ"}, {"number": 70}, {"number": 640}, {"number": 0.0}], "size": 5}, "level": 2, "sub": [], "pageno": 23, "title": "2.1 CJIS Security Policy Vision Statement"}, {"dest": {"list": [{"ref": 56}, {"literal": "XYZ"}, {"number": 70}, {"number": 550}, {"number": 0.0}], "size": 5}, "level": 2, "sub": [], "pageno": 23, "title": "2.2 Architecture Independent"}, {"dest": {"list": [{"ref": 56}, {"literal": "XYZ"}, {"number": 70}, {"number": 406}, {"number": 0.0}], "size": 5}, "level": 2, "sub": [], "pageno": 23, "title": "2.3 Risk Versus Realism"}, {"dest": {"list": [{"ref": 58}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 1, "sub": [], "pageno": 24, "title": "3 Roles and Responsibilities"}, {"dest": {"list": [{"ref": 58}, {"literal": "XYZ"}, {"number": 70}, {"number": 688}, {"number": 0.0}], "size": 5}, "level": 2, "sub": [], "pageno": 24, "title": "3.1 Shared Management Philosophy"}, {"dest": {"list": [{"ref": 58}, {"literal": "XYZ"}, {"number": 70}, {"number": 441}, {"number": 0.0}], "size": 5}, "level": 2, "sub": [], "pageno": 24, "title": "3.2 Roles and Responsibilities for Agencies and Parties"}, {"dest": {"list": [{"ref": 62}, {"literal": "XYZ"}, {"number": 70}, {"number": 443}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 25, "title": "3.2.1 CJIS Systems Agencies (CSA)"}, {"dest": {"list": [{"ref": 62}, {"literal": "XYZ"}, {"number": 70}, {"number": 342}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 25, "title": "3.2.2 CJIS Systems Officer (CSO)"}, {"dest": {"list": [{"ref": 64}, {"literal": "XYZ"}, {"number": 70}, {"number": 344}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 26, "title": "3.2.3 Terminal Agency Coordinator (TAC)"}, {"dest": {"list": [{"ref": 64}, {"literal": "XYZ"}, {"number": 70}, {"number": 271}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 26, "title": "3.2.4 Criminal Justice Agency (CJA)"}, {"dest": {"list": [{"ref": 64}, {"literal": "XYZ"}, {"number": 70}, {"number": 184}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 26, "title": "3.2.5 Noncriminal Justice Agency (NCJA)"}, {"dest": {"list": [{"ref": 66}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 27, "title": "3.2.6 Contracting Agency (CA)"}, {"dest": {"list": [{"ref": 66}, {"literal": "XYZ"}, {"number": 70}, {"number": 625}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 27, "title": "3.2.7 Agency Coordinator (AC)"}, {"dest": {"list": [{"ref": 66}, {"literal": "XYZ"}, {"number": 70}, {"number": 188}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 27, "title": "3.2.8 CJIS Systems Agency Information Security Officer (CSA ISO)"}, {"dest": {"list": [{"ref": 68}, {"literal": "XYZ"}, {"number": 70}, {"number": 639}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 28, "title": "3.2.9 Organizational Personnel with Security Responsibilities"}, {"dest": {"list": [{"ref": 68}, {"literal": "XYZ"}, {"number": 70}, {"number": 439}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 28, "title": "3.2.10 FBI CJIS Division Information Security Officer (FBI CJIS ISO)"}, {"dest": {"list": [{"ref": 68}, {"literal": "XYZ"}, {"number": 70}, {"number": 158}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 28, "title": "3.2.11 Repository Manager"}, {"dest": {"list": [{"ref": 70}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 29, "title": "3.2.12 IA Official"}, {"dest": {"list": [{"ref": 70}, {"literal": "XYZ"}, {"number": 70}, {"number": 653}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 29, "title": "3.2.13 State Compact Officer (SCO)"}, {"dest": {"list": [{"ref": 72}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 1, "sub": [], "pageno": 30, "title": "4 Criminal Justice Information and Personally Identifiable Information"}, {"dest": {"list": [{"ref": 72}, {"literal": "XYZ"}, {"number": 70}, {"number": 669}, {"number": 0.0}], "size": 5}, "level": 2, "sub": [], "pageno": 30, "title": "4.1 Criminal Justice Information (CJI)"}, {"dest": {"list": [{"ref": 72}, {"literal": "XYZ"}, {"number": 70}, {"number": 248}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 30, "title": "4.1.1 Criminal History Record Information (CHRI)"}, {"dest": {"list": [{"ref": 74}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 2, "sub": [], "pageno": 31, "title": "4.2 Access, Use and Dissemination of Criminal History Record Information (CHRI), NCIC Restricted Files Information, and NCIC Non-Restricted Files Information"}, {"dest": {"list": [{"ref": 74}, {"literal": "XYZ"}, {"number": 70}, {"number": 632}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 31, "title": "4.2.1 Proper Access, Use, and Dissemination of CHRI"}, {"dest": {"list": [{"ref": 74}, {"literal": "XYZ"}, {"number": 70}, {"number": 504}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 31, "title": "4.2.2 Proper Access, Use, and Dissemination of NCIC Restricted Files Information"}, {"dest": {"list": [{"ref": 74}, {"literal": "XYZ"}, {"number": 70}, {"number": 171}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 31, "title": "4.2.3 Proper Access, Use, and Dissemination of NCIC Non-Restricted Files Information"}, {"dest": {"list": [{"ref": 74}, {"literal": "XYZ"}, {"number": 70}, {"number": 132}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 31, "title": "4.2.3.1 For Official Purposes"}, {"dest": {"list": [{"ref": 76}, {"literal": "XYZ"}, {"number": 70}, {"number": 673}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 32, "title": "4.2.3.2 For Other Authorized Purposes"}, {"dest": {"list": [{"ref": 76}, {"literal": "XYZ"}, {"number": 70}, {"number": 512}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 32, "title": "4.2.3.3 CSO Authority in Other Circumstances"}, {"dest": {"list": [{"ref": 76}, {"literal": "XYZ"}, {"number": 70}, {"number": 454}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 32, "title": "4.2.4 Storage"}, {"dest": {"list": [{"ref": 76}, {"literal": "XYZ"}, {"number": 70}, {"number": 367}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 32, "title": "4.2.5 Justification and Penalties"}, {"dest": {"list": [{"ref": 76}, {"literal": "XYZ"}, {"number": 70}, {"number": 341}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 32, "title": "4.2.5.1 Justification"}, {"dest": {"list": [{"ref": 76}, {"literal": "XYZ"}, {"number": 70}, {"number": 269}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 32, "title": "4.2.5.2 Penalties"}, {"dest": {"list": [{"ref": 76}, {"literal": "XYZ"}, {"number": 70}, {"number": 197}, {"number": 0.0}], "size": 5}, "level": 2, "sub": [], "pageno": 32, "title": "4.3 Personally Identifiable Information (PII)"}, {"dest": {"list": [{"ref": 80}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 1, "sub": [], "pageno": 34, "title": "5 Policy and Implementation"}, {"dest": {"list": [{"ref": 82}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 2, "sub": [], "pageno": 35, "title": "5.1 Policy Area 1: Information Exchange Agreements"}, {"dest": {"list": [{"ref": 82}, {"literal": "XYZ"}, {"number": 70}, {"number": 637}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 35, "title": "5.1.1 Information Exchange"}, {"dest": {"list": [{"ref": 82}, {"literal": "XYZ"}, {"number": 70}, {"number": 427}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 35, "title": "5.1.2 Monitoring, Review, and Delivery of Services"}, {"dest": {"list": [{"ref": 82}, {"literal": "XYZ"}, {"number": 70}, {"number": 299}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 35, "title": "5.1.2.1 Managing Changes to Service Providers"}, {"dest": {"list": [{"ref": 84}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 2, "sub": [], "pageno": 36, "title": "ACCESS CONTROL (AC)"}, {"dest": {"list": [{"ref": 84}, {"literal": "XYZ"}, {"number": 70}, {"number": 597}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 36, "title": "AC-1 POLICY AND PROCEDURES"}, {"dest": {"list": [{"ref": 86}, {"literal": "XYZ"}, {"number": 70}, {"number": 633}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 37, "title": "AC-2 ACCOUNT MANAGEMENT"}, {"dest": {"list": [{"ref": 92}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 40, "title": "(1) ACCOUNT MANAGEMENT | AUTOMATED SYSTEM ACCOUNT MANAGEMENT"}, {"dest": {"list": [{"ref": 92}, {"literal": "XYZ"}, {"number": 70}, {"number": 514}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 40, "title": "(2) ACCOUNT MANAGEMENT | AUTOMATED TEMPORARY AND EMERGENCY ACCOUNT MANAGEMENT"}, {"dest": {"list": [{"ref": 92}, {"literal": "XYZ"}, {"number": 70}, {"number": 342}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 40, "title": "(3) ACCOUNT MANAGEMENT | DISABLE ACCOUNTS"}, {"dest": {"list": [{"ref": 92}, {"literal": "XYZ"}, {"number": 70}, {"number": 149}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 40, "title": "(4) ACCOUNT MANAGEMENT | AUTOMATED AUDIT ACTIONS"}, {"dest": {"list": [{"ref": 94}, {"literal": "XYZ"}, {"number": 70}, {"number": 667}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 41, "title": "(5) ACCOUNT MANAGEMENT | INACTIVITY LOGOUT28"}, {"dest": {"list": [{"ref": 94}, {"literal": "XYZ"}, {"number": 70}, {"number": 521}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 41, "title": "(13) ACCOUNT MANAGEMENT | DISABLE ACCOUNTS FOR HIGH-RISK INDIVIDUALS"}, {"dest": {"list": [{"ref": 94}, {"literal": "XYZ"}, {"number": 70}, {"number": 301}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 41, "title": "AC-3 ACCESS ENFORCEMENT"}, {"dest": {"list": [{"ref": 96}, {"literal": "XYZ"}, {"number": 70}, {"number": 633}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 42, "title": "(14) ACCESS ENFORCEMENT | INDIVIDUAL