DOD Instruction 8500.2 Full Control List

Click on a control to view detailed information.

Low Impact

Medium Impact

High Impact

Quick Actions

We’re continuing to improve Stigviewer… If you’d like to help shape new features, click here .

Featured Partners

Web page built by Cyber Protection Services

Check out our new AI‑powered GRC tool here .

Compliance Dictionary

Standardizes and unifies compliance terms.

Number	Title	Impact	Subject Area
COAS-1	Alternate Site Designation	Medium	Continuity
COAS-2	Alternate Site Designation	High	Continuity
COBR-1	Protection of Backup and Restoration Assets	High	Continuity
CODB-1	Data Backup Procedures	Low	Continuity
CODB-2	Data Backup Procedures	Medium	Continuity
CODB-3	Data Backup Procedures	Medium	Continuity
CODP-1	Disaster and Recovery Planning	Low	Continuity
CODP-2	Disaster and Recovery Planning	Medium	Continuity
CODP-3	Disaster and Recovery Planning	Medium	Continuity
COEB-1	Enclave Boundary Defense	Medium	Continuity
COEB-2	Enclave Boundary Defense	High	Continuity
COED-1	Scheduled Exercises and Drills	Low	Continuity
COED-2	Scheduled Exercises and Drills	Medium	Continuity
COEF-1	Identification of Essential Functions	Low	Continuity
COEF-2	Identification of Essential Functions	Medium	Continuity
COMS-1	Maintenance Support	Low	Continuity
COMS-2	Maintenance Support	Medium	Continuity
COPS-1	Power Supply	Low	Continuity
COPS-2	Power Supply	Medium	Continuity
COPS-3	Power Supply	Medium	Continuity
COSP-1	Spares and Parts	Low	Continuity
COSP-2	Spares and Parts	Medium	Continuity
COSW-1	Backup Copies of Critical SW	High	Continuity
COTR-1	Trusted Recovery	High	Continuity
DCAR-1	Procedural Review	Medium	Security Design and Configuration
DCAS-1	Acquisition Standards	High	Security Design and Configuration
DCBP-1	Best Security Practices	Medium	Security Design and Configuration
DCCB-1	Control Board	Low	Security Design and Configuration
DCCB-2	Control Board	Medium	Security Design and Configuration
DCCS-1	Configuration Specifications	High	Security Design and Configuration
DCCS-2	Configuration Specifications	High	Security Design and Configuration
DCCT-1	Compliance Testing	Medium	Security Design and Configuration
DCDS-1	Dedicated IA Services	Medium	Security Design and Configuration
DCFA-1	Functional Architecture for AIS Applications	Medium	Security Design and Configuration
DCHW-1	HW Baseline	High	Security Design and Configuration
DCID-1	Interconnection Documentation	High	Security Design and Configuration
DCII-1	IA Impact Assessment	Medium	Security Design and Configuration
DCIT-1	IA for IT Services	High	Security Design and Configuration
DCMC-1	Mobile Code	Medium	Security Design and Configuration
DCNR-1	Non-repudiation	Medium	Security Design and Configuration
DCPA-1	Partitioning the Application	Low	Security Design and Configuration
DCPB-1	IA Program and Budget	High	Security Design and Configuration
DCPD-1	Public Domain Software Controls	Medium	Security Design and Configuration
DCPP-1	Ports, Protocols, and Services	Medium	Security Design and Configuration
DCPR-1	CM Process	High	Security Design and Configuration
DCSD-1	IA Documentation	High	Security Design and Configuration
DCSL-1	System Library Management Controls	Medium	Security Design and Configuration
DCSP-1	Security Support Structure Partitioning	Medium	Security Design and Configuration
DCSQ-1	Software Quality	Medium	Security Design and Configuration
DCSR-1	Specified Robustness - Basic	High	Security Design and Configuration
DCSR-2	Specified Robustness - Medium	High	Security Design and Configuration
DCSR-3	Specified Robustness – High	High	Security Design and Configuration
