Appendix B: Control Families and Classes
The following table lists the eighteen control families and each control’s associated class: operational, managerial, or technical. The two-letter identifier for each family is also listed. All the families in this table are closely related to the seventeen minimum security requirements for federal information and information systems required by FISMA that are detailed in FIPS 200, with the exception of Program Management (PM). The PM family provides organizational-level security controls that are normally not implemented by information systems but rather by the overall organization.
| Id | Family | Class |
| AC | Access Control | Technical |
| AT | Awareness and Training | Operational |
| AU | Audit and Accountability | Technical |
| CA | Security Assessment ... |
Get Risk Management Framework now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
