[{"id":"AC","name":"Access Control","description":"Manage user permissions, system privileges, and remote access to ensure only authorized individuals access information systems.","controlCount":25},{"id":"AT","name":"Awareness and Training","description":"Ensure personnel are adequately trained to carry out their information security responsibilities.","controlCount":6},{"id":"AU","name":"Audit and Accountability","description":"Create, protect, and retain audit records to enable monitoring, analysis, and reporting of unlawful or unauthorized system activity.","controlCount":16},{"id":"CA","name":"Assessment, Authorization, and Monitoring","description":"Assess security controls, authorize system operation, and monitor controls on an ongoing basis.","controlCount":9},{"id":"CM","name":"Configuration Management","description":"Establish and maintain baseline configurations and inventories of organizational systems.","controlCount":14},{"id":"CP","name":"Contingency Planning","description":"Establish, maintain, and implement plans for emergency response, backup operations, and post-disaster recovery.","controlCount":13},{"id":"IA","name":"Identification and Authentication","description":"Identify and authenticate users, processes, and devices before granting access to systems.","controlCount":12},{"id":"IR","name":"Incident Response","description":"Establish operational incident handling capabilities for organizational systems.","controlCount":10},{"id":"MA","name":"Maintenance","description":"Perform timely maintenance on organizational systems and provide effective controls on maintenance tools and personnel.","controlCount":7},{"id":"MP","name":"Media Protection","description":"Protect information system media, limit access, and sanitize or destroy media before disposal or reuse.","controlCount":8},{"id":"PE","name":"Physical and Environmental Protection","description":"Limit physical access to systems and protect the physical plant and support infrastructure.","controlCount":23},{"id":"PL","name":"Planning","description":"Develop, document, update, and implement security and privacy plans for organizational systems.","controlCount":11},{"id":"PM","name":"Program Management","description":"Manage the organization-wide information security program and ensure compliance with applicable laws and policies.","controlCount":32},{"id":"PS","name":"Personnel Security","description":"Ensure individuals occupying positions of responsibility are trustworthy and meet established security criteria.","controlCount":9},{"id":"PT","name":"PII Processing and Transparency","description":"Manage personally identifiable information processing and provide transparency to individuals.","controlCount":8},{"id":"RA","name":"Risk Assessment","description":"Assess risk to organizational operations, assets, individuals, and other organizations.","controlCount":10},{"id":"SA","name":"System and Services Acquisition","description":"Allocate resources, manage the system development life cycle, and enforce acquisition process protections.","controlCount":23},{"id":"SC","name":"System and Communications Protection","description":"Protect communications and control system boundaries to ensure confidentiality and integrity.","controlCount":51},{"id":"SI","name":"System and Information Integrity","description":"Identify, report, and correct system flaws in a timely manner and protect against malicious code.","controlCount":23},{"id":"SR","name":"Supply Chain Risk Management","description":"Manage supply chain risks by developing processes, agreements, and assessment procedures.","controlCount":12}]