DCSS-1	System State Changes	High	Security Design and Configuration
DCSS-2	System State Changes	High	Security Design and Configuration
DCSW-1	SW Baseline	High	Security Design and Configuration
EBBD-1	Boundary Defense	Low	Enclave Boundary Defense
EBBD-2	Boundary Defense	Medium	Enclave Boundary Defense
EBBD-3	Boundary Defense	High	Enclave Boundary Defense
EBCR-1	Connection Rules	Medium	Enclave Boundary Defense
EBPW-1	Public WAN Connection	High	Enclave Boundary Defense
EBRP-1	Remote Access for Privileged Functions	High	Enclave Boundary Defense
EBRU-1	Remote Access for User Functions	High	Enclave Boundary Defense
EBVC-1	VPN Controls	Medium	Enclave Boundary Defense
ECAD-1	Affiliation Display	Medium	Enclave Computing Environment
ECAN-1	Access for Need-to-Know	High	Enclave Computing Environment
ECAR-1	Audit Record Content – Public Systems	Low	Enclave Computing Environment
ECAR-2	Audit Record Content – Sensitive Systems	Medium	Enclave Computing Environment
ECAR-3	Audit Record Content – Classified Systems	High	Enclave Computing Environment
ECAT-1	Audit Trail, Monitoring, Analysis and Reporting	Low	Enclave Computing Environment
ECAT-2	Audit Trail, Monitoring, Analysis and Reporting	Medium	Enclave Computing Environment
ECCD-1	Changes to Data	Medium	Enclave Computing Environment
ECCD-2	Changes to Data	High	Enclave Computing Environment
ECCM-1	COMSEC	High	Enclave Computing Environment
ECCR-1	Encryption for Confidentiality (Data at Rest)	Low	Enclave Computing Environment
ECCR-2	Encryption for Confidentiality (Data at Rest)	Medium	Enclave Computing Environment
ECCR-3	Encryption for Confidentiality (Data at Rest)	High	Enclave Computing Environment
ECCT-1	Encryption for Confidentiality (Data at Transmit)	Medium	Enclave Computing Environment
ECCT-2	Encryption for Confidentiality (Data at Transmit)	High	Enclave Computing Environment
ECDC-1	Data Change Controls	Medium	Enclave Computing Environment
ECIC-1	Interconnections among DoD Systems and Enclaves	Medium	Enclave Computing Environment
ECID-1	Host Based IDS	Medium	Enclave Computing Environment
ECIM-1	Instant Messaging	Medium	Enclave Computing Environment
ECLC-1	Audit of Security Label Changes	Low	Enclave Computing Environment
ECLO-1	Logon	Medium	Enclave Computing Environment
ECLO-2	Logon	Medium	Enclave Computing Environment
ECLP-1	Least Privilege	High	Enclave Computing Environment
ECML-1	Marking and Labeling	High	Enclave Computing Environment
ECMT-1	Conformance Monitoring and Testing	Low	Enclave Computing Environment
ECMT-2	Conformance Monitoring and Testing	Medium	Enclave Computing Environment
ECND-1	Network Device Controls	Low	Enclave Computing Environment
ECND-2	Network Device Controls	Medium	Enclave Computing Environment
ECNK-1	Encryption for Need-To-Know	Medium	Enclave Computing Environment
ECNK-2	Encryption for Need-To-Know	Medium	Enclave Computing Environment
ECPA-1	Privileged Account Control	High	Enclave Computing Environment
ECPC-1	Production Code Change Controls	Medium	Enclave Computing Environment
ECPC-2	Production Code Change Controls	Medium	Enclave Computing Environment
ECRC-1	Resource Control	Medium	Enclave Computing Environment
ECRG-1	Audit Reduction and Report Generation	Low	Enclave Computing Environment
ECRR-1	Audit Record Retention	Medium	Enclave Computing Environment
ECSC-1	Security Configuration Compliance	High	Enclave Computing Environment
ECSD-1	Software Development Change Controls	Medium	Enclave Computing Environment
ECSD-2	Software Development Change Controls	High	Enclave Computing Environment
ECTB-1	Audit Trail Backup	Medium	Enclave Computing Environment