ACCESS"}, {"dest": {"list": [{"ref": 96}, {"literal": "XYZ"}, {"number": 70}, {"number": 338}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 42, "title": "AC-4 INFORMATION FLOW ENFORCEMENT"}, {"dest": {"list": [{"ref": 98}, {"literal": "XYZ"}, {"number": 70}, {"number": 379}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 43, "title": "AC-5 SEPARATION OF DUTIES"}, {"dest": {"list": [{"ref": 100}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 44, "title": "AC-6 LEAST PRIVILEGE"}, {"dest": {"list": [{"ref": 100}, {"literal": "XYZ"}, {"number": 70}, {"number": 479}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 44, "title": "(1) LEAST PRIVILEGE | AUTHORIZE ACCESS TO SECURITY FUNCTIONS"}, {"dest": {"list": [{"ref": 100}, {"literal": "XYZ"}, {"number": 70}, {"number": 184}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 44, "title": "(2) LEAST PRIVILEGE | NON-PRIVILEGED ACCESS FOR NONSECURITY FUNCTIONS"}, {"dest": {"list": [{"ref": 102}, {"literal": "XYZ"}, {"number": 70}, {"number": 611}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 45, "title": "(5) LEAST PRIVILEGE | PRIVILEGED ACCOUNTS"}, {"dest": {"list": [{"ref": 102}, {"literal": "XYZ"}, {"number": 70}, {"number": 411}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 45, "title": "(7) LEAST PRIVILEGE | REVIEW OF USER PRIVILEGES"}, {"dest": {"list": [{"ref": 102}, {"literal": "XYZ"}, {"number": 70}, {"number": 191}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 45, "title": "(9) LEAST PRIVILEGE | LOG USE OF PRIVILEGED FUNCTIONS"}, {"dest": {"list": [{"ref": 104}, {"literal": "XYZ"}, {"number": 70}, {"number": 653}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 46, "title": "(10) LEAST PRIVILEGE | PROHIBIT NON-PRIVILEGED USERS FROM EXECUTING PRIVILEGED FUNCTIONS"}, {"dest": {"list": [{"ref": 104}, {"literal": "XYZ"}, {"number": 70}, {"number": 420}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 46, "title": "AC-7 UNSUCCESSFUL LOGON ATTEMPTS"}, {"dest": {"list": [{"ref": 106}, {"literal": "XYZ"}, {"number": 70}, {"number": 619}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 47, "title": "AC-8 SYSTEM USE NOTIFICATION"}, {"dest": {"list": [{"ref": 108}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 48, "title": "AC-11 DEVICE LOCK"}, {"dest": {"list": [{"ref": 108}, {"literal": "XYZ"}, {"number": 70}, {"number": 329}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 48, "title": "(1) DEVICE LOCK | PATTERN-HIDING DISPLAYS"}, {"dest": {"list": [{"ref": 108}, {"literal": "XYZ"}, {"number": 70}, {"number": 150}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 48, "title": "AC-12 SESSION TERMINATION"}, {"dest": {"list": [{"ref": 110}, {"literal": "XYZ"}, {"number": 70}, {"number": 536}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 49, "title": "AC-14 PERMITTED ACTIONS WITHOUT IDENTIFICATION OR AUTHENTICATION"}, {"dest": {"list": [{"ref": 110}, {"literal": "XYZ"}, {"number": 70}, {"number": 171}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 49, "title": "AC-17 REMOTE ACCESS"}, {"dest": {"list": [{"ref": 112}, {"literal": "XYZ"}, {"number": 70}, {"number": 400}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 50, "title": "(1) REMOTE ACCESS | MONITORING AND CONTROL"}, {"dest": {"list": [{"ref": 112}, {"literal": "XYZ"}, {"number": 70}, {"number": 227}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 50, "title": "(2) REMOTE ACCESS | PROTECTION OF CONFIDENTIALITY AND INTEGRITY USING ENCRYPTION"}, {"dest": {"list": [{"ref": 114}, {"literal": "XYZ"}, {"number": 70}, {"number": 667}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 51, "title": "(3) REMOTE ACCESS | MANAGED ACCESS CONTROL POINTS"}, {"dest": {"list": [{"ref": 114}, {"literal": "XYZ"}, {"number": 70}, {"number": 521}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 51, "title": "(4) REMOTE ACCESS | PRIVILEGED COMMANDS AND ACCESS"}, {"dest": {"list": [{"ref": 114}, {"literal": "XYZ"}, {"number": 70}, {"number": 301}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 51, "title": "AC-18 WIRELESS ACCESS"}, {"dest": {"list": [{"ref": 116}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 52, "title": "(1) WIRELESS ACCESS | AUTHENTICATION AND ENCRYPTION"}, {"dest": {"list": [{"ref": 116}, {"literal": "XYZ"}, {"number": 70}, {"number": 547}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 52, "title": "(3) WIRELESS ACCESS | DISABLE WIRELESS NETWORKING"}, {"dest": {"list": [{"ref": 116}, {"literal": "XYZ"}, {"number": 70}, {"number": 355}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 52, "title": "AC-19 ACCESS CONTROL FOR MOBILE DEVICES"}, {"dest": {"list": [{"ref": 118}, {"literal": "XYZ"}, {"number": 70}, {"number": 428}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 53, "title": "(5) ACCESS CONTROL FOR MOBILE DEVICES | FULL DEVICE OR CONTAINER-BASED ENCRYPTION"}, {"dest": {"list": [{"ref": 118}, {"literal": "XYZ"}, {"number": 70}, {"number": 236}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 53, "title": "AC-20 USE OF EXTERNAL SYSTEMS"}, {"dest": {"list": [{"ref": 120}, {"literal": "XYZ"}, {"number": 70}, {"number": 148}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 54, "title": "(1) USE OF EXTERNAL SYSTEMS | LIMITS ON AUTHORIZED USE"}, {"dest": {"list": [{"ref": 122}, {"literal": "XYZ"}, {"number": 70}, {"number": 517}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 55, "title": "(2) USE OF EXTERNAL SYSTEMS | PORTABLE STORAGE DEVICES \u2014 RESTRICTED USE"}, {"dest": {"list": [{"ref": 122}, {"literal": "XYZ"}, {"number": 70}, {"number": 338}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 55, "title": "AC-21 INFORMATION SHARING"}, {"dest": {"list": [{"ref": 124}, {"literal": "XYZ"}, {"number": 70}, {"number": 619}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 56, "title": "AC-22 PUBLICLY ACCESSIBLE CONTENT"}, {"dest": {"list": [{"ref": 126}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 2, "sub": [], "pageno": 57, "title": "AWARENESS AND TRAINING (AT)"}, {"dest": {"list": [{"ref": 126}, {"literal": "XYZ"}, {"number": 70}, {"number": 617}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 57, "title": "AT-1 POLICY AND PROCEDURES"}, {"dest": {"list": [{"ref": 128}, {"literal": "XYZ"}, {"number": 70}, {"number": 592}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 58, "title": "AT-2 LITERACY TRAINING AND AWARENESS"}, {"dest": {"list": [{"ref": 130}, {"literal": "XYZ"}, {"number": 70}, {"number": 517}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 59, "title": "(2) LITERACY TRAINING AND AWARENESS | INSIDER THREAT"}, {"dest": {"list": [{"ref": 130}, {"literal": "XYZ"}, {"number": 70}, {"number": 295}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 59, "title": "(3) LITERACY TRAINING AND AWARENESS | SOCIAL ENGINEERING AND MINING"}, {"dest": {"list": [{"ref": 132}, {"literal": "XYZ"}, {"number": 70}, {"number": 700}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 60, "title": "AT-3 ROLE-BASED TRAINING"}, {"dest": {"list": [{"ref": 136}, {"literal": "XYZ"}, {"number": 70}, {"number": 304}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 62, "title": "(5) ROLE-BASED TRAINING | PROCESSING PERSONALLY IDENTIFIABLE INFORMATION"}, {"dest": {"list": [{"ref": 138}, {"literal": "XYZ"}, {"number": 70}, {"number": 667}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 63, "title": "AT-4 TRAINING RECORDS"}, {"dest": {"list": [{"ref": 142}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 2, "sub": [], "pageno": 65, "title": "AUDIT AND ACCOUNTABILITY (AU)"}, {"dest": {"list": [{"ref": 142}, {"literal": "XYZ"}, {"number": 70}, {"number": 692}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 65, "title": "AU-1 POLICY AND PROCEDURES"}, {"dest": {"list": [{"ref": 144}, {"literal": "XYZ"}, {"number": 70}, {"number": 706}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 66, "title": "AU-2 EVENT LOGGING"}, {"dest": {"list": [{"ref": 146}, {"literal": "XYZ"}, {"number": 70}, {"number": 304}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 67, "title": "AU-3 CONTENT OF AUDIT RECORDS"}, {"dest": {"list": [{"ref": 148}, {"literal": "XYZ"}, {"number": 70}, {"number": 536}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 68, "title": "(1) CONTENT OF AUDIT RECORDS | ADDITIONAL AUDIT INFORMATION"}, {"dest": {"list": [{"ref": 150}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 69, "title": "(3) CONTENT OF AUDIT RECORDS | LIMIT PERSONALLY IDENTIFIABLE INFORMATION ELEMENTS"}, {"dest": {"list": [{"ref": 150}, {"literal": "XYZ"}, {"number": 70}, {"number": 543}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 69, "title": "AU-4 AUDIT LOG STORAGE CAPACITY"}, {"dest": {"list": [{"ref": 150}, {"literal": "XYZ"}, {"number": 70}, {"number": 343}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 69, "title": "AU-5 RESPONSE TO AUDIT LOGGING PROCESS FAILURES"}, {"dest": {"list": [{"ref": 152}, {"literal": "XYZ"}, {"number": 70}, {"number": 653}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 70, "title": "AU-6 AUDIT RECORD REVIEW, ANALYSIS, AND REPORTING"}, {"dest": {"list": [{"ref": 152}, {"literal": "XYZ"}, {"number": 70}, {"number": 200}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 70, "title": "(1) AUDIT RECORD REVIEW, ANALYSIS, AND REPORTING | AUTOMATED PROCESS INTEGRATION"}, {"dest": {"list": [{"ref": 154}, {"literal": "XYZ"}, {"number": 70}, {"number": 679}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 71, "title": "(3) AUDIT RECORD REVIEW, ANALYSIS, AND REPORTING | CORRELATE AUDIT RECORD