AC-1 0.2.0 2020/08/13 false true false Guidance here. 1 2 3 false Control impact higher than lowest control enhancement impact. Control Enhancement impact lower than control impact. CM-7(4) impact as high or higher than CM-7(5) impact. Blacklisting and whitelisting cannot be applied simultaneously, and whitelisting is more restrictive than blacklisting. Control Enhancement must have LOW, MODERATE, or HIGH impact if adding supplemental guidance. Cross-reference to Control Enhancement without added supplemental guidance. Controls from all families ACCESS CONTROL Rationale here. ACCESS CONTROL POLICY AND PROCEDURES 1 false Selected Selected Selected Guidance here.

needle and thread image Baseline Tailor Version User Guide (PDF) | License | Security Content and Tools

Preferences Change user preferences.
needle and thread Security Control Editor tab:
factory NIST SP 800-82 (Revision 2) Industrial Control Systems overlay:
OK Accept selections.

Security Control Editor Cyber Framework Browser Cross References Framework Profile
Framework core function:


Remove subcategory from the Framework Profile. Add subcategory to the Framework Profile.

Informative References to NIST SP 800-53:

family Open security control family in a new browser tab.
Open security control definition in a new browser tab. factory Open NIST SP 800-82 ICS Overlay tailoring for security control definition in a new browser tab. link Show Framework Core subcategories referencing . needle and thread Tailor security control.
Open security control catalog in a new browser tab. (except )
Check/uncheck the subcategory box to add to or remove the subcategory from the profile. Click the subcategory button to show its Framework Core information.
XML representation:
Baselines: LOW 1 MOD 2 HIGH 3 N/A 4 Defaults Check LOW, MODERATE, and HIGH boxes. Restrict controls to Framework Profile informative references:

Control family:


Framework Core Subcategories Referencing Show Framework Core subcategories referencing .

Control Enhancement Name
Open security control definition in a new browser tab. factory Open NIST SP 800-82 ICS Overlay tailoring for security control definition in a new browser tab.
( )
LOW 1 MOD 2 HIGH 3 N/A 4
LOW 1 MOD 2 HIGH 3 N/A 4
NO false YES true
XML representation:
Additional Supplemental Guidance:
Control Enhancement ( ) Additional Supplemental Guidance:
Rationale for changing the baseline:
Framework Core subcategories referencing control :
Show Framework Core definition.

PLEASE NOTE: This is an experimental website. NIST does not endorse the views expressed, or necessarily concur with the information presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. All the material on this website is in the public domain and is intended for unrestricted use by interested parties, including any text, diagrams, or images, unless indicated explicitly.

This website represents components defined in the NIST Framework for Improving Critical Infrastructure Cybersecurity and security controls and associated assessment procedures defined in NIST SP 800-53 Revision 4 Recommended Security Controls for Federal Information Systems and Organizations. For any discrepancies noted in the content between this website and the latest published NIST Cybersecurity Framework or Special Publication SP 800-53 Revision 4, please defer to the official published documents that are posted on

Certain commercial equipment, instruments, materials, systems, software, and trade names may be identified throughout this site in order to specify or identify technologies adequately. Such identification is not intended to imply recommendation or endorsement by NIST or any other party, nor is it intended to imply that the systems or products identified are necessarily the best available for the purpose. All data and other information posted on this site is provided as a public service and is provided 'AS IS.' NIST MAKES NO WARRANTY OF ANY KIND, EXPRESS, IMPLIED OR STATUTORY, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT AND DATA ACCURACY.

By selecting external links, you will be leaving NIST webspace. Links to other websites are provided because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose.

Privacy Policy | Security Notice | Accessibility Statement | Send feedback