DOD Instruction 8500.2 Full Control List

Num. Title Impact
COAS-1 Alternate Site Designation Medium
COAS-2 Alternate Site Designation High
COBR-1 Protection of Backup and Restoration Assets High
CODB-1 Data Backup Procedures Low
CODB-2 Data Backup Procedures Medium
CODB-3 Data Backup Procedures Medium
CODP-1 Disaster and Recovery Planning Low
CODP-2 Disaster and Recovery Planning Medium
CODP-3 Disaster and Recovery Planning Medium
COEB-1 Enclave Boundary Defense Medium
COEB-2 Enclave Boundary Defense High
COED-1 Scheduled Exercises and Drills Low
COED-2 Scheduled Exercises and Drills Medium
COEF-1 Identification of Essential Functions Low
COEF-2 Identification of Essential Functions Medium
COMS-1 Maintenance Support Low
COMS-2 Maintenance Support Medium
COPS-1 Power Supply Low
COPS-2 Power Supply Medium
COPS-3 Power Supply Medium
COSP-1 Spares and Parts Low
COSP-2 Spares and Parts Medium
COSW-1 Backup Copies of Critical SW High
COTR-1 Trusted Recovery High
DCAR-1 Procedural Review Medium
DCAS-1 Acquisition Standards High
DCBP-1 Best Security Practices Medium
DCCB-1 Control Board Low
DCCB-2 Control Board Medium
DCCS-1 Configuration Specifications High
DCCS-2 Configuration Specifications High
DCCT-1 Compliance Testing Medium
DCDS-1 Dedicated IA Services Medium
DCFA-1 Functional Architecture for AIS Applications Medium
DCHW-1 HW Baseline High
DCID-1 Interconnection Documentation High
DCII-1 IA Impact Assessment Medium
DCIT-1 IA for IT Services High
DCMC-1 Mobile Code Medium
DCNR-1 Non-repudiation Medium
DCPA-1 Partitioning the Application Low
DCPB-1 IA Program and Budget High
DCPD-1 Public Domain Software Controls Medium
DCPP-1 Ports, Protocols, and Services Medium
DCPR-1 CM Process High
DCSD-1 IA Documentation High
DCSL-1 System Library Management Controls Medium
DCSP-1 Security Support Structure Partitioning Medium
DCSQ-1 Software Quality Medium
DCSR-1 Specified Robustness - Basic High
DCSR-2 Specified Robustness - Medium High
DCSR-3 Specified Robustness – High High
DCSS-1 System State Changes High
DCSS-2 System State Changes High
DCSW-1 SW Baseline High
EBBD-1 Boundary Defense Low
EBBD-2 Boundary Defense Medium
EBBD-3 Boundary Defense High
EBCR-1 Connection Rules Medium
EBPW-1 Public WAN Connection High
EBRP-1 Remote Access for Privileged Functions High
EBRU-1 Remote Access for User Functions High
EBVC-1 VPN Controls Medium
ECAD-1 Affiliation Display Medium
ECAN-1 Access for Need-to-Know High
ECAR-1 Audit Record Content – Public Systems Low
ECAR-2 Audit Record Content – Sensitive Systems Medium
ECAR-3 Audit Record Content – Classified Systems High
ECAT-1 Audit Trail, Monitoring, Analysis and Reporting Low
ECAT-2 Audit Trail, Monitoring, Analysis and Reporting Medium
ECCD-1 Changes to Data Medium
ECCD-2 Changes to Data High
ECCM-1 COMSEC High
ECCR-1 Encryption for Confidentiality (Data at Rest) Low
ECCR-2 Encryption for Confidentiality (Data at Rest) Medium
ECCR-3 Encryption for Confidentiality (Data at Rest) High
ECCT-1 Encryption for Confidentiality (Data at Transmit) Medium
ECCT-2 Encryption for Confidentiality (Data at Transmit) High
ECDC-1 Data Change Controls Medium
ECIC-1 Interconnections among DoD Systems and Enclaves Medium
ECID-1 Host Based IDS Medium
ECIM-1 Instant Messaging Medium
ECLC-1 Audit of Security Label Changes Low
ECLO-1 Logon Medium
ECLO-2 Logon Medium
ECLP-1 Least Privilege High
ECML-1 Marking and Labeling High
ECMT-1 Conformance Monitoring and Testing Low
ECMT-2 Conformance Monitoring and Testing Medium
ECND-1 Network Device Controls Low
ECND-2 Network Device Controls Medium
ECNK-1 Encryption for Need-To-Know Medium
ECNK-2 Encryption for Need-To-Know Medium
ECPA-1 Privileged Account Control High
ECPC-1 Production Code Change Controls Medium
ECPC-2 Production Code Change Controls Medium
ECRC-1 Resource Control Medium
ECRG-1 Audit Reduction and Report Generation Low
ECRR-1 Audit Record Retention Medium
ECSC-1 Security Configuration Compliance High
ECSD-1 Software Development Change Controls Medium
ECSD-2 Software Development Change Controls High