REPOSITORIES"}, {"dest": {"list": [{"ref": 154}, {"literal": "XYZ"}, {"number": 70}, {"number": 487}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 71, "title": "AU-7 AUDIT RECORD REDUCTION AND REPORT GENERATION"}, {"dest": {"list": [{"ref": 154}, {"literal": "XYZ"}, {"number": 70}, {"number": 173}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 71, "title": "(1) AUDIT RECORD REDUCTION AND REPORT GENERATION | AUTOMATIC PROCESSING"}, {"dest": {"list": [{"ref": 156}, {"literal": "XYZ"}, {"number": 70}, {"number": 598}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 72, "title": "AU-8 TIME STAMPS"}, {"dest": {"list": [{"ref": 156}, {"literal": "XYZ"}, {"number": 70}, {"number": 308}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 72, "title": "AU-9 PROTECTION OF AUDIT INFORMATION"}, {"dest": {"list": [{"ref": 158}, {"literal": "XYZ"}, {"number": 70}, {"number": 605}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 73, "title": "(4) PROTECTION OF AUDIT INFORMATION | ACCESS BY SUBSET OF PRIVILEGED USERS"}, {"dest": {"list": [{"ref": 158}, {"literal": "XYZ"}, {"number": 70}, {"number": 375}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 73, "title": "AU-11 AUDIT RECORD RETENTION"}, {"dest": {"list": [{"ref": 160}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 74, "title": "AU-12 AUDIT RECORD GENERATION"}, {"dest": {"list": [{"ref": 162}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 2, "sub": [], "pageno": 75, "title": "ASSESSMENT, AUTHORIZATION, AND MONITORING (CA)"}, {"dest": {"list": [{"ref": 162}, {"literal": "XYZ"}, {"number": 70}, {"number": 692}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 75, "title": "CA-1 POLICY AND PROCEDURES"}, {"dest": {"list": [{"ref": 164}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 76, "title": "CA-2 CONTROL ASSESSMENTS"}, {"dest": {"list": [{"ref": 166}, {"literal": "XYZ"}, {"number": 70}, {"number": 351}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 77, "title": "(1) CONTROL ASSESSMENTS | INDEPENDENT ASSESSORS"}, {"dest": {"list": [{"ref": 168}, {"literal": "XYZ"}, {"number": 70}, {"number": 490}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 78, "title": "CA-3 INFORMATION EXCHANGE"}, {"dest": {"list": [{"ref": 174}, {"literal": "XYZ"}, {"number": 70}, {"number": 576}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 81, "title": "CA-5 PLAN OF ACTION AND MILESTONES"}, {"dest": {"list": [{"ref": 174}, {"literal": "XYZ"}, {"number": 70}, {"number": 368}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 81, "title": "CA-6 AUTHORIZATION"}, {"dest": {"list": [{"ref": 176}, {"literal": "XYZ"}, {"number": 70}, {"number": 463}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 82, "title": "CA-7 CONTINUOUS MONITORING"}, {"dest": {"list": [{"ref": 180}, {"literal": "XYZ"}, {"number": 70}, {"number": 706}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 84, "title": "(1) CONTINUOUS MONITORING | INDEPENDENT ASSESSMENT"}, {"dest": {"list": [{"ref": 180}, {"literal": "XYZ"}, {"number": 70}, {"number": 475}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 84, "title": "(4) CONTINUOUS MONITORING | RISK MONITORING"}, {"dest": {"list": [{"ref": 180}, {"literal": "XYZ"}, {"number": 70}, {"number": 206}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 84, "title": "CA-9 INTERNAL SYSTEM CONNECTIONS"}, {"dest": {"list": [{"ref": 184}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 2, "sub": [], "pageno": 86, "title": "CONFIGURATION MANAGEMENT (CM)"}, {"dest": {"list": [{"ref": 184}, {"literal": "XYZ"}, {"number": 70}, {"number": 672}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 86, "title": "CM-1 POLICY AND PROCEDURES"}, {"dest": {"list": [{"ref": 186}, {"literal": "XYZ"}, {"number": 70}, {"number": 699}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 87, "title": "CM-2 BASELINE CONFIGURATION"}, {"dest": {"list": [{"ref": 186}, {"literal": "XYZ"}, {"number": 70}, {"number": 268}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 87, "title": "(2) BASELINE CONFIGURATION | AUTOMATION SUPPORT FOR ACCURACY AND CURRENCY"}, {"dest": {"list": [{"ref": 188}, {"literal": "XYZ"}, {"number": 70}, {"number": 617}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 88, "title": "(3) BASELINE CONFIGURATION | RETENTION OF PREVIOUS CONFIGURATIONS"}, {"dest": {"list": [{"ref": 188}, {"literal": "XYZ"}, {"number": 70}, {"number": 436}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 88, "title": "(7) BASELINE CONFIGURATION | CONFIGURE SYSTEMS AND COMPONENTS FOR HIGH-RISK AREAS"}, {"dest": {"list": [{"ref": 190}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 89, "title": "CM-3 CONFIGURATION CHANGE CONTROL"}, {"dest": {"list": [{"ref": 190}, {"literal": "XYZ"}, {"number": 70}, {"number": 206}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 89, "title": "(2) CONFIGURATION CHANGE CONTROL | TESTING, VALIDATION, AND DOCUMENTATION OF CHANGES"}, {"dest": {"list": [{"ref": 192}, {"literal": "XYZ"}, {"number": 70}, {"number": 579}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 90, "title": "(4) CONFIGURATION CHANGE CONTROL | SECURITY AND PRIVACY REPRESENTATIVES"}, {"dest": {"list": [{"ref": 192}, {"literal": "XYZ"}, {"number": 70}, {"number": 310}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 90, "title": "CM-4 IMPACT ANALYSES"}, {"dest": {"list": [{"ref": 194}, {"literal": "XYZ"}, {"number": 70}, {"number": 653}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 91, "title": "(2) IMPACT ANALYSES | VERIFICATION OF CONTROLS"}, {"dest": {"list": [{"ref": 194}, {"literal": "XYZ"}, {"number": 70}, {"number": 486}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 91, "title": "CM-5 ACCESS RESTRICTIONS FOR CHANGE"}, {"dest": {"list": [{"ref": 194}, {"literal": "XYZ"}, {"number": 70}, {"number": 231}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 91, "title": "CM-6 CONFIGURATION SETTINGS"}, {"dest": {"list": [{"ref": 196}, {"literal": "XYZ"}, {"number": 70}, {"number": 181}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 92, "title": "CM-7 LEAST FUNCTIONALITY"}, {"dest": {"list": [{"ref": 198}, {"literal": "XYZ"}, {"number": 70}, {"number": 452}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 93, "title": "(1) LEAST FUNCTIONALITY | PERIODIC REVIEW"}, {"dest": {"list": [{"ref": 198}, {"literal": "XYZ"}, {"number": 70}, {"number": 175}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 93, "title": "(2) LEAST FUNCTIONALITY | PREVENT PROGRAM EXECUTION"}, {"dest": {"list": [{"ref": 200}, {"literal": "XYZ"}, {"number": 70}, {"number": 596}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 94, "title": "(5) LEAST FUNCTIONALITY | AUTHORIZED SOFTWARE \u2014 ALLOW-BY-EXCEPTION"}, {"dest": {"list": [{"ref": 200}, {"literal": "XYZ"}, {"number": 70}, {"number": 260}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 94, "title": "CM-8 SYSTEM COMPONENT INVENTORY"}, {"dest": {"list": [{"ref": 202}, {"literal": "XYZ"}, {"number": 70}, {"number": 258}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 95, "title": "(1) SYSTEM COMPONENT INVENTORY | UPDATES DURING INSTALLATION AND REMOVAL"}, {"dest": {"list": [{"ref": 204}, {"literal": "XYZ"}, {"number": 70}, {"number": 686}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 96, "title": "(3) SYSTEM COMPONENT INVENTORY | AUTOMATED UNAUTHORIZED COMPONENT DETECTION"}, {"dest": {"list": [{"ref": 204}, {"literal": "XYZ"}, {"number": 70}, {"number": 344}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 96, "title": "CM-9 CONFIGURATION MANAGEMENT PLAN"}, {"dest": {"list": [{"ref": 206}, {"literal": "XYZ"}, {"number": 70}, {"number": 365}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 97, "title": "CM-10 SOFTWARE USAGE RESTRICTIONS"}, {"dest": {"list": [{"ref": 208}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 98, "title": "CM-11 USER-INSTALLED SOFTWARE"}, {"dest": {"list": [{"ref": 208}, {"literal": "XYZ"}, {"number": 70}, {"number": 431}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 98, "title": "CM-12 INFORMATION LOCATION"}, {"dest": {"list": [{"ref": 210}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 99, "title": "(1) INFORMATION LOCATION | AUTOMATED TOOLS TO SUPPORT INFORMATION LOCATION"}, {"dest": {"list": [{"ref": 212}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 2, "sub": [], "pageno": 100, "title": "CONTINGENCY PLANNING (CP)"}, {"dest": {"list": [{"ref": 212}, {"literal": "XYZ"}, {"number": 70}, {"number": 690}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 100, "title": "CP-1 POLICY AND PROCEDURES"}, {"dest": {"list": [{"ref": 214}, {"literal": "XYZ"}, {"number": 70}, {"number": 652}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 101, "title": "CP-2 CONTINGENCY PLAN"}, {"dest": {"list": [{"ref": 216}, {"literal": "XYZ"}, {"number": 70}, {"number": 503}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 102, "title": "(1) CONTINGENCY PLAN | COORDINATE WITH RELATED PLANS"}, {"dest": {"list": [{"ref": 216}, {"literal": "XYZ"}, {"number": 70}, {"number": 326}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 102, "title": "(3) CONTINGENCY PLAN | RESUME MISSION AND BUSINESS FUNCTIONS"}, {"dest": {"list": [{"ref": 216}, {"literal": "XYZ"}, {"number": 70}, {"number": 121}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 102, "title": "(8) CONTINGENCY PLAN | IDENTIFY CRITICAL ASSETS"}, {"dest": {"list": [{"ref": 218}, {"literal": "XYZ"}, {"number": 70}, {"number": 491}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 103, "title": "CP-3 CONTINGENCY TRAINING"}, {"dest": {"list": [{"ref": 