Barriers Library
Reusable barriers — prevention barriers sit on threat paths, mitigation barriers on consequence paths.
Add Barrier
Tags:
clear tags
51 barriers — page 1 of 2
| Name | Type | Category | Tags | Description | |
|---|---|---|---|---|---|
| SR 4.1 – Information Confidentiality | prevention | Data Confidentiality | The system shall protect the confidentiality of information at rest and in transit. Confidentiality … | Edit | |
| SR 4.2 – Information Persistence | prevention | Data Confidentiality | The system shall protect information from unauthorized access via reuse of storage resources. Residu… | Edit | |
| Use of Cryptography | prevention | Data Confidentiality | Apply cryptographic controls to protect the confidentiality and integrity of information at rest and… | Edit | |
| SR 1.1 – Human User Identification and Authentication | prevention | Identification and Authentication Control | The system shall identify and authenticate all human users. This requirement applies to all interfac… | Edit | |
| SR 1.10 – Authenticator Feedback | prevention | Identification and Authentication Control | The system shall obscure feedback of authentication information during the authentication process to… | Edit | |
| SR 1.11 – Unsuccessful Login Attempts | prevention | Identification and Authentication Control | The system shall enforce a limit on consecutive unsuccessful login attempts and apply a response suc… | Edit | |
| SR 1.12 – System Use Notification | prevention | Identification and Authentication Control | The system shall display an approved system use notification message before granting access, providi… | Edit | |
| SR 1.13 – Access via Untrusted Networks | prevention | Identification and Authentication Control | The system shall monitor and control all access to the control system via untrusted networks. Remote… | Edit | |
| SR 1.2 – Software Process and Device Identification and Authentication | prevention | Identification and Authentication Control | The system shall identify and authenticate all software processes and devices that attempt to access… | Edit | |
| SR 1.3 – Account Management | prevention | Identification and Authentication Control | The system shall support the management of accounts including creation, modification, disabling, and… | Edit | |
| SR 1.4 – Identifier Management | prevention | Identification and Authentication Control | The system shall support and enforce identifier management policies, including unique identifiers pe… | Edit | |
| SR 1.5 – Authenticator Management | prevention | Identification and Authentication Control | The system shall enforce authenticator management practices including initial generation, distributi… | Edit | |
| SR 1.6 – Wireless Access Management | prevention | Identification and Authentication Control | The system shall identify and authenticate wireless access to the control system using recognized go… | Edit | |
| SR 1.7 – Strength of Password-Based Authentication | prevention | Identification and Authentication Control | The system shall enforce minimum password strength requirements such as length, complexity, and hist… | Edit | |
| SR 1.8 – Public Key Infrastructure Certificates | prevention | Identification and Authentication Control | The system shall implement and maintain a PKI for issuing, validating, revoking, and renewing digita… | Edit | |
| SR 1.9 – Strength of Public Key Authentication | prevention | Identification and Authentication Control | The system shall use public key authentication mechanisms with sufficient cryptographic strength. Ke… | Edit | |
| Asset Inventory | prevention | Resource Availability | Maintain an accurate, up-to-date inventory of all information assets and associated systems, includi… | Edit | |
| Information and System Backup | mitigation | Resource Availability | Take regular backups of data, software, and system images in accordance with an agreed backup policy… | Edit | |
| SR 7.1 – Denial of Service Protection | prevention | Resource Availability | The system shall protect against denial of service (DoS) attacks that could degrade or interrupt the… | Edit | |
| SR 7.2 – Resource Management | prevention | Resource Availability | The system shall manage the use of resources including processor capacity, memory, storage, and netw… | Edit | |
| SR 7.4 – Control System Recovery and Reconstitution | mitigation | Resource Availability | The system shall provide the capability to recover and reconstitute the control system to a known se… | Edit | |
| SR 7.5 – Emergency Power | mitigation | Resource Availability | The system shall provide an emergency power supply to ensure continued operation of critical control… | Edit | |
| SR 7.6 – Network and Security Configuration Settings | prevention | Resource Availability | The system shall manage network and security configuration settings to maintain a known, secure base… | Edit | |
