UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

DOD Instruction 8500.2 Full Control List

Num. Title Impact
COAS-1 Alternate Site Designation Medium
COAS-2 Alternate Site Designation High
COBR-1 Protection of Backup and Restoration Assets High
CODB-1 Data Backup Procedures Low
CODB-2 Data Backup Procedures Medium
CODB-3 Data Backup Procedures Medium
CODP-1 Disaster and Recovery Planning Low
CODP-2 Disaster and Recovery Planning Medium
CODP-3 Disaster and Recovery Planning Medium
COEB-1 Enclave Boundary Defense Medium
COEB-2 Enclave Boundary Defense High
COED-1 Scheduled Exercises and Drills Low
COED-2 Scheduled Exercises and Drills Medium
COEF-1 Identification of Essential Functions Low
COEF-2 Identification of Essential Functions Medium
COMS-1 Maintenance Support Low
COMS-2 Maintenance Support Medium
COPS-1 Power Supply Low
COPS-2 Power Supply Medium
COPS-3 Power Supply Medium
COSP-1 Spares and Parts Low
COSP-2 Spares and Parts Medium
COSW-1 Backup Copies of Critical SW High
COTR-1 Trusted Recovery High
DCAR-1 Procedural Review Medium
DCAS-1 Acquisition Standards High
DCBP-1 Best Security Practices Medium
DCCB-1 Control Board Low
DCCB-2 Control Board Medium
DCCS-1 Configuration Specifications High
DCCS-2 Configuration Specifications High
DCCT-1 Compliance Testing Medium
DCDS-1 Dedicated IA Services Medium
DCFA-1 Functional Architecture for AIS Applications Medium
DCHW-1 HW Baseline High
DCID-1 Interconnection Documentation High
DCII-1 IA Impact Assessment Medium
DCIT-1 IA for IT Services High
DCMC-1 Mobile Code Medium
DCNR-1 Non-repudiation Medium
DCPA-1 Partitioning the Application Low
DCPB-1 IA Program and Budget High
DCPD-1 Public Domain Software Controls Medium
DCPP-1 Ports, Protocols, and Services Medium
DCPR-1 CM Process High
DCSD-1 IA Documentation High
DCSL-1 System Library Management Controls Medium
DCSP-1 Security Support Structure Partitioning Medium
DCSQ-1 Software Quality Medium
DCSR-1 Specified Robustness - Basic High
DCSR-2 Specified Robustness - Medium High
DCSR-3 Specified Robustness – High High
DCSS-1 System State Changes High
DCSS-2 System State Changes High
DCSW-1 SW Baseline High
EBBD-1 Boundary Defense Low
EBBD-2 Boundary Defense Medium
EBBD-3 Boundary Defense High
EBCR-1 Connection Rules Medium
EBPW-1 Public WAN Connection High
EBRP-1 Remote Access for Privileged Functions High
EBRU-1 Remote Access for User Functions High
EBVC-1 VPN Controls Medium
ECAD-1 Affiliation Display Medium
ECAN-1 Access for Need-to-Know High
ECAR-1 Audit Record Content – Public Systems Low
ECAR-2 Audit Record Content – Sensitive Systems Medium
ECAR-3 Audit Record Content – Classified Systems High
ECAT-1 Audit Trail, Monitoring, Analysis and Reporting Low
ECAT-2 Audit Trail, Monitoring, Analysis and Reporting Medium
ECCD-1 Changes to Data Medium
ECCD-2 Changes to Data High
ECCM-1 COMSEC High
ECCR-1 Encryption for Confidentiality (Data at Rest) Low
ECCR-2 Encryption for Confidentiality (Data at Rest) Medium
ECCR-3 Encryption for Confidentiality (Data at Rest) High
ECCT-1 Encryption for Confidentiality (Data at Transmit) Medium
ECCT-2 Encryption for Confidentiality (Data at Transmit) High
ECDC-1 Data Change Controls Medium
ECIC-1 Interconnections among DoD Systems and Enclaves Medium
ECID-1 Host Based IDS Medium
ECIM-1 Instant Messaging Medium
ECLC-1 Audit of Security Label Changes Low
ECLO-1 Logon Medium
ECLO-2 Logon Medium
ECLP-1 Least Privilege High
ECML-1 Marking and Labeling High
ECMT-1 Conformance Monitoring and Testing Low
ECMT-2 Conformance Monitoring and Testing Medium
ECND-1 Network Device Controls Low
ECND-2 Network Device Controls Medium
ECNK-1 Encryption for Need-To-Know Medium
ECNK-2 Encryption for Need-To-Know Medium
ECPA-1 Privileged Account Control High
ECPC-1 Production Code Change Controls Medium
ECPC-2 Production Code Change Controls Medium
ECRC-1 Resource Control Medium
ECRG-1 Audit Reduction and Report Generation Low
ECRR-1 Audit Record Retention Medium
ECSC-1 Security Configuration Compliance High
ECSD-1 Software Development Change Controls Medium