220}, {"literal": "XYZ"}, {"number": 70}, {"number": 659}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 104, "title": "CP-4 CONTINGENCY PLAN TESTING"}, {"dest": {"list": [{"ref": 220}, {"literal": "XYZ"}, {"number": 70}, {"number": 347}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 104, "title": "(1) CONTINGENCY PLAN TESTING | COORDINATE WITH RELATED PLANS"}, {"dest": {"list": [{"ref": 220}, {"literal": "XYZ"}, {"number": 70}, {"number": 129}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 104, "title": "CP-6 ALTERNATE STORAGE SITE"}, {"dest": {"list": [{"ref": 222}, {"literal": "XYZ"}, {"number": 70}, {"number": 449}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 105, "title": "(1) ALTERNATE STORAGE SITE | SEPARATION FROM PRIMARY SITE"}, {"dest": {"list": [{"ref": 222}, {"literal": "XYZ"}, {"number": 70}, {"number": 217}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 105, "title": "(3) ALTERNATE STORAGE SITE | ACCESSIBILITY"}, {"dest": {"list": [{"ref": 224}, {"literal": "XYZ"}, {"number": 70}, {"number": 634}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 106, "title": "CP-7 ALTERNATE PROCESSING SITE"}, {"dest": {"list": [{"ref": 224}, {"literal": "XYZ"}, {"number": 70}, {"number": 196}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 106, "title": "(1) ALTERNATE PROCESSING SITE | SEPARATION FROM PRIMARY SITE"}, {"dest": {"list": [{"ref": 226}, {"literal": "XYZ"}, {"number": 70}, {"number": 617}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 107, "title": "(2) ALTERNATE PROCESSING SITE | ACCESSIBILITY"}, {"dest": {"list": [{"ref": 226}, {"literal": "XYZ"}, {"number": 70}, {"number": 454}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 107, "title": "(3) ALTERNATE PROCESSING SITE | PRIORITY OF SERVICE"}, {"dest": {"list": [{"ref": 226}, {"literal": "XYZ"}, {"number": 70}, {"number": 246}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 107, "title": "CP-8 TELECOMMUNICATIONS SERVICES"}, {"dest": {"list": [{"ref": 228}, {"literal": "XYZ"}, {"number": 70}, {"number": 557}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 108, "title": "(1) TELECOMMUNICATIONS SERVICES | PRIORITY OF SERVICE PROVISIONS"}, {"dest": {"list": [{"ref": 228}, {"literal": "XYZ"}, {"number": 70}, {"number": 224}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 108, "title": "(2) TELECOMMUNICATIONS SERVICES | SINGLE POINTS OF FAILURE"}, {"dest": {"list": [{"ref": 230}, {"literal": "XYZ"}, {"number": 70}, {"number": 662}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 109, "title": "CP-9 SYSTEM BACKUP"}, {"dest": {"list": [{"ref": 230}, {"literal": "XYZ"}, {"number": 70}, {"number": 281}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 109, "title": "(1) SYSTEM BACKUP | TESTING FOR RELIABILITY AND INTEGRITY"}, {"dest": {"list": [{"ref": 232}, {"literal": "XYZ"}, {"number": 70}, {"number": 692}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 110, "title": "(8) SYSTEM BACKUP | CRYPTOGRAPHIC PROTECTION"}, {"dest": {"list": [{"ref": 232}, {"literal": "XYZ"}, {"number": 70}, {"number": 485}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 110, "title": "CP-10 SYSTEM RECOVERY AND RECONSTITUTION"}, {"dest": {"list": [{"ref": 232}, {"literal": "XYZ"}, {"number": 70}, {"number": 158}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 110, "title": "(2) SYSTEM RECOVERY AND RECONSTITUTION | TRANSACTION RECOVERY"}, {"dest": {"list": [{"ref": 236}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 2, "sub": [], "pageno": 112, "title": "IDENTIFICATION AND AUTHENTICATION (IA)"}, {"dest": {"list": [{"ref": 236}, {"literal": "XYZ"}, {"number": 70}, {"number": 625}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 112, "title": "IA-0 USE OF ORIGINATING AGENCY IDENTIFIERS IN TRANSACTIONS AND INFORMATION EXCHANGES"}, {"dest": {"list": [{"ref": 236}, {"literal": "XYZ"}, {"number": 70}, {"number": 293}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 112, "title": "IA-1 POLICY AND PROCEDURES"}, {"dest": {"list": [{"ref": 238}, {"literal": "XYZ"}, {"number": 70}, {"number": 341}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 113, "title": "IA-2 IDENTIFICATION AND AUTHENTICATION (ORGANIZATIONAL USERS)"}, {"dest": {"list": [{"ref": 240}, {"literal": "XYZ"}, {"number": 70}, {"number": 497}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 114, "title": "(1) IDENTIFICATION AND AUTHENTICATION (ORGANIZATIONAL USERS) | MULTI-FACTOR AUTHENTICATION TO PRIVILEGED ACCOUNTS"}, {"dest": {"list": [{"ref": 240}, {"literal": "XYZ"}, {"number": 70}, {"number": 201}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 114, "title": "(2) IDENTIFICATION AND AUTHENTICATION (ORGANIZATIONAL USERS) | MULTI-FACTOR AUTHENTICATION TO NON-PRIVILEGED ACCOUNTS"}, {"dest": {"list": [{"ref": 242}, {"literal": "XYZ"}, {"number": 70}, {"number": 542}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 115, "title": "(8) IDENTIFICATION AND AUTHENTICATION (ORGANIZATIONAL USERS) | ACCESS TO ACCOUNTS \u2014 REPLAY RESISTANT"}, {"dest": {"list": [{"ref": 242}, {"literal": "XYZ"}, {"number": 70}, {"number": 357}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 115, "title": "(12) IDENTIFICATION AND AUTHENTICATION (ORGANIZATIONAL USERS) | ACCEPTANCE OF PIV CREDENTIALS"}, {"dest": {"list": [{"ref": 242}, {"literal": "XYZ"}, {"number": 70}, {"number": 124}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 115, "title": "IA-3 DEVICE IDENTIFICATION AND AUTHENTICATION"}, {"dest": {"list": [{"ref": 244}, {"literal": "XYZ"}, {"number": 70}, {"number": 442}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 116, "title": "IA-4 IDENTIFIER MANAGEMENT"}, {"dest": {"list": [{"ref": 246}, {"literal": "XYZ"}, {"number": 70}, {"number": 700}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 117, "title": "(4) IDENTIFIER MANAGEMENT | IDENTIFY USER STATUS"}, {"dest": {"list": [{"ref": 246}, {"literal": "XYZ"}, {"number": 70}, {"number": 508}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 117, "title": "IA-5 AUTHENTICATOR MANAGEMENT"}, {"dest": {"list": [{"ref": 289}, {"literal": "XYZ"}, {"number": 70}, {"number": 524}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 138, "title": "(1) AUTHENTICATOR MANAGEMENT | AUTHENTICATOR TYPES"}, {"dest": {"list": [{"ref": 289}, {"literal": "XYZ"}, {"number": 70}, {"number": 466}, {"number": 0.0}], "size": 5}, "level": 5, "sub": [], "pageno": 138, "title": "(a) Memorized Secret Authenticators and Verifiers:"}, {"dest": {"list": [{"ref": 299}, {"literal": "XYZ"}, {"number": 70}, {"number": 667}, {"number": 0.0}], "size": 5}, "level": 5, "sub": [], "pageno": 143, "title": "(b) Look-Up Secret Authenticators and Verifiers"}, {"dest": {"list": [{"ref": 303}, {"literal": "XYZ"}, {"number": 70}, {"number": 362}, {"number": 0.0}], "size": 5}, "level": 5, "sub": [], "pageno": 145, "title": "(c) Out-of-Band Authenticators and Verifiers"}, {"dest": {"list": [{"ref": 313}, {"literal": "XYZ"}, {"number": 70}, {"number": 348}, {"number": 0.0}], "size": 5}, "level": 5, "sub": [], "pageno": 150, "title": "(d) OTP Authenticators and Verifiers"}, {"dest": {"list": [{"ref": 321}, {"literal": "XYZ"}, {"number": 70}, {"number": 504}, {"number": 0.0}], "size": 5}, "level": 5, "sub": [], "pageno": 154, "title": "(e) Cryptographic Authenticators and Verifiers (including single- and multi-factor cryptographic authenticators, both hardware- and software-based)"}, {"dest": {"list": [{"ref": 327}, {"literal": "XYZ"}, {"number": 70}, {"number": 175}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 157, "title": "(2) AUTHENTICATOR MANAGEMENT | PUBLIC KEY BASED AUTHENTICATION"}, {"dest": {"list": [{"ref": 329}, {"literal": "XYZ"}, {"number": 70}, {"number": 402}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 158, "title": "(6) AUTHENTICATOR MANAGEMENT | PROTECTION OF AUTHENTICATORS"}, {"dest": {"list": [{"ref": 329}, {"literal": "XYZ"}, {"number": 70}, {"number": 196}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 158, "title": "IA-6 AUTHENTICATION FEEDBACK"}, {"dest": {"list": [{"ref": 331}, {"literal": "XYZ"}, {"number": 70}, {"number": 592}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 159, "title": "IA-7 CRYPTOGRAPHIC MODULE AUTHENTICATIONF"}, {"dest": {"list": [{"ref": 331}, {"literal": "XYZ"}, {"number": 70}, {"number": 398}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 159, "title": "IA-8 IDENTIFICATION AND AUTHENTICATION (NON-ORGANIZATIONAL USERS)"}, {"dest": {"list": [{"ref": 333}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 160, "title": "(1) IDENTIFICATION AND AUTHENTICATION (NON-ORGANIZATIONAL USERS) | ACCEPTANCE OF PIV CREDENTIALS FROM OTHER AGENCIES"}, {"dest": {"list": [{"ref": 333}, {"literal": "XYZ"}, {"number": 70}, {"number": 515}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 160, "title": "(2) IDENTIFICATION AND AUTHENTICATION (NON-ORGANIZATIONAL USERS) | ACCEPTANCE OF EXTERNAL AUTHENTICATORS"}, {"dest": {"list": [{"ref": 333}, {"literal": "XYZ"}, {"number": 70}, {"number": 268}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 160, "title": "(4) IDENTIFICATION AND AUTHENTICATION (NON-ORGANIZATIONAL USERS) | USE OF DEFINED PROFILES"}, {"dest": {"list": [{"ref": 335}, {"literal": "XYZ"}, {"number": 70}, {"number": 680}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 161, "title": "IA-11 RE-AUTHENTICATION"}, {"dest": {"list": [{"ref": 335}, {"literal": "XYZ"}, {"number": 70}, {"number": 487}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 161, "title": "IA-12 IDENTITY PROOFING"}, {"dest": {"list": [{"ref": 