← Frameworks / Governance

Control Objectives for Information Technologies

Framework for IT governance and management. Helps organizations develop, implement, and improve IT governance and management practices.

Clauses: 40

Avg Coverage: 49.3%

Publisher: ISACA Version: 2019

COBIT 2019 → SP 800-53 SP 800-53 → COBIT 2019 Coverage Analysis

Clause	Title	SP 800-53 Controls
APO01	Managed I&T Management Framework	PM-01 PM-02 PM-03 PL-01 PL-09
APO02	Managed Strategy	PM-01 PM-07 PM-08 PM-11
APO03	Managed Enterprise Architecture	PM-07 PL-08 SA-08 SA-17
APO04	Managed Innovation	PM-01 SA-08
APO05	Managed Portfolio	PM-07 PM-11
APO06	Managed Budget and Costs	PM-03
APO07	Managed Human Resources	PM-13 PS-01 PS-02 PS-03 PS-06 PS-09 AT-01 AT-02 AT-03 AT-06
APO08	Managed Relationships	PM-15 SA-09
APO09	Managed Service Level Agreements	SA-04 SA-09 CA-03
APO10	Managed Vendors	SA-04 SA-09 SR-01 SR-02 SR-03 SR-05 SR-06
APO11	Managed Quality	SA-11 SA-15 CM-04 CA-02
APO12	Managed Risk	RA-01 RA-02 RA-03 RA-05 RA-07 RA-08 RA-09 PM-09 PM-28 CA-05
APO13	Managed Security	PM-01 PM-02 PM-03 PM-06 PM-09 PL-01 PL-02 PL-09 PL-10 PL-11 RA-01 RA-03 CA-02 CA-07 AT-02
APO14	Managed Data	AC-04 MP-01 MP-02 MP-03 MP-04 MP-05 MP-06 MP-07 SC-28 SI-12 RA-02 PT-01 PT-02 PT-03 PT-04 PT-05 PT-06 PT-07 PT-08 CM-12 CM-13 SI-18
BAI01	Managed Programs and Projects	SA-03 PM-07 PM-11
BAI02	Managed Requirements Definition	SA-04 SA-08 PL-02 PL-07 PL-08
BAI03	Managed Solutions Identification and Build	SA-03 SA-04 SA-08 SA-10 SA-11 SA-15 SA-17 SA-20 SA-21
BAI04	Managed Availability and Capacity	CP-02 CP-07 CP-08 SC-05 AU-04 SI-13
BAI05	Managed Organizational Change	CM-03 CM-04 PM-01
BAI06	Managed IT Changes	CM-03 CM-04 CM-05 CM-09 CM-14 SA-10
BAI07	Managed IT Change Acceptance and Transitioning	CM-03 CM-04 SA-11 CA-02
BAI08	Managed Knowledge	AT-02 AT-03 AT-06 PM-13 SA-05
BAI09	Managed Assets	CM-08 CM-12 PM-05 MP-01 MP-02 MP-03 MP-04 MP-05 MP-06 MP-07 SA-22
BAI10	Managed Configuration	CM-01 CM-02 CM-03 CM-04 CM-05 CM-06 CM-07 CM-08 CM-09 CM-10 CM-11 CM-12 CM-13 CM-14
BAI11	Managed IT Projects	SA-03 PM-07 PM-10 PM-11 CA-05
DSS01	Managed Operations	PE-01 PE-02 PE-03 PE-04 PE-05 PE-06 PE-07 PE-08 PE-09 PE-10 PE-11 PE-12 PE-13 PE-14 PE-15 PE-16 PE-17 PE-18 PE-21 PE-22 PE-23 MA-01 MA-02 MA-03 MA-04 MA-05 MA-06 MA-07 SI-04 CA-07
DSS02	Managed Service Requests and Incidents	IR-01 IR-02 IR-03 IR-04 IR-05 IR-06 IR-07 IR-08 IR-09
DSS03	Managed Problems	IR-04 IR-05 SI-02 CA-05
DSS04	Managed Continuity	CP-01 CP-02 CP-03 CP-04 CP-05 CP-06 CP-07 CP-08 CP-09 CP-10 CP-11 CP-12 CP-13
DSS05	Managed Security Services	SC-07 SC-24 SC-44 SC-41 SI-03 SI-04 SI-16 CM-14 AC-01 AC-02 AC-03 AC-04 AC-05 AC-06 AC-07 AC-08 AC-09 AC-10 AC-11 AC-12 AC-13 AC-14 AC-15 AC-16 AC-17 AC-18 AC-19 AC-20 AC-21 AC-22 AC-23 AC-24 AC-25 IA-01 IA-02 IA-03 IA-04 IA-05 IA-06 IA-07 IA-08 IA-09 IA-10 IA-11 IA-12 PE-01 PE-02 PE-03 PE-04 PE-05 PE-06 PE-07 PE-08 PE-09 PE-10 PE-11 PE-12 PE-13 PE-14 PE-15 PE-16 PE-17 PE-18
DSS06	Managed Business Process Controls	AC-03 AC-04 AC-05 AC-06 AU-02 AU-03 AU-06 SI-10 SI-15
EDM01	Ensured Governance Framework Setting and Maintenance	PM-01 PM-02 PM-03 PM-09 PL-09 PL-10
EDM02	Ensured Benefits Delivery	PM-01 PM-03 PM-06
EDM03	Ensured Risk Optimization	PM-09 RA-01 RA-03 PM-28 RA-07 RA-09
EDM04	Ensured Resource Optimization	PM-03 PM-13 SA-03
EDM05	Ensured Stakeholder Engagement	PM-01 PM-02
MEA01	Managed Performance and Conformance Monitoring	CA-07 PM-06 AU-06 SI-04
MEA02	Managed System of Internal Control	CA-02 CA-07 PM-06 AU-06
MEA03	Managed Compliance with External Requirements	CA-02 PM-01 PL-04 SA-04
MEA04	Managed Assurance	CA-01 CA-02 CA-07 CA-08 CA-09