ECSD-2 Software Development Change Controls High
ECTB-1 Audit Trail Backup Medium
ECTC-1 Tempest Controls High
ECTM-1 Transmission Integrity Controls Medium
ECTM-2 Transmission Integrity Controls Medium
ECTP-1 Audit Trail Protection Medium
ECVI-1 Voice-over-IP (VoIP) Protection Medium
ECVP-1 Virus Protection High
ECWM-1 Warning Message Low
ECWN-1 Wireless Computing and Network High
IAAC-1 Account Control High
IAGA-1 Group Authentication Medium
IAIA-1 Individual Identification and Authentication High
IAIA-2 Individual Identification and Authentication High
IAKM-1 Key Management Medium
IAKM-2 Key Management Medium
IAKM-3 Key Management Medium
IATS-1 Token and Certificate Standards Medium
IATS-2 Token and Certificate Standards Medium
PECF-1 Access to Computing Facilities High
PECF-2 Access to Computing Facilities High
PECS-1 Clearing and Sanitizing High
PECS-2 Clearing and Sanitizing High
PEDD-1 Destruction High
PEDI-1 Data Interception High
PEEL-1 Emergency Lighting Low
PEEL-2 Emergency Lighting Medium
PEFD-1 Fire Detection High
PEFD-2 Fire Detection High
PEFI-1 Fire Inspection Medium
PEFS-1 Fire Suppression Medium
PEFS-2 Fire Suppression High
PEHC-1 Humidity Controls Medium
PEHC-2 Humidity Controls Medium
PEMS-1 Master Power Switch High
PEPF-1 Physical Protection of Facilities High
PEPF-2 Physical Protection of Facilities High
PEPS-1 Physical Security Testing Low
PESL-1 Screen Lock Medium
PESP-1 Workplace Security Procedures Medium
PESS-1 Storage High
PETC-1 Temperature Controls Low
PETC-2 Temperature Controls Medium
PETN-1 Environmental Control Training Low
PEVC-1 Visitor Control to Computing Facilities High
PEVR-1 Voltage Regulators High
PRAS-1 Access to Information High
PRAS-2 Access to Information High
PRMP-1 Maintenance Personnel High
PRMP-2 Maintenance Personnel High
PRNK-1 Access to Need-to-Know Information High
PRRB-1 Security Rules of Behavior or Acceptable Use Policy High
PRTN-1 Information Assurance Training High
VIIR-1 Incident Response Planning Medium
VIIR-2 Incident Response Planning High
VIVM-1 Vulnerability Management Medium
COAS-1 Alternate Site Designation Medium
COAS-2 Alternate Site Designation High
COBR-1 Protection of Backup and Restoration Assets High
CODB-1 Data Backup Procedures Low
CODB-2 Data Backup Procedures Medium
CODB-3 Data Backup Procedures Medium
CODP-1 Disaster and Recovery Planning Low
CODP-2 Disaster and Recovery Planning Medium
CODP-3 Disaster and Recovery Planning Medium
COEB-1 Enclave Boundary Defense Medium
COEB-2 Enclave Boundary Defense High
COED-1 Scheduled Exercises and Drills Low
COED-2 Scheduled Exercises and Drills Medium
COEF-1 Identification of Essential Functions Low
COEF-2 Identification of Essential Functions Medium
COMS-1 Maintenance Support Low
COMS-2 Maintenance Support Medium
COPS-1 Power Supply Low
COPS-2 Power Supply Medium
COPS-3 Power Supply Medium
COSP-1 Spares and Parts Low
COSP-2 Spares and Parts Medium
COSW-1 Backup Copies of Critical SW High
COTR-1 Trusted Recovery High
DCAR-1 Procedural Review Medium
DCAS-1 Acquisition Standards High
DCBP-1 Best Security Practices Medium
DCCB-1 Control Board Low
DCCB-2 Control Board Medium
DCCS-1 Configuration Specifications High
DCCS-2 Configuration Specifications High
DCCT-1 Compliance Testing Medium
DCDS-1 Dedicated IA Services Medium
DCFA-1 Functional Architecture for AIS Applications Medium
DCHW-1 HW Baseline High
DCID-1 Interconnection Documentation High
DCII-1 IA Impact Assessment Medium
DCIT-1 IA for IT Services High
DCMC-1 Mobile Code Medium
DCNR-1 Non-repudiation Medium
DCPA-1 Partitioning the Application Low
DCPB-1 IA Program and Budget High
DCPD-1 Public Domain Software Controls Medium
DCPP-1 Ports, Protocols, and Services Medium
DCPR-1 CM Process High
DCSD-1 IA Documentation High
DCSL-1 System Library Management Controls Medium
DCSP-1 Security Support Structure Partitioning Medium
DCSQ-1 Software Quality Medium
DCSR-1 Specified Robustness - Basic High
DCSR-2 Specified Robustness - Medium High
DCSR-3 Specified Robustness – High High
DCSS-1 System State Changes High