335}, {"literal": "XYZ"}, {"number": 70}, {"number": 206}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 161, "title": "(2) IDENTITY PROOFING | IDENTITY EVIDENCE"}, {"dest": {"list": [{"ref": 337}, {"literal": "XYZ"}, {"number": 70}, {"number": 667}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 162, "title": "(3) IDENTITY PROOFING | IDENTITY EVIDENCE VALIDATION AND VERIFICATION"}, {"dest": {"list": [{"ref": 383}, {"literal": "XYZ"}, {"number": 70}, {"number": 491}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 184, "title": "(5) IDENTITY PROOFING | ADDRESS CONFIRMATION"}, {"dest": {"list": [{"ref": 389}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 2, "sub": [], "pageno": 187, "title": "INCIDENT RESPONSE (IR)"}, {"dest": {"list": [{"ref": 389}, {"literal": "XYZ"}, {"number": 70}, {"number": 692}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 187, "title": "IR-1 POLICY AND PROCEDURES"}, {"dest": {"list": [{"ref": 391}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 188, "title": "IR-2 INCIDENT RESPONSE TRAINING"}, {"dest": {"list": [{"ref": 391}, {"literal": "XYZ"}, {"number": 70}, {"number": 283}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 188, "title": "(3) INCIDENT RESPONSE TRAINING | BREACH"}, {"dest": {"list": [{"ref": 393}, {"literal": "XYZ"}, {"number": 70}, {"number": 700}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 189, "title": "IR-3 INCIDENT RESPONSE TESTING"}, {"dest": {"list": [{"ref": 393}, {"literal": "XYZ"}, {"number": 70}, {"number": 459}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 189, "title": "(2) INCIDENT RESPONSE TESTING | COORDINATION WITH RELATED PLANS"}, {"dest": {"list": [{"ref": 393}, {"literal": "XYZ"}, {"number": 70}, {"number": 314}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 189, "title": "IR-4 INCIDENT HANDLING"}, {"dest": {"list": [{"ref": 395}, {"literal": "XYZ"}, {"number": 70}, {"number": 434}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 190, "title": "(1) INCIDENT HANDLING | AUTOMATED INCIDENT HANDLING PROCESSES"}, {"dest": {"list": [{"ref": 395}, {"literal": "XYZ"}, {"number": 70}, {"number": 247}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 190, "title": "IR-5 INCIDENT MONITORING"}, {"dest": {"list": [{"ref": 397}, {"literal": "XYZ"}, {"number": 70}, {"number": 700}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 191, "title": "IR-6 INCIDENT REPORTING"}, {"dest": {"list": [{"ref": 397}, {"literal": "XYZ"}, {"number": 70}, {"number": 439}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 191, "title": "(1) INCIDENT REPORTING | AUTOMATED REPORTING"}, {"dest": {"list": [{"ref": 397}, {"literal": "XYZ"}, {"number": 70}, {"number": 294}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 191, "title": "(3) INCIDENT REPORTING | SUPPLY CHAIN COORDINATION"}, {"dest": {"list": [{"ref": 399}, {"literal": "XYZ"}, {"number": 70}, {"number": 680}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 192, "title": "IR-7 INCIDENT RESPONSE ASSISTANCE"}, {"dest": {"list": [{"ref": 399}, {"literal": "XYZ"}, {"number": 70}, {"number": 467}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 192, "title": "(1) INCIDENT RESPONSE ASSISTANCE | AUTOMATION SUPPORT FOR AVAILABILITY OF INFORMATION AND SUPPORT10F"}, {"dest": {"list": [{"ref": 399}, {"literal": "XYZ"}, {"number": 70}, {"number": 187}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 192, "title": "IR-8 INCIDENT RESPONSE PLAN"}, {"dest": {"list": [{"ref": 401}, {"literal": "XYZ"}, {"number": 70}, {"number": 190}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 193, "title": "(1) INCIDENT RESPONSE PLAN | BREACHES"}, {"dest": {"list": [{"ref": 405}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 2, "sub": [], "pageno": 195, "title": "MAINTENANCE (MA)"}, {"dest": {"list": [{"ref": 405}, {"literal": "XYZ"}, {"number": 70}, {"number": 692}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 195, "title": "MA-1 POLICY AND PROCEDURES"}, {"dest": {"list": [{"ref": 407}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 196, "title": "MA-2 CONTROLLED MAINTENANCE"}, {"dest": {"list": [{"ref": 407}, {"literal": "XYZ"}, {"number": 70}, {"number": 176}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 196, "title": "MA-3 MAINTENANCE TOOLS"}, {"dest": {"list": [{"ref": 409}, {"literal": "XYZ"}, {"number": 70}, {"number": 461}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 197, "title": "(1) MAINTENANCE TOOLS | INSPECT TOOLS"}, {"dest": {"list": [{"ref": 409}, {"literal": "XYZ"}, {"number": 70}, {"number": 275}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 197, "title": "(2) MAINTENANCE TOOLS | INSPECT MEDIA"}, {"dest": {"list": [{"ref": 409}, {"literal": "XYZ"}, {"number": 70}, {"number": 116}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 197, "title": "(3) MAINTENANCE TOOLS | PREVENT UNAUTHORIZED REMOVAL"}, {"dest": {"list": [{"ref": 411}, {"literal": "XYZ"}, {"number": 70}, {"number": 532}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 198, "title": "MA-4 NONLOCAL MAINTENANCE"}, {"dest": {"list": [{"ref": 411}, {"literal": "XYZ"}, {"number": 70}, {"number": 163}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 198, "title": "MA-5 MAINTENANCE PERSONNEL"}, {"dest": {"list": [{"ref": 413}, {"literal": "XYZ"}, {"number": 70}, {"number": 442}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 199, "title": "MA-6 TIMELY MAINTENANCE"}, {"dest": {"list": [{"ref": 415}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 2, "sub": [], "pageno": 200, "title": "MEDIA PROTECTION (MP)"}, {"dest": {"list": [{"ref": 415}, {"literal": "XYZ"}, {"number": 70}, {"number": 645}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 200, "title": "MP-1 POLICY AND PROCEDURES"}, {"dest": {"list": [{"ref": 417}, {"literal": "XYZ"}, {"number": 70}, {"number": 700}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 201, "title": "MP-2 MEDIA ACCESS"}, {"dest": {"list": [{"ref": 417}, {"literal": "XYZ"}, {"number": 70}, {"number": 465}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 201, "title": "MP-3 MEDIA MARKING"}, {"dest": {"list": [{"ref": 419}, {"literal": "XYZ"}, {"number": 70}, {"number": 430}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 202, "title": "MP-4 MEDIA STORAGE"}, {"dest": {"list": [{"ref": 421}, {"literal": "XYZ"}, {"number": 70}, {"number": 700}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 203, "title": "MP-5 MEDIA TRANSPORT"}, {"dest": {"list": [{"ref": 421}, {"literal": "XYZ"}, {"number": 70}, {"number": 212}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 203, "title": "MP-6 MEDIA SANITIZATION"}, {"dest": {"list": [{"ref": 423}, {"literal": "XYZ"}, {"number": 70}, {"number": 339}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 204, "title": "MP-7 MEDIA USE"}, {"dest": {"list": [{"ref": 427}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 2, "sub": [], "pageno": 206, "title": "PHYSICAL AND ENVIRONMENTAL PROTECTION (PE)"}, {"dest": {"list": [{"ref": 427}, {"literal": "XYZ"}, {"number": 70}, {"number": 686}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 206, "title": "PE-1 POLICY AND PROCEDURES"}, {"dest": {"list": [{"ref": 429}, {"literal": "XYZ"}, {"number": 70}, {"number": 706}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 207, "title": "PE-2 PHYSICAL ACCESS AUTHORIZATIONS"}, {"dest": {"list": [{"ref": 429}, {"literal": "XYZ"}, {"number": 70}, {"number": 384}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 207, "title": "PE-3 PHYSICAL ACCESS CONTROL"}, {"dest": {"list": [{"ref": 431}, {"literal": "XYZ"}, {"number": 70}, {"number": 448}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 208, "title": "PE-4 ACCESS CONTROL FOR TRANSMISSION"}, {"dest": {"list": [{"ref": 431}, {"literal": "XYZ"}, {"number": 70}, {"number": 226}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 208, "title": "PE-5 ACCESS CONTROL FOR OUTPUT DEVICES"}, {"dest": {"list": [{"ref": 433}, {"literal": "XYZ"}, {"number": 70}, {"number": 652}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 209, "title": "PE-6 MONITORING PHYSICAL ACCESS"}, {"dest": {"list": [{"ref": 433}, {"literal": "XYZ"}, {"number": 70}, {"number": 281}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 209, "title": "(1) MONITORING PHYSICAL ACCESS | INTRUSION ALARMS AND SURVEILLANCE EQUIPMENT"}, {"dest": {"list": [{"ref": 435}, {"literal": "XYZ"}, {"number": 70}, {"number": 653}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 210, "title": "PE-8 VISITOR ACCESS RECORDS"}, {"dest": {"list": [{"ref": 435}, {"literal": "XYZ"}, {"number": 70}, {"number": 371}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 210, "title": "(3) VISITOR ACCESS RECORDS | LIMIT PERSONALLY IDENTIFIABLE INFORMATION ELEMENTS"}, {"dest": {"list": [{"ref": 435}, {"literal": "XYZ"}, {"number": 70}, {"number": 148}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 210, "title": "PE-9 POWER EQUIPMENT AND CABLING"}, {"dest": {"list": [{"ref": 437}, {"literal": "XYZ"}, {"number": 70}, {"number": 557}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 211, "title": "PE-10 EMERGENCY SHUTOFF"}, {"dest": {"list": [{"ref": 437}, {"literal": "XYZ"}, {"number": 70}, {"number": 297}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 211, "title": "PE-11 EMERGENCY POWER"}, {"dest": {"list": [{"ref": 439}, {"literal": "XYZ"}, {"number": 70}, {"number": 624}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 212, "title": "PE-12 EMERGENCY LIGHTING"}, {"dest": {"list": [{"ref": 439}, {"literal": "XYZ"}, {"number": 70}, {"number": 