Barriers Library
Reusable barriers — prevention barriers sit on threat paths, mitigation barriers on consequence paths.
Add Barrier
Tags:
clear tags
25 barriers — page 1 of 1
| Name | Type | Category | Tags | Description | |
|---|---|---|---|---|---|
| Use of Cryptography | prevention | Data Confidentiality | Apply cryptographic controls to protect the confidentiality and integrity of information at rest and… | Edit | |
| SR 1.1 – Human User Identification and Authentication | prevention | Identification and Authentication Control | The system shall identify and authenticate all human users. This requirement applies to all interfac… | Edit | |
| SR 1.13 – Access via Untrusted Networks | prevention | Identification and Authentication Control | The system shall monitor and control all access to the control system via untrusted networks. Remote… | Edit | |
| SR 1.2 – Software Process and Device Identification and Authentication | prevention | Identification and Authentication Control | The system shall identify and authenticate all software processes and devices that attempt to access… | Edit | |
| SR 1.3 – Account Management | prevention | Identification and Authentication Control | The system shall support the management of accounts including creation, modification, disabling, and… | Edit | |
| SR 1.4 – Identifier Management | prevention | Identification and Authentication Control | The system shall support and enforce identifier management policies, including unique identifiers pe… | Edit | |
| SR 1.5 – Authenticator Management | prevention | Identification and Authentication Control | The system shall enforce authenticator management practices including initial generation, distributi… | Edit | |
| SR 1.7 – Strength of Password-Based Authentication | prevention | Identification and Authentication Control | The system shall enforce minimum password strength requirements such as length, complexity, and hist… | Edit | |
| Information and System Backup | mitigation | Resource Availability | Take regular backups of data, software, and system images in accordance with an agreed backup policy… | Edit | |
| SR 7.1 – Denial of Service Protection | prevention | Resource Availability | The system shall protect against denial of service (DoS) attacks that could degrade or interrupt the… | Edit | |
| SR 7.2 – Resource Management | prevention | Resource Availability | The system shall manage the use of resources including processor capacity, memory, storage, and netw… | Edit | |
| SR 7.4 – Control System Recovery and Reconstitution | mitigation | Resource Availability | The system shall provide the capability to recover and reconstitute the control system to a known se… | Edit | |
| SR 7.5 – Emergency Power | mitigation | Resource Availability | The system shall provide an emergency power supply to ensure continued operation of critical control… | Edit | |
| SR 7.6 – Network and Security Configuration Settings | prevention | Resource Availability | The system shall manage network and security configuration settings to maintain a known, secure base… | Edit | |
| SR 7.7 – Least Functionality | prevention | Resource Availability | The system shall be configured to provide only the functions, ports, protocols, and services require… | Edit | |
| Network Segmentation | prevention | Restricted Data Flow | Partition networks into security zones according to information classification, function, and trust … | Edit | |
| SR 5.2 – Zone Boundary Protection | prevention | Restricted Data Flow | The system shall monitor and control communications at the boundaries between security zones. All tr… | Edit | |
| SR 3.1 – Communication Integrity | prevention | System Integrity | The system shall protect the integrity of transmitted information to prevent unauthorized modificati… | Edit | |
| SR 3.3 – Security Functionality Verification | prevention | System Integrity | The system shall provide the capability to verify the correct operation of security functions on dem… | Edit | |
| SR 3.4 – Software and Information Integrity | prevention | System Integrity | The system shall employ integrity verification mechanisms to detect unauthorized changes to software… | Edit | |
| SR 6.1 – Audit Log Accessibility | mitigation | Timely Response to Events | The system shall ensure that audit logs are available to authorized personnel in a timely manner. Ac… | Edit | |
| SR 2.1 – Authorization Enforcement | prevention | Use Control | The system shall enforce assigned authorizations for all users and processes, controlling access to … | Edit | |
| SR 2.11 – Timestamps | prevention | Use Control | The system shall provide reliable, consistent timestamps for audit record generation. Timestamps sha… | Edit | |
| SR 2.8 – Auditable Events | prevention | Use Control | The system shall generate audit records for defined auditable events including login attempts, acces… | Edit | |
| SR 2.9 – Audit Storage Capacity | prevention | Use Control | The system shall allocate sufficient audit record storage capacity and generate alerts when storage … | Edit |