ECTB-1 Audit Trail Backup Medium
ECTC-1 Tempest Controls High
ECTM-1 Transmission Integrity Controls Medium
ECTM-2 Transmission Integrity Controls Medium
ECTP-1 Audit Trail Protection Medium
ECVI-1 Voice-over-IP (VoIP) Protection Medium
ECVP-1 Virus Protection High
ECWM-1 Warning Message Low
ECWN-1 Wireless Computing and Network High
IAAC-1 Account Control High
IAGA-1 Group Authentication Medium
IAIA-1 Individual Identification and Authentication High
IAIA-2 Individual Identification and Authentication High
IAKM-1 Key Management Medium
IAKM-2 Key Management Medium
IAKM-3 Key Management Medium
IATS-1 Token and Certificate Standards Medium
IATS-2 Token and Certificate Standards Medium
PECF-1 Access to Computing Facilities High
PECF-2 Access to Computing Facilities High
PECS-1 Clearing and Sanitizing High
PECS-2 Clearing and Sanitizing High
PEDD-1 Destruction High
PEDI-1 Data Interception High
PEEL-1 Emergency Lighting Low
PEEL-2 Emergency Lighting Medium
PEFD-1 Fire Detection High
PEFD-2 Fire Detection High
PEFI-1 Fire Inspection Medium
PEFS-1 Fire Suppression Medium
PEFS-2 Fire Suppression High
PEHC-1 Humidity Controls Medium
PEHC-2 Humidity Controls Medium
PEMS-1 Master Power Switch High
PEPF-1 Physical Protection of Facilities High
PEPF-2 Physical Protection of Facilities High
PEPS-1 Physical Security Testing Low
PESL-1 Screen Lock Medium
PESP-1 Workplace Security Procedures Medium
PESS-1 Storage High
PETC-1 Temperature Controls Low
PETC-2 Temperature Controls Medium
PETN-1 Environmental Control Training Low
PEVC-1 Visitor Control to Computing Facilities High
PEVR-1 Voltage Regulators High
PRAS-1 Access to Information High
PRAS-2 Access to Information High
PRMP-1 Maintenance Personnel High
PRMP-2 Maintenance Personnel High
PRNK-1 Access to Need-to-Know Information High
PRRB-1 Security Rules of Behavior or Acceptable Use Policy High
PRTN-1 Information Assurance Training High
VIIR-1 Incident Response Planning Medium
VIIR-2 Incident Response Planning High
VIVM-1 Vulnerability Management Medium
COAS-1 Alternate Site Designation Medium
COAS-2 Alternate Site Designation High
COBR-1 Protection of Backup and Restoration Assets High
CODB-1 Data Backup Procedures Low
CODB-2 Data Backup Procedures Medium
CODB-3 Data Backup Procedures Medium
CODP-1 Disaster and Recovery Planning Low
CODP-2 Disaster and Recovery Planning Medium
CODP-3 Disaster and Recovery Planning Medium
COEB-1 Enclave Boundary Defense Medium
COEB-2 Enclave Boundary Defense High
COED-1 Scheduled Exercises and Drills Low
COED-2 Scheduled Exercises and Drills Medium
COEF-1 Identification of Essential Functions Low
COEF-2 Identification of Essential Functions Medium
COMS-1 Maintenance Support Low
COMS-2 Maintenance Support Medium
COPS-1 Power Supply Low
COPS-2 Power Supply Medium
COPS-3 Power Supply Medium
COSP-1 Spares and Parts Low
COSP-2 Spares and Parts Medium
COSW-1 Backup Copies of Critical SW High
COTR-1 Trusted Recovery High
DCAR-1 Procedural Review Medium
DCAS-1 Acquisition Standards High
DCBP-1 Best Security Practices Medium
DCCB-1 Control Board Low
DCCB-2 Control Board Medium
DCCS-1 Configuration Specifications High
DCCS-2 Configuration Specifications High
DCCT-1 Compliance Testing Medium
DCDS-1 Dedicated IA Services Medium
DCFA-1 Functional Architecture for AIS Applications Medium
DCHW-1 HW Baseline High
DCID-1 Interconnection Documentation High
DCII-1 IA Impact Assessment Medium
DCIT-1 IA for IT Services High
DCMC-1 Mobile Code Medium
DCNR-1 Non-repudiation Medium
DCPA-1 Partitioning the Application Low
DCPB-1 IA Program and Budget High
DCPD-1 Public Domain Software Controls Medium
DCPP-1 Ports, Protocols, and Services Medium
DCPR-1 CM Process High
DCSD-1 IA Documentation High
DCSL-1 System Library Management Controls Medium
DCSP-1 Security Support Structure Partitioning Medium
DCSQ-1 Software Quality Medium
DCSR-1 Specified Robustness - Basic High
DCSR-2 Specified Robustness - Medium High
DCSR-3 Specified Robustness – High High
DCSS-1 System State Changes High