376}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 212, "title": "PE-13 FIRE PROTECTION"}, {"dest": {"list": [{"ref": 441}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 213, "title": "(1) FIRE PROTECTION | DETECTION SYSTEMS \u2014 AUTOMATIC ACTIVATION AND NOTIFICATION"}, {"dest": {"list": [{"ref": 441}, {"literal": "XYZ"}, {"number": 70}, {"number": 482}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 213, "title": "PE-14 ENVIRONMENTAL CONTROLS"}, {"dest": {"list": [{"ref": 441}, {"literal": "XYZ"}, {"number": 70}, {"number": 228}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 213, "title": "PE-15 WATER DAMAGE PROTECTION"}, {"dest": {"list": [{"ref": 443}, {"literal": "XYZ"}, {"number": 70}, {"number": 638}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 214, "title": "PE-16 DELIVERY AND REMOVAL"}, {"dest": {"list": [{"ref": 443}, {"literal": "XYZ"}, {"number": 70}, {"number": 452}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 214, "title": "PE-17 ALTERNATE WORK SITE"}, {"dest": {"list": [{"ref": 447}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 2, "sub": [], "pageno": 216, "title": "PLANNING (PL)"}, {"dest": {"list": [{"ref": 447}, {"literal": "XYZ"}, {"number": 70}, {"number": 692}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 216, "title": "PL-1 POLICY AND PROCEDURES"}, {"dest": {"list": [{"ref": 449}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 217, "title": "PL-2 SYSTEM SECURITY AND PRIVACY PLANS"}, {"dest": {"list": [{"ref": 453}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 219, "title": "PL-4 RULES OF BEHAVIOR"}, {"dest": {"list": [{"ref": 453}, {"literal": "XYZ"}, {"number": 70}, {"number": 252}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 219, "title": "(1) RULES OF BEHAVIOR | SOCIAL MEDIA AND EXTERNAL SITE/APPLICATION USAGE RESTRICTIONS"}, {"dest": {"list": [{"ref": 455}, {"literal": "XYZ"}, {"number": 70}, {"number": 555}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 220, "title": "PL-8 SECURITY AND PRIVACY ARCHITECTURES"}, {"dest": {"list": [{"ref": 457}, {"literal": "XYZ"}, {"number": 70}, {"number": 445}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 221, "title": "PL-9 CENTRAL MANAGEMENT"}, {"dest": {"list": [{"ref": 459}, {"literal": "XYZ"}, {"number": 70}, {"number": 599}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 222, "title": "PL-10 BASELINE SELECTION"}, {"dest": {"list": [{"ref": 459}, {"literal": "XYZ"}, {"number": 70}, {"number": 219}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 222, "title": "PL-11 BASELINE TAILORING"}, {"dest": {"list": [{"ref": 464}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 2, "sub": [], "pageno": 224, "title": "PERSONNEL SECURITY (PS)"}, {"dest": {"list": [{"ref": 464}, {"literal": "XYZ"}, {"number": 70}, {"number": 581}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 224, "title": "PS-1 POLICY AND PROCEDURES"}, {"dest": {"list": [{"ref": 466}, {"literal": "XYZ"}, {"number": 70}, {"number": 548}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 225, "title": "PS-2 POSITION RISK DESIGNATION"}, {"dest": {"list": [{"ref": 466}, {"literal": "XYZ"}, {"number": 70}, {"number": 124}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 225, "title": "PS-3 PERSONNEL SCREENING"}, {"dest": {"list": [{"ref": 470}, {"literal": "XYZ"}, {"number": 70}, {"number": 283}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 227, "title": "PS-4 PERSONNEL TERMINATION"}, {"dest": {"list": [{"ref": 472}, {"literal": "XYZ"}, {"number": 70}, {"number": 513}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 228, "title": "PS-5 PERSONNEL TRANSFER"}, {"dest": {"list": [{"ref": 474}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 229, "title": "PS-6 ACCESS AGREEMENTS"}, {"dest": {"list": [{"ref": 474}, {"literal": "XYZ"}, {"number": 70}, {"number": 435}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 229, "title": "PS-7 EXTERNAL PERSONNEL SECURITY"}, {"dest": {"list": [{"ref": 476}, {"literal": "XYZ"}, {"number": 70}, {"number": 625}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 230, "title": "PS-8 PERSONNEL SANCTIONS"}, {"dest": {"list": [{"ref": 476}, {"literal": "XYZ"}, {"number": 70}, {"number": 327}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 230, "title": "PS-9 POSITION DESCRIPTIONS"}, {"dest": {"list": [{"ref": 482}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 2, "sub": [], "pageno": 233, "title": "RISK ASSESSMENT (RA)"}, {"dest": {"list": [{"ref": 482}, {"literal": "XYZ"}, {"number": 70}, {"number": 692}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 233, "title": "RA-1 POLICY AND PROCEDURES"}, {"dest": {"list": [{"ref": 484}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 234, "title": "RA-2 SECURITY CATEGORIZATION"}, {"dest": {"list": [{"ref": 484}, {"literal": "XYZ"}, {"number": 70}, {"number": 301}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 234, "title": "RA-3 RISK ASSESSMENT"}, {"dest": {"list": [{"ref": 486}, {"literal": "XYZ"}, {"number": 70}, {"number": 345}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 235, "title": "RA-5 VULNERABILITY MONITORING AND SCANNING"}, {"dest": {"list": [{"ref": 490}, {"literal": "XYZ"}, {"number": 70}, {"number": 529}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 237, "title": "(2) VULNERABILITY MONITORING AND SCANNING | UPDATE VULNERABILITIES TO BE SCANNED"}, {"dest": {"list": [{"ref": 490}, {"literal": "XYZ"}, {"number": 70}, {"number": 337}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 237, "title": "(5) VULNERABILITY MONITORING AND SCANNING | PRIVILEGED ACCESS"}, {"dest": {"list": [{"ref": 490}, {"literal": "XYZ"}, {"number": 70}, {"number": 147}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 237, "title": "(11) VULNERABILITY MONITORING AND SCANNING | PUBLIC DISCLOSURE PROGRAM"}, {"dest": {"list": [{"ref": 492}, {"literal": "XYZ"}, {"number": 70}, {"number": 578}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 238, "title": "RA-7 RISK RESPONSE"}, {"dest": {"list": [{"ref": 492}, {"literal": "XYZ"}, {"number": 70}, {"number": 303}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 238, "title": "RA-9 CRITICALITY ANALYSIS"}, {"dest": {"list": [{"ref": 496}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 2, "sub": [], "pageno": 240, "title": "SYSTEM AND SERVICES ACQUISITION (SA)"}, {"dest": {"list": [{"ref": 496}, {"literal": "XYZ"}, {"number": 70}, {"number": 686}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 240, "title": "SA-1 POLICY AND PROCEDURES"}, {"dest": {"list": [{"ref": 498}, {"literal": "XYZ"}, {"number": 70}, {"number": 607}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 241, "title": "SA-2 ALLOCATION OF RESOURCES"}, {"dest": {"list": [{"ref": 498}, {"literal": "XYZ"}, {"number": 70}, {"number": 357}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 241, "title": "SA-3 SYSTEM DEVELOPMENT LIFE CYCLE"}, {"dest": {"list": [{"ref": 500}, {"literal": "XYZ"}, {"number": 70}, {"number": 424}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 242, "title": "SA-4 ACQUISITION PROCESS"}, {"dest": {"list": [{"ref": 502}, {"literal": "XYZ"}, {"number": 70}, {"number": 264}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 243, "title": "(1) ACQUISITION PROCESS | FUNCTIONAL PROPERTIES OF CONTROLS"}, {"dest": {"list": [{"ref": 504}, {"literal": "XYZ"}, {"number": 70}, {"number": 667}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 244, "title": "(2) ACQUISITION PROCESS | DESIGN AND IMPLEMENTATION INFORMATION FOR CONTROLS"}, {"dest": {"list": [{"ref": 504}, {"literal": "XYZ"}, {"number": 70}, {"number": 314}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 244, "title": "(9) ACQUISITION PROCESS | FUNCTIONS, PORTS, PROTOCOLS, AND SERVICES IN USE"}, {"dest": {"list": [{"ref": 506}, {"literal": "XYZ"}, {"number": 70}, {"number": 598}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 245, "title": "(10) ACQUISITION PROCESS | USE OF APPROVED PIV PRODUCTS"}, {"dest": {"list": [{"ref": 506}, {"literal": "XYZ"}, {"number": 70}, {"number": 385}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 245, "title": "SA-5 SYSTEM DOCUMENTATION"}, {"dest": {"list": [{"ref": 508}, {"literal": "XYZ"}, {"number": 70}, {"number": 353}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 246, "title": "SA-8 SECURITY AND PRIVACY ENGINEERING PRINCIPLES"}, {"dest": {"list": [{"ref": 510}, {"literal": "XYZ"}, {"number": 70}, {"number": 410}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 247, "title": "(33) SECURITY AND PRIVACY ENGINEERING PRINCIPLES | MINIMIZATION"}, {"dest": {"list": [{"ref": 510}, {"literal": "XYZ"}, {"number": 70}, {"number": 154}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 247, "title": "SA-9 EXTERNAL SYSTEM SERVICES"}, {"dest": {"list": [{"ref": 516}, {"literal": "XYZ"}, {"number": 70}, {"number": 391}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 250, "title": "(2) EXTERNAL SYSTEM SERVICES | IDENTIFICATION OF FUNCTIONS, PORTS, PROTOCOLS, AND SERVICES"}, {"dest": {"list": [{"ref": 516}, {"literal": "XYZ"}, {"number": 70}, {"number": 126}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 250, "title": "SA-10 DEVELOPER CONFIGURATION MANAGEMENT"}, {"dest": {"list": [{"ref": 518}, {"literal": "XYZ"}, {"number": 70}, {"number": 200}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 251, "title": "SA-11 DEVELOPER TESTING AND EVALUATION"}, {"dest": {"list": [{"ref": 520}, {"literal": "XYZ"}, {"number": 70}, {"number": 230}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 