← Frameworks / IAEA NSS 17-T / Control Mappings

IAEA Nuclear Security Series No. 17-T Rev.1 Computer Security at Nuclear Facilities

International guidance for computer security at nuclear facilities published by the International Atomic Energy Agency. 14 sections covering computer security management, risk management, defense-in-depth (5 security levels), identification and authentication, access control, system integrity, audit and monitoring, communication security, supply chain security, incident response, contingency planning, personnel security, physical security integration, and assessment and testing. Provides framework for protecting instrumentation and control (I&C) systems including safety-critical systems. Applied globally through national regulatory implementations.

Controls: 92

Total Mappings: 97

Publisher: International Atomic Energy Agency (IAEA) Version: Rev.1 (2023)

IAEA NSS 17-T → SP 800-53 SP 800-53 → IAEA NSS 17-T Coverage Analysis

AC (8) AT (4) AU (4) CA (5) CM (5) CP (6) IA (5) IR (6) PE (5) PL (3) PM (6) PS (6) RA (6) SA (2) SC (9) SI (4) SR (8)

AC Access Control

Control	Name	IAEA NSS 17-T References
AC-02	Account Management	Sec 5.2Sec 5.3
AC-03	Access Enforcement	Sec 5.3
AC-04	Information Flow Enforcement	Sec 5.1Sec 5.6
AC-05	Separation Of Duties	Sec 5.3
AC-06	Least Privilege	Sec 5.3
AC-07	Unsuccessful Login Attempts	Sec 5.3
AC-17	Remote Access	Sec 5.3
AC-20	Use Of External Information Systems	Sec 5.3

AT Awareness and Training

Control	Name	IAEA NSS 17-T References
AT-01	Security Awareness And Training Policy And Procedures	Sec 9
AT-02	Security Awareness	Sec 9
AT-03	Security Training	Sec 9
AT-04	Security Training Records	Sec 9

AU Audit and Accountability

Control	Name	IAEA NSS 17-T References
AU-02	Auditable Events	Sec 5.5
AU-03	Content Of Audit Records	Sec 5.5
AU-06	Audit Monitoring, Analysis, And Reporting	Sec 5.5
AU-09	Protection Of Audit Information	Sec 5.5

CA Security Assessment and Authorization

Control	Name	IAEA NSS 17-T References
CA-01	Certification, Accreditation, And Security Assessment Policies And Procedures	Sec 11
CA-02	Security Assessments	Sec 11
CA-05	Plan Of Action And Milestones	Sec 11
CA-07	Continuous Monitoring	Sec 5.5Sec 11
CA-08	Penetration Testing	Sec 11

CM Configuration Management

Control	Name	IAEA NSS 17-T References
CM-02	Baseline Configuration	Sec 5.4
CM-03	Configuration Change Control	Sec 5.4
CM-06	Configuration Settings	Sec 5.4
CM-07	Least Functionality	Sec 5.4
CM-14	Signed Components	Sec 5.4

CP Contingency Planning

Control	Name	IAEA NSS 17-T References
CP-01	Contingency Planning Policy And Procedures	Sec 8
CP-02	Contingency Plan	Sec 8
CP-04	Contingency Plan Testing And Exercises	Sec 8
CP-06	Alternate Storage Site	Sec 8
CP-09	Information System Backup	Sec 8
CP-10	Information System Recovery And Reconstitution	Sec 8

IA Identification and Authentication

Control	Name	IAEA NSS 17-T References
IA-02	User Identification And Authentication	Sec 5.2
IA-03	Device Identification And Authentication	Sec 5.2
IA-04	Identifier Management	Sec 5.2
IA-05	Authenticator Management	Sec 5.2
IA-08	Identification and Authentication (Non-Organizational Users)	Sec 5.2

IR Incident Response

Control	Name	IAEA NSS 17-T References
IR-01	Incident Response Policy And Procedures	Sec 7
IR-02	Incident Response Training	Sec 7
IR-04	Incident Handling	Sec 7
IR-05	Incident Monitoring	Sec 7
IR-06	Incident Reporting	Sec 7
IR-08	Incident Response Plan	Sec 7

PE Physical and Environmental Protection

Control	Name	IAEA NSS 17-T References
PE-01	Physical And Environmental Protection Policy And Procedures	Sec 10
PE-02	Physical Access Authorizations	Sec 10
PE-03	Physical Access Control	Sec 10
PE-06	Monitoring Physical Access	Sec 10
PE-08	Access Records	Sec 10

PL Planning

Control	Name	IAEA NSS 17-T References
PL-01	Security Planning Policy And Procedures	Sec 3
PL-02	System Security Plan	Sec 3
PL-08	Security and Privacy Architectures	Sec 5.1

PM Program Management

Control	Name	IAEA NSS 17-T References
PM-01	Information Security Program Plan	Sec 3
PM-02	Information Security Program Leadership Role	Sec 3
PM-03	Information Security and Privacy Resources	Sec 3
PM-09	Risk Management Strategy	Sec 3Sec 4
PM-10	Authorization Process	Sec 3
PM-14	Testing, Training, and Monitoring	Sec 11

PS Personnel Security

Control	Name	IAEA NSS 17-T References
PS-01	Personnel Security Policy And Procedures	Sec 9
PS-02	Position Categorization	Sec 9
PS-03	Personnel Screening	Sec 9
PS-04	Personnel Termination	Sec 9
PS-06	Access Agreements	Sec 9
PS-07	Third-Party Personnel Security	Sec 9

RA Risk Assessment

Control	Name	IAEA NSS 17-T References
RA-01	Risk Assessment Policy And Procedures	Sec 4
RA-02	Security Categorization	Sec 4
RA-03	Risk Assessment	Sec 4
RA-05	Vulnerability Scanning	Sec 4
RA-07	Risk Response	Sec 4
RA-09	Criticality Analysis	Sec 4

SA System and Services Acquisition

Control	Name	IAEA NSS 17-T References
SA-04	Acquisitions	Sec 6
SA-08	Security Engineering Principles	Sec 5.1

SC System and Communications Protection

Control	Name	IAEA NSS 17-T References
SC-07	Boundary Protection	Sec 5.1Sec 5.6
SC-08	Transmission Integrity	Sec 5.6
SC-12	Cryptographic Key Establishment And Management	Sec 5.6
SC-13	Use Of Cryptography	Sec 5.6
SC-23	Session Authenticity	Sec 5.6
SC-24	Fail in Known State	Sec 8
SC-32	System Partitioning	Sec 5.1
SC-46	Cross Domain Policy Enforcement	Sec 5.1
SC-48	Sensor Relocation	Sec 5.5

SI System and Information Integrity

Control	Name	IAEA NSS 17-T References
SI-02	Flaw Remediation	Sec 5.4
SI-03	Malicious Code Protection	Sec 5.4
SI-04	Information System Monitoring Tools And Techniques	Sec 5.5
SI-07	Software And Information Integrity	Sec 5.4

SR Supply Chain Risk Management

Control	Name	IAEA NSS 17-T References
SR-01	Policy and Procedures	Sec 6
SR-02	Supply Chain Risk Management Plan	Sec 6
SR-03	Supply Chain Controls and Processes	Sec 6
SR-05	Acquisition Strategies, Tools, and Methods	Sec 6
SR-06	Supplier Assessments and Reviews	Sec 6
SR-09	Tamper Resistance and Detection	Sec 6
SR-10	Inspection of Systems or Components	Sec 6
SR-11	Component Authenticity	Sec 6