DCSS-2 System State Changes High
DCSW-1 SW Baseline High
EBBD-1 Boundary Defense Low
EBBD-2 Boundary Defense Medium
EBBD-3 Boundary Defense High
EBCR-1 Connection Rules Medium
EBPW-1 Public WAN Connection High
EBRP-1 Remote Access for Privileged Functions High
EBRU-1 Remote Access for User Functions High
EBVC-1 VPN Controls Medium
ECAD-1 Affiliation Display Medium
ECAN-1 Access for Need-to-Know High
ECAR-1 Audit Record Content – Public Systems Low
ECAR-2 Audit Record Content – Sensitive Systems Medium
ECAR-3 Audit Record Content – Classified Systems High
ECAT-1 Audit Trail, Monitoring, Analysis and Reporting Low
ECAT-2 Audit Trail, Monitoring, Analysis and Reporting Medium
ECCD-1 Changes to Data Medium
ECCD-2 Changes to Data High
ECCM-1 COMSEC High
ECCR-1 Encryption for Confidentiality (Data at Rest) Low
ECCR-2 Encryption for Confidentiality (Data at Rest) Medium
ECCR-3 Encryption for Confidentiality (Data at Rest) High
ECCT-1 Encryption for Confidentiality (Data at Transmit) Medium
ECCT-2 Encryption for Confidentiality (Data at Transmit) High
ECDC-1 Data Change Controls Medium
ECIC-1 Interconnections among DoD Systems and Enclaves Medium
ECID-1 Host Based IDS Medium
ECIM-1 Instant Messaging Medium
ECLC-1 Audit of Security Label Changes Low
ECLO-1 Logon Medium
ECLO-2 Logon Medium
ECLP-1 Least Privilege High
ECML-1 Marking and Labeling High
ECMT-1 Conformance Monitoring and Testing Low
ECMT-2 Conformance Monitoring and Testing Medium
ECND-1 Network Device Controls Low
ECND-2 Network Device Controls Medium
ECNK-1 Encryption for Need-To-Know Medium
ECNK-2 Encryption for Need-To-Know Medium
ECPA-1 Privileged Account Control High
ECPC-1 Production Code Change Controls Medium
ECPC-2 Production Code Change Controls Medium
ECRC-1 Resource Control Medium
ECRG-1 Audit Reduction and Report Generation Low
ECRR-1 Audit Record Retention Medium
ECSC-1 Security Configuration Compliance High
ECSD-1 Software Development Change Controls Medium
ECSD-2 Software Development Change Controls High
ECTB-1 Audit Trail Backup Medium
ECTC-1 Tempest Controls High
ECTM-1 Transmission Integrity Controls Medium
ECTM-2 Transmission Integrity Controls Medium
ECTP-1 Audit Trail Protection Medium
ECVI-1 Voice-over-IP (VoIP) Protection Medium
ECVP-1 Virus Protection High
ECWM-1 Warning Message Low
ECWN-1 Wireless Computing and Network High
IAAC-1 Account Control High
IAGA-1 Group Authentication Medium
IAIA-1 Individual Identification and Authentication High
IAIA-2 Individual Identification and Authentication High
IAKM-1 Key Management Medium
IAKM-2 Key Management Medium
IAKM-3 Key Management Medium
IATS-1 Token and Certificate Standards Medium
IATS-2 Token and Certificate Standards Medium
PECF-1 Access to Computing Facilities High
PECF-2 Access to Computing Facilities High
PECS-1 Clearing and Sanitizing High
PECS-2 Clearing and Sanitizing High
PEDD-1 Destruction High
PEDI-1 Data Interception High
PEEL-1 Emergency Lighting Low
PEEL-2 Emergency Lighting Medium
PEFD-1 Fire Detection High
PEFD-2 Fire Detection High
PEFI-1 Fire Inspection Medium
PEFS-1 Fire Suppression Medium
PEFS-2 Fire Suppression High
PEHC-1 Humidity Controls Medium
PEHC-2 Humidity Controls Medium
PEMS-1 Master Power Switch High
PEPF-1 Physical Protection of Facilities High
PEPF-2 Physical Protection of Facilities High
PEPS-1 Physical Security Testing Low
PESL-1 Screen Lock Medium
PESP-1 Workplace Security Procedures Medium
PESS-1 Storage High
PETC-1 Temperature Controls Low
PETC-2 Temperature Controls Medium
PETN-1 Environmental Control Training Low
PEVC-1 Visitor Control to Computing Facilities High
PEVR-1 Voltage Regulators High
PRAS-1 Access to Information High
PRAS-2 Access to Information High
PRMP-1 Maintenance Personnel High
PRMP-2 Maintenance Personnel High
PRNK-1 Access to Need-to-Know Information High
PRRB-1 Security Rules of Behavior or Acceptable Use Policy High
PRTN-1 Information Assurance Training High
VIIR-1 Incident Response Planning Medium
VIIR-2 Incident Response Planning High
VIVM-1 Vulnerability Management Medium