252, "title": "SA-15 DEVELOPMENT PROCESS, STANDARDS, AND TOOLS"}, {"dest": {"list": [{"ref": 522}, {"literal": "XYZ"}, {"number": 70}, {"number": 410}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 253, "title": "(1) DEVELOPMENT PROCESS, STANDARDS, AND TOOLS |CRITICALITY ANALYSIS"}, {"dest": {"list": [{"ref": 524}, {"literal": "XYZ"}, {"number": 70}, {"number": 633}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 254, "title": "SA-22 UNSUPPORTED SYSTEM COMPONENTS"}, {"dest": {"list": [{"ref": 526}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 2, "sub": [], "pageno": 255, "title": "SYSTEMS AND COMMUNICATIONS PROTECTION (SC)"}, {"dest": {"list": [{"ref": 526}, {"literal": "XYZ"}, {"number": 70}, {"number": 611}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 255, "title": "SC-1 POLICY AND PROCEDURES"}, {"dest": {"list": [{"ref": 528}, {"literal": "XYZ"}, {"number": 70}, {"number": 625}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 256, "title": "SC-2 SEPARATION OF SYSTEM AND USER FUNCTIONALITY"}, {"dest": {"list": [{"ref": 528}, {"literal": "XYZ"}, {"number": 70}, {"number": 315}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 256, "title": "SC-4 INFORMATION IN SHARED SYSTEM RESOURCES"}, {"dest": {"list": [{"ref": 530}, {"literal": "XYZ"}, {"number": 70}, {"number": 653}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 257, "title": "SC-5 DENIAL-OF-SERVICE PROTECTION"}, {"dest": {"list": [{"ref": 530}, {"literal": "XYZ"}, {"number": 70}, {"number": 364}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 257, "title": "SC-7 BOUNDARY PROTECTION"}, {"dest": {"list": [{"ref": 532}, {"literal": "XYZ"}, {"number": 70}, {"number": 536}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 258, "title": "(3) BOUNDARY PROTECTION | ACCESS POINTS"}, {"dest": {"list": [{"ref": 532}, {"literal": "XYZ"}, {"number": 70}, {"number": 316}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 258, "title": "(4) BOUNDARY PROTECTION | EXTERNAL TELECOMMUNICATIONS SERVICES"}, {"dest": {"list": [{"ref": 534}, {"literal": "XYZ"}, {"number": 70}, {"number": 578}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 259, "title": "(5) BOUNDARY PROTECTION | DENY BY DEFAULT \u2014 ALLOW BY EXCEPTION"}, {"dest": {"list": [{"ref": 534}, {"literal": "XYZ"}, {"number": 70}, {"number": 385}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 259, "title": "(7) BOUNDARY PROTECTION | SPLIT TUNNELING FOR REMOTE DEVICES"}, {"dest": {"list": [{"ref": 536}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 260, "title": "(8) BOUNDARY PROTECTION | ROUTE TRAFFIC TO AUTHENTICATED PROXY SERVERS"}, {"dest": {"list": [{"ref": 536}, {"literal": "XYZ"}, {"number": 70}, {"number": 429}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 260, "title": "(24) BOUNDARY PROTECTION | PERSONALLY IDENTIFIABLE INFORMATION"}, {"dest": {"list": [{"ref": 536}, {"literal": "XYZ"}, {"number": 70}, {"number": 124}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 260, "title": "SC-8 TRANSMISSION CONFIDENTIALITY AND INTEGRITY"}, {"dest": {"list": [{"ref": 538}, {"literal": "XYZ"}, {"number": 70}, {"number": 256}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 261, "title": "(1) TRANSMISSION CONFIDENTIALITY AND INTEGRITY | CRYPTOGRAPHIC PROTECTION"}, {"dest": {"list": [{"ref": 540}, {"literal": "XYZ"}, {"number": 70}, {"number": 653}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 262, "title": "SC-10 NETWORK DISCONNECT"}, {"dest": {"list": [{"ref": 540}, {"literal": "XYZ"}, {"number": 70}, {"number": 350}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 262, "title": "SC-12 CRYPTOGRAPHIC KEY ESTABLISHMENT AND MANAGEMENT"}, {"dest": {"list": [{"ref": 542}, {"literal": "XYZ"}, {"number": 70}, {"number": 673}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 263, "title": "SC-13 CRYPTOGRAPHIC PROTECTION"}, {"dest": {"list": [{"ref": 542}, {"literal": "XYZ"}, {"number": 70}, {"number": 240}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 263, "title": "SC-15 COLLABORATIVE COMPUTING DEVICES AND APPLICATIONS"}, {"dest": {"list": [{"ref": 544}, {"literal": "XYZ"}, {"number": 70}, {"number": 686}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 264, "title": "SC-17 PUBLIC KEY INFRASTRUCTURE CERTIFICATES"}, {"dest": {"list": [{"ref": 544}, {"literal": "XYZ"}, {"number": 70}, {"number": 425}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 264, "title": "SC-18 MOBILE CODE"}, {"dest": {"list": [{"ref": 546}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 265, "title": "SC-20 SECURE NAME/ADDRESS RESOLUTION SERVICE (AUTHORITATIVE SOURCE)"}, {"dest": {"list": [{"ref": 546}, {"literal": "XYZ"}, {"number": 70}, {"number": 388}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 265, "title": "SC-21 SECURE NAME/ADDRESS RESOLUTION SERVICE (RECURSIVE OR CACHING RESOLVER)"}, {"dest": {"list": [{"ref": 548}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 266, "title": "SC-22 ARCHITECTURE AND PROVISIONING FOR NAME/ADDRESS RESOLUTION SERVICE"}, {"dest": {"list": [{"ref": 548}, {"literal": "XYZ"}, {"number": 70}, {"number": 422}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 266, "title": "SC-23 SESSION AUTHENTICITY"}, {"dest": {"list": [{"ref": 548}, {"literal": "XYZ"}, {"number": 70}, {"number": 222}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 266, "title": "SC-28 PROTECTION OF INFORMATION AT REST"}, {"dest": {"list": [{"ref": 550}, {"literal": "XYZ"}, {"number": 70}, {"number": 215}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 267, "title": "(1) PROTECTION OF INFORMATION AT REST | CRYPTOGRAPHIC PROTECTION"}, {"dest": {"list": [{"ref": 552}, {"literal": "XYZ"}, {"number": 70}, {"number": 611}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 268, "title": "SC-39 PROCESS ISOLATION"}, {"dest": {"list": [{"ref": 556}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 2, "sub": [], "pageno": 270, "title": "SYSTEM AND INFORMATION INTEGRITY (SI)"}, {"dest": {"list": [{"ref": 556}, {"literal": "XYZ"}, {"number": 70}, {"number": 692}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 270, "title": "SI-1 POLICY AND PROCEDURES"}, {"dest": {"list": [{"ref": 558}, {"literal": "XYZ"}, {"number": 70}, {"number": 706}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 271, "title": "SI-2 FLAW REMEDIATION"}, {"dest": {"list": [{"ref": 560}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 272, "title": "(2) FLAW REMEDIATION | AUTOMATED FLAW REMEDIATION STATUS"}, {"dest": {"list": [{"ref": 560}, {"literal": "XYZ"}, {"number": 70}, {"number": 547}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 272, "title": "SI-3 MALICIOUS CODE PROTECTION"}, {"dest": {"list": [{"ref": 562}, {"literal": "XYZ"}, {"number": 70}, {"number": 412}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 273, "title": "SI-4 SYSTEM MONITORING"}, {"dest": {"list": [{"ref": 566}, {"literal": "XYZ"}, {"number": 70}, {"number": 700}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 275, "title": "(2) SYSTEM MONITORING | AUTOMATED TOOLS AND MECHANISMS FOR REAL-TIME ANALYSIS"}, {"dest": {"list": [{"ref": 566}, {"literal": "XYZ"}, {"number": 70}, {"number": 473}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 275, "title": "(4) SYSTEM MONITORING | INBOUND AND OUTBOUND COMMUNICATIONS TRAFFIC"}, {"dest": {"list": [{"ref": 566}, {"literal": "XYZ"}, {"number": 70}, {"number": 190}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 275, "title": "(5) SYSTEM MONITORING | SYSTEM-GENERATED ALERTS"}, {"dest": {"list": [{"ref": 568}, {"literal": "XYZ"}, {"number": 70}, {"number": 542}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 276, "title": "SI-5 SECURITY ALERTS, ADVISORIES, AND DIRECTIVES"}, {"dest": {"list": [{"ref": 568}, {"literal": "XYZ"}, {"number": 70}, {"number": 165}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 276, "title": "SI-7 SOFTWARE, FIRMWARE, AND INFORMATION INTEGRITY"}, {"dest": {"list": [{"ref": 570}, {"literal": "XYZ"}, {"number": 70}, {"number": 463}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 277, "title": "(1) SOFTWARE, FIRMWARE, AND INFORMATION INTEGRITY | INTEGRITY CHECKS"}, {"dest": {"list": [{"ref": 570}, {"literal": "XYZ"}, {"number": 70}, {"number": 290}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 277, "title": "(7) SOFTWARE, FIRMWARE, AND INFORMATION INTEGRITY | INTEGRATION OF DETECTION AND RESPONSE"}, {"dest": {"list": [{"ref": 572}, {"literal": "XYZ"}, {"number": 70}, {"number": 706}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 278, "title": "SI-8 SPAM PROTECTION"}, {"dest": {"list": [{"ref": 572}, {"literal": "XYZ"}, {"number": 70}, {"number": 453}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 278, "title": "(2) SPAM PROTECTION | AUTOMATIC UPDATES"}, {"dest": {"list": [{"ref": 572}, {"literal": "XYZ"}, {"number": 70}, {"number": 308}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 278, "title": "SI-10 INFORMATION INPUT VALIDATION"}, {"dest": {"list": [{"ref": 574}, {"literal": "XYZ"}, {"number": 70}, {"number": 584}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 279, "title": "SI-11 ERROR HANDLING"}, {"dest": {"list": [{"ref": 574}, {"literal": "XYZ"}, {"number": 70}, {"number": 301}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 279, "title": "SI-12 INFORMATION MANAGEMENT AND RETENTION"}, {"dest": {"list": [{"ref": 576}, {"literal": "XYZ"}, {"number": 70}, {"number": 599}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 280, "title": "(1) INFORMATION MANAGEMENT AND RETENTION | LIMIT PERSONALLY IDENTIFIABLE INFORMATION