| SR 7.7 – Least Functionality | prevention | Resource Availability | The system shall be configured to provide only the functions, ports, protocols, and services require… | Edit | |
| Network Segmentation | prevention | Restricted Data Flow | Partition networks into security zones according to information classification, function, and trust … | Edit | |
| SR 5.2 – Zone Boundary Protection | prevention | Restricted Data Flow | The system shall monitor and control communications at the boundaries between security zones. All tr… | Edit | |
| SR 5.3 – General Purpose Person-to-Person Communication Restrictions | prevention | Restricted Data Flow | The system shall restrict use of general purpose communication services such as email, instant messa… | Edit | |
| SR 5.4 – Application Partitioning | prevention | Restricted Data Flow | The system shall separate user and control functionality and partition applications in accordance wi… | Edit | |
| Malware / Malicious Code Protection | prevention | System Integrity | Employ protection mechanisms against malware at all relevant entry and exit points, including endpoi… | Edit | |
| SR 3.1 – Communication Integrity | prevention | System Integrity | The system shall protect the integrity of transmitted information to prevent unauthorized modificati… | Edit | |
| SR 3.3 – Security Functionality Verification | prevention | System Integrity | The system shall provide the capability to verify the correct operation of security functions on dem… | Edit | |
| SR 3.4 – Software and Information Integrity | prevention | System Integrity | The system shall employ integrity verification mechanisms to detect unauthorized changes to software… | Edit | |
| SR 3.5 – Input Validation | prevention | System Integrity | The system shall validate the syntax and semantics of inputs to prevent injection attacks and proces… | Edit | |
| SR 3.6 – Deterministic Output | prevention | System Integrity | The system shall produce deterministic output in response to inputs and provide appropriate handling… | Edit | |
| SR 3.7 – Error Handling | prevention | System Integrity | The system shall handle error conditions in a manner that does not generate information useful to an… | Edit | |
| SR 3.8 – Session Integrity | prevention | System Integrity | The system shall protect the integrity of sessions against hijacking and eavesdropping. Session toke… | Edit | |
| SR 3.9 – Protection of Audit Information | prevention | System Integrity | The system shall protect audit information and tools from unauthorized access, modification, and del… | Edit | |
| SR 6.1 – Audit Log Accessibility | mitigation | Timely Response to Events | The system shall ensure that audit logs are available to authorized personnel in a timely manner. Ac… | Edit | |
| SR 6.2 – Continuous Monitoring | mitigation | Timely Response to Events | The system shall implement continuous monitoring of security events across the control system enviro… | Edit | |
| SR 2.1 – Authorization Enforcement | prevention | Use Control | The system shall enforce assigned authorizations for all users and processes, controlling access to … | Edit | |
| SR 2.10 – Response to Audit Processing Failures | mitigation | Use Control | The system shall alert relevant personnel and take defined actions in the event that audit processin… | Edit | |
| SR 2.11 – Timestamps | prevention | Use Control | The system shall provide reliable, consistent timestamps for audit record generation. Timestamps sha… | Edit | |
| SR 2.12 – Non-Repudiation | prevention | Use Control | The system shall provide the capability to ensure that actions taken by users or processes cannot be… | Edit | |
| SR 2.2 – Wireless Use Control | prevention | Use Control | The system shall authorize, monitor, and control the use of wireless technologies including Wi-Fi, B… | Edit | |
| SR 2.3 – Use Control for Portable and Mobile Devices | prevention | Use Control | The system shall authorize, monitor, and control the use of portable and mobile devices such as USB … | Edit | |
| SR 2.4 – Mobile Code | prevention | Use Control | The system shall authorize, monitor, and control the use of mobile code (e.g., scripts, macros, appl… | Edit | |
| SR 2.5 – Session Lock | prevention | Use Control | The system shall implement a session lock after a configurable period of inactivity, requiring re-au… | Edit | |
| SR 2.6 – Remote Session Termination | prevention | Use Control | The system shall provide the capability to terminate remote sessions after a defined period of inact… | Edit | |
| SR 2.7 – Concurrent Session Control | prevention | Use Control | The system shall enforce a limit on the number of concurrent sessions for each user account or devic… | Edit | |
| SR 2.8 – Auditable Events | prevention | Use Control | The system shall generate audit records for defined auditable events including login attempts, acces… | Edit |