DCSS-2 System State Changes High
DCSW-1 SW Baseline High
EBBD-1 Boundary Defense Low
EBBD-2 Boundary Defense Medium
EBBD-3 Boundary Defense High
EBCR-1 Connection Rules Medium
EBPW-1 Public WAN Connection High
EBRP-1 Remote Access for Privileged Functions High
EBRU-1 Remote Access for User Functions High
EBVC-1 VPN Controls Medium
ECAD-1 Affiliation Display Medium
ECAN-1 Access for Need-to-Know High
ECAR-1 Audit Record Content – Public Systems Low
ECAR-2 Audit Record Content – Sensitive Systems Medium
ECAR-3 Audit Record Content – Classified Systems High
ECAT-1 Audit Trail, Monitoring, Analysis and Reporting Low
ECAT-2 Audit Trail, Monitoring, Analysis and Reporting Medium
ECCD-1 Changes to Data Medium
ECCD-2 Changes to Data High
ECCM-1 COMSEC High
ECCR-1 Encryption for Confidentiality (Data at Rest) Low
ECCR-2 Encryption for Confidentiality (Data at Rest) Medium
ECCR-3 Encryption for Confidentiality (Data at Rest) High
ECCT-1 Encryption for Confidentiality (Data at Transmit) Medium
ECCT-2 Encryption for Confidentiality (Data at Transmit) High
ECDC-1 Data Change Controls Medium
ECIC-1 Interconnections among DoD Systems and Enclaves Medium
ECID-1 Host Based IDS Medium
ECIM-1 Instant Messaging Medium
ECLC-1 Audit of Security Label Changes Low
ECLO-1 Logon Medium
ECLO-2 Logon Medium
ECLP-1 Least Privilege High
ECML-1 Marking and Labeling High
ECMT-1 Conformance Monitoring and Testing Low
ECMT-2 Conformance Monitoring and Testing Medium
ECND-1 Network Device Controls Low
ECND-2 Network Device Controls Medium
ECNK-1 Encryption for Need-To-Know Medium
ECNK-2 Encryption for Need-To-Know Medium
ECPA-1 Privileged Account Control High
ECPC-1 Production Code Change Controls Medium
ECPC-2 Production Code Change Controls Medium
ECRC-1 Resource Control Medium
ECRG-1 Audit Reduction and Report Generation Low
ECRR-1 Audit Record Retention Medium
ECSC-1 Security Configuration Compliance High
ECSD-1 Software Development Change Controls Medium
ECSD-2 Software Development Change Controls High
ECTB-1 Audit Trail Backup Medium
ECTC-1 Tempest Controls High
ECTM-1 Transmission Integrity Controls Medium
ECTM-2 Transmission Integrity Controls Medium
ECTP-1 Audit Trail Protection Medium
ECVI-1 Voice-over-IP (VoIP) Protection Medium
ECVP-1 Virus Protection High
ECWM-1 Warning Message Low
ECWN-1 Wireless Computing and Network High
IAAC-1 Account Control High
IAGA-1 Group Authentication Medium
IAIA-1 Individual Identification and Authentication High
IAIA-2 Individual Identification and Authentication High
IAKM-1 Key Management Medium
IAKM-2 Key Management Medium
IAKM-3 Key Management Medium
IATS-1 Token and Certificate Standards Medium
IATS-2 Token and Certificate Standards Medium
PECF-1 Access to Computing Facilities High
PECF-2 Access to Computing Facilities High
PECS-1 Clearing and Sanitizing High
PECS-2 Clearing and Sanitizing High
PEDD-1 Destruction High
PEDI-1 Data Interception High
PEEL-1 Emergency Lighting Low
PEEL-2 Emergency Lighting Medium
PEFD-1 Fire Detection High
PEFD-2 Fire Detection High
PEFI-1 Fire Inspection Medium
PEFS-1 Fire Suppression Medium
PEFS-2 Fire Suppression High
PEHC-1 Humidity Controls Medium
PEHC-2 Humidity Controls Medium
PEMS-1 Master Power Switch High
PEPF-1 Physical Protection of Facilities High
PEPF-2 Physical Protection of Facilities High
PEPS-1 Physical Security Testing Low
PESL-1 Screen Lock Medium
PESP-1 Workplace Security Procedures Medium
PESS-1 Storage High
PETC-1 Temperature Controls Low
PETC-2 Temperature Controls Medium
PETN-1 Environmental Control Training Low
PEVC-1 Visitor Control to Computing Facilities High
PEVR-1 Voltage Regulators High
PRAS-1 Access to Information High
PRAS-2 Access to Information High
PRMP-1 Maintenance Personnel High
PRMP-2 Maintenance Personnel High
PRNK-1 Access to Need-to-Know Information High
PRRB-1 Security Rules of Behavior or Acceptable Use Policy High
PRTN-1 Information Assurance Training High
VIIR-1 Incident Response Planning Medium
VIIR-2 Incident Response Planning High
VIVM-1 Vulnerability Management Medium