ELEMENTS"}, {"dest": {"list": [{"ref": 576}, {"literal": "XYZ"}, {"number": 70}, {"number": 386}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 280, "title": "(2) INFORMATION MANAGEMENT AND RETENTION | MINIMIZE PERSONALLY IDENTIFIABLE INFORMATION IN TESTING, TRAINING, AND RESEARCH"}, {"dest": {"list": [{"ref": 576}, {"literal": "XYZ"}, {"number": 70}, {"number": 159}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 280, "title": "(3) INFORMATION MANAGEMENT AND RETENTION | INFORMATION DISPOSAL"}, {"dest": {"list": [{"ref": 578}, {"literal": "XYZ"}, {"number": 70}, {"number": 592}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 281, "title": "SI-16 MEMORY PROTECTION"}, {"dest": {"list": [{"ref": 580}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 2, "sub": [], "pageno": 282, "title": "SUPPLY CHAIN RISK MANAGEMENT (SR)"}, {"dest": {"list": [{"ref": 580}, {"literal": "XYZ"}, {"number": 70}, {"number": 686}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 282, "title": "SR-1 POLICY AND PROCEDURES"}, {"dest": {"list": [{"ref": 582}, {"literal": "XYZ"}, {"number": 70}, {"number": 661}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 283, "title": "SR-2 SUPPLY CHAIN RISK MANAGEMENT PLAN"}, {"dest": {"list": [{"ref": 584}, {"literal": "XYZ"}, {"number": 70}, {"number": 592}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 284, "title": "(1) SUPPLY CHAIN RISK MANAGEMENT PLAN | ESTABLISH SCRM TEAM"}, {"dest": {"list": [{"ref": 584}, {"literal": "XYZ"}, {"number": 70}, {"number": 202}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 284, "title": "SR-5 ACQUISITION STRATEGIES, TOOLS, AND METHODS"}, {"dest": {"list": [{"ref": 586}, {"literal": "XYZ"}, {"number": 70}, {"number": 450}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 285, "title": "SR-8 NOTIFICATION AGREEMENTS"}, {"dest": {"list": [{"ref": 586}, {"literal": "XYZ"}, {"number": 70}, {"number": 202}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 285, "title": "SR-10 INSPECTION OF SYSTEMS OR COMPONENTS"}, {"dest": {"list": [{"ref": 588}, {"literal": "XYZ"}, {"number": 70}, {"number": 615}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 286, "title": "SR-12 COMPONENT DISPOSAL"}, {"dest": {"list": [{"ref": 590}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 2, "sub": [], "pageno": 287, "title": "5.20 Policy Area 20: Mobile Devices"}, {"dest": {"list": [{"ref": 590}, {"literal": "XYZ"}, {"number": 70}, {"number": 550}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 287, "title": "5.20.1 Wireless Communications Technologies"}, {"dest": {"list": [{"ref": 590}, {"literal": "XYZ"}, {"number": 70}, {"number": 449}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 287, "title": "5.20.1.1 802.11 Wireless Protocols"}, {"dest": {"list": [{"ref": 592}, {"literal": "XYZ"}, {"number": 70}, {"number": 390}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 288, "title": "5.20.1.2 Cellular Devices"}, {"dest": {"list": [{"ref": 594}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 5, "sub": [], "pageno": 289, "title": "5.20.1.2.1 Cellular Service Abroad"}, {"dest": {"list": [{"ref": 594}, {"literal": "XYZ"}, {"number": 70}, {"number": 605}, {"number": 0.0}], "size": 5}, "level": 5, "sub": [], "pageno": 289, "title": "5.20.1.2.2 Voice Transmissions Over Cellular Devices"}, {"dest": {"list": [{"ref": 594}, {"literal": "XYZ"}, {"number": 70}, {"number": 547}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 289, "title": "5.20.1.3 Bluetooth"}, {"dest": {"list": [{"ref": 594}, {"literal": "XYZ"}, {"number": 70}, {"number": 366}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 289, "title": "5.20.1.4 Mobile Hotspots"}, {"dest": {"list": [{"ref": 596}, {"literal": "XYZ"}, {"number": 70}, {"number": 680}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 290, "title": "5.20.2 Mobile Device Management (MDM)"}, {"dest": {"list": [{"ref": 596}, {"literal": "XYZ"}, {"number": 70}, {"number": 183}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 290, "title": "5.20.3 Wireless Device Risk Mitigations"}, {"dest": {"list": [{"ref": 598}, {"literal": "XYZ"}, {"number": 70}, {"number": 552}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 291, "title": "5.20.4 System Integrity"}, {"dest": {"list": [{"ref": 598}, {"literal": "XYZ"}, {"number": 70}, {"number": 451}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 291, "title": "5.20.4.1 Patching/Updates"}, {"dest": {"list": [{"ref": 598}, {"literal": "XYZ"}, {"number": 70}, {"number": 346}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 291, "title": "5.20.4.2 Malicious Code Protection"}, {"dest": {"list": [{"ref": 598}, {"literal": "XYZ"}, {"number": 70}, {"number": 212}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 291, "title": "5.20.4.3 Personal Firewall"}, {"dest": {"list": [{"ref": 600}, {"literal": "XYZ"}, {"number": 70}, {"number": 577}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 292, "title": "5.20.5 Incident Response"}, {"dest": {"list": [{"ref": 600}, {"literal": "XYZ"}, {"number": 70}, {"number": 298}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 292, "title": "5.20.6 Access Control"}, {"dest": {"list": [{"ref": 600}, {"literal": "XYZ"}, {"number": 70}, {"number": 225}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 292, "title": "5.20.7 Identification and Authentication"}, {"dest": {"list": [{"ref": 600}, {"literal": "XYZ"}, {"number": 70}, {"number": 165}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 292, "title": "5.20.7.1 Local Device Authentication"}, {"dest": {"list": [{"ref": 602}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 293, "title": "5.20.7.2 Advanced Authentication"}, {"dest": {"list": [{"ref": 602}, {"literal": "XYZ"}, {"number": 70}, {"number": 654}, {"number": 0.0}], "size": 5}, "level": 5, "sub": [], "pageno": 293, "title": "5.20.7.2.1 Compensating Controls"}, {"dest": {"list": [{"ref": 602}, {"literal": "XYZ"}, {"number": 70}, {"number": 268}, {"number": 0.0}], "size": 5}, "level": 4, "sub": [], "pageno": 293, "title": "5.20.7.3 Device Certificates"}, {"dest": {"list": [{"ref": 604}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 1, "sub": [], "pageno": 294, "title": "Appendices"}, {"dest": {"list": [{"ref": 606}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 2, "sub": [], "pageno": 295, "title": "APPENDIX A: TERMS AND DEFINITIONS"}, {"dest": {"list": [{"ref": 641}, {"literal": "XYZ"}, {"number": 70}, {"number": 727}, {"number": 0.0}], "size": 5}, "level": 2, "sub": [], "pageno": 312, "title": "APPENDIX B: ACRONYMS"}, {"dest": {"list": [{"ref": 649}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 2, "sub": [], "pageno": 316, "title": "APPENDIX C: NETWORK TOPOLOGY DIAGRAMS"}, {"dest": {"list": [{"ref": 665}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 2, "sub": [], "pageno": 322, "title": "APPENDIX D: SAMPLE INFORMATION EXCHANGE AGREEMENTS"}, {"dest": {"list": [{"ref": 667}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 323, "title": "D.1 CJIS User Agreement"}, {"dest": {"list": [{"ref": 693}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 336, "title": "D.2 Management Control Agreement"}, {"dest": {"list": [{"ref": 695}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 337, "title": "D.3 Noncriminal Justice Agency Agreement & Memorandum of Understanding"}, {"dest": {"list": [{"ref": 705}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 342, "title": "D.4 Interagency Connection Agreement"}, {"dest": {"list": [{"ref": 717}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 2, "sub": [], "pageno": 348, "title": "APPENDIX E: SECURITY FORUMS AND ORGANIZATIONAL ENTITIES"}, {"dest": {"list": [{"ref": 719}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 2, "sub": [], "pageno": 349, "title": "APPENDIX F: SAMPLE FORMS"}, {"dest": {"list": [{"ref": 721}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 350, "title": "F.1 Security Incident Response Form"}, {"dest": {"list": [{"ref": 724}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 2, "sub": [], "pageno": 351, "title": "APPENDIX G: BEST PRACTICES"}, {"dest": {"list": [{"ref": 726}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 352, "title": "G.1 Virtualization"}, {"dest": {"list": [{"ref": 734}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 355, "title": "G.2 Voice over Internet Protocol"}, {"dest": {"list": [{"ref": 756}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 366, "title": "G.3 Cloud Computing"}, {"dest": {"list": [{"ref": 795}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 383, "title": "G.4 Mobile Appendix"}, {"dest": {"list": [{"ref": 837}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 404, "title": "G.5 Administrator Accounts for Least Privilege and Separation of Duties"}, {"dest": {"list": [{"ref": 863}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 417, "title": "G.6 Encryption"}, {"dest": {"list": [{"ref": 886}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 427, "title": "G.7 Incident Response"}, {"dest": {"list": [{"ref": 913}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 3, "sub": [], "pageno": 440, "title": "G.8 Secure Coding"}, {"dest": {"list": [{"ref": 940}, {"literal": "XYZ"}, {"number": 70}, {"number": 745}, {"number": 0.0}], "size": 5}, "level": 2, "sub": [], "pageno": 449, "title": "APPENDIX H: SECURITY ADDENDUM"}, {"dest": {"list": [{"ref": 956}, {"literal": "XYZ"}, {"number": 70}, {"number": 720}, {"number": 0.0}], "size": 5}, "level": 2, "sub": [], "pageno": 457, "title": "APPENDIX I: REFERENCES"}]
{}