ECTC-1	Tempest Controls	High	Enclave Computing Environment
ECTM-1	Transmission Integrity Controls	Medium	Enclave Computing Environment
ECTM-2	Transmission Integrity Controls	Medium	Enclave Computing Environment
ECTP-1	Audit Trail Protection	Medium	Enclave Computing Environment
ECVI-1	Voice-over-IP (VoIP) Protection	Medium	Enclave Computing Environment
ECVP-1	Virus Protection	High	Enclave Computing Environment
ECWM-1	Warning Message	Low	Enclave Computing Environment
ECWN-1	Wireless Computing and Network	High	Enclave Computing Environment
IAAC-1	Account Control	High	Identification and Authentication
IAGA-1	Group Authentication	Medium	Identification and Authentication
IAIA-1	Individual Identification and Authentication	High	Identification and Authentication
IAIA-2	Individual Identification and Authentication	High	Identification and Authentication
IAKM-1	Key Management	Medium	Identification and Authentication
IAKM-2	Key Management	Medium	Identification and Authentication
IAKM-3	Key Management	Medium	Identification and Authentication
IATS-1	Token and Certificate Standards	Medium	Identification and Authentication
IATS-2	Token and Certificate Standards	Medium	Identification and Authentication
PECF-1	Access to Computing Facilities	High	Physical and Environmental
PECF-2	Access to Computing Facilities	High	Physical and Environmental
PECS-1	Clearing and Sanitizing	High	Physical and Environmental
PECS-2	Clearing and Sanitizing	High	Physical and Environmental
PEDD-1	Destruction	High	Physical and Environmental
PEDI-1	Data Interception	High	Physical and Environmental
PEEL-1	Emergency Lighting	Low	Physical and Environmental
PEEL-2	Emergency Lighting	Medium	Physical and Environmental
PEFD-1	Fire Detection	High	Physical and Environmental
PEFD-2	Fire Detection	High	Physical and Environmental
PEFI-1	Fire Inspection	Medium	Physical and Environmental
PEFS-1	Fire Suppression	Medium	Physical and Environmental
PEFS-2	Fire Suppression	High	Physical and Environmental
PEHC-1	Humidity Controls	Medium	Physical and Environmental
PEHC-2	Humidity Controls	Medium	Physical and Environmental
PEMS-1	Master Power Switch	High	Physical and Environmental
PEPF-1	Physical Protection of Facilities	High	Physical and Environmental
PEPF-2	Physical Protection of Facilities	High	Physical and Environmental
PEPS-1	Physical Security Testing	Low	Physical and Environmental
PESL-1	Screen Lock	Medium	Physical and Environmental
PESP-1	Workplace Security Procedures	Medium	Physical and Environmental
PESS-1	Storage	High	Physical and Environmental
PETC-1	Temperature Controls	Low	Physical and Environmental
PETC-2	Temperature Controls	Medium	Physical and Environmental
PETN-1	Environmental Control Training	Low	Physical and Environmental
PEVC-1	Visitor Control to Computing Facilities	High	Physical and Environmental
PEVR-1	Voltage Regulators	High	Physical and Environmental
PRAS-1	Access to Information	High	Personnel
PRAS-2	Access to Information	High	Personnel
PRMP-1	Maintenance Personnel	High	Personnel
PRMP-2	Maintenance Personnel	High	Personnel
PRNK-1	Access to Need-to-Know Information	High	Personnel
PRRB-1	Security Rules of Behavior or Acceptable Use Policy	High	Personnel
PRTN-1	Information Assurance Training	High	Personnel
VIIR-1	Incident Response Planning	Medium	Vulnerability and Incident Management
VIIR-2	Incident Response Planning	High	Vulnerability and Incident Management
VIVM-1	Vulnerability Management	Medium	Vulnerability and Incident Management

STIG VIEWER

DOD Instruction 8500.2 Full Control List

Compliance Dictionary

Subscribe To Our Newsletter

Join our newsletter and stay up-to-date on STIGs.