← Frameworks / UAE IA / Control Mappings

UAE Information Assurance Regulation (TDRA/NESA)

UAE mandatory information assurance standards for all government entities and critical national infrastructure operators. 12 security domains aligned to ISO 27001/27002 covering governance, risk management, asset management, HR security, physical security, operations, communications, access control, system development, incident management, and business continuity. Enforced by TDRA with compliance audits.

Controls: 208
Total Mappings: 250
Publisher: Telecommunications and Digital Government Regulatory Authority (TDRA) Version: 2022
UAE IA → SP 800-53 SP 800-53 → UAE IA Coverage Analysis
AC (22) AT (5) AU (12) CA (5) CM (14) CP (11) IA (12) IR (9) MA (1) MP (8) PE (23) PL (6) PM (15) PS (9) PT (1) RA (7) SA (15) SC (16) SI (8) SR (9)

AC Access Control

Control Name UAE IA References
AC-01 Access Control Policies and Procedures
T3T9
AC-02 Account Management
T9
AC-03 Access Enforcement
T9
AC-04 Information Flow Enforcement
T8T9
AC-05 Separation Of Duties
T9
AC-06 Least Privilege
T9
AC-07 Unsuccessful Login Attempts
T9
AC-08 System Use Notification
T9
AC-09 Previous Logon Notification
T9
AC-10 Concurrent Session Control
T9
AC-11 Session Lock
T9
AC-12 Session Termination
T9
AC-14 Permitted Actions Without Identification Or Authentication
T9
AC-16 Automated Labeling
T4T9
AC-17 Remote Access
T8T9
AC-18 Wireless Access Restrictions
T8T9
AC-19 Access Control For Portable And Mobile Devices
T9
AC-20 Use Of External Information Systems
T8T9
AC-21 Information Sharing
T9
AC-22 Publicly Accessible Content
T9
AC-24 Access Control Decisions
T9
AC-25 Reference Monitor
T9

AT Awareness and Training

Control Name UAE IA References
AT-01 Security Awareness And Training Policy And Procedures
T3T5
AT-02 Security Awareness
T5
AT-03 Security Training
T5
AT-04 Security Training Records
T5
AT-06 Training Feedback
T5

AU Audit and Accountability

Control Name UAE IA References
AU-01 Audit And Accountability Policy And Procedures
T3T7
AU-02 Auditable Events
T7
AU-03 Content Of Audit Records
T7
AU-04 Audit Storage Capacity
T7
AU-05 Response To Audit Processing Failures
T7
AU-06 Audit Monitoring, Analysis, And Reporting
T11T7
AU-07 Audit Reduction And Report Generation
T7
AU-08 Time Stamps
T7
AU-09 Protection Of Audit Information
T7
AU-10 Non-Repudiation
T7
AU-11 Audit Record Retention
T7
AU-12 Audit Record Generation
T7

CA Security Assessment and Authorization

Control Name UAE IA References
CA-01 Certification, Accreditation, And Security Assessment Policies And Procedures
T3
CA-03 Information System Connections
T8
CA-05 Plan Of Action And Milestones
T2
CA-07 Continuous Monitoring
T7
CA-09 Internal System Connections
T8

CM Configuration Management

Control Name UAE IA References
CM-01 Configuration Management Policy And Procedures
T3T7
CM-02 Baseline Configuration
T7
CM-03 Configuration Change Control
T10T7
CM-04 Monitoring Configuration Changes
T10T7
CM-05 Access Restrictions For Change
T10T7
CM-06 Configuration Settings
T7
CM-07 Least Functionality
T7
CM-08 Information System Component Inventory
T4T7
CM-09 Configuration Management Plan
T7
CM-10 Software Usage Restrictions
T7
CM-11 User-Installed Software
T7
CM-12 Information Location
T4
CM-13 Data Action Mapping
T4
CM-14 Signed Components
T10T7

CP Contingency Planning

Control Name UAE IA References
CP-01 Contingency Planning Policy And Procedures
T12T3
CP-02 Contingency Plan
T12
CP-03 Contingency Training
T12
CP-04 Contingency Plan Testing And Exercises
T12
CP-06 Alternate Storage Site
T12T7
CP-07 Alternate Processing Site
T12
CP-08 Telecommunications Services
T12
CP-09 Information System Backup
T12T7
CP-10 Information System Recovery And Reconstitution
T12
CP-12 Safe Mode
T12
CP-13 Alternative Security Mechanisms
T12

IA Identification and Authentication

Control Name UAE IA References
IA-01 Identification And Authentication Policy And Procedures
T3T9
IA-02 User Identification And Authentication
T9
IA-03 Device Identification And Authentication
T9
IA-04 Identifier Management
T9
IA-05 Authenticator Management
T9
IA-06 Authenticator Feedback
T9
IA-07 Cryptographic Module Authentication
T9
IA-08 Identification and Authentication (Non-Organizational Users)
T9
IA-09 Service Identification and Authentication
T9
IA-10 Adaptive Authentication
T9
IA-11 Re-authentication
T9
IA-12 Identity Proofing
T9

IR Incident Response

Control Name UAE IA References
IR-01 Incident Response Policy And Procedures
T11T3
IR-02 Incident Response Training
T11
IR-03 Incident Response Testing And Exercises
T11
IR-04 Incident Handling
T11
IR-05 Incident Monitoring
T11
IR-06 Incident Reporting
T11
IR-07 Incident Response Assistance
T11
IR-08 Incident Response Plan
T11
IR-09 Information Spillage Response
T11

MA Maintenance

Control Name UAE IA References
MA-01 System Maintenance Policy And Procedures
T3

MP Media Protection

Control Name UAE IA References
MP-01 Media Protection Policy And Procedures
T3T4
MP-02 Media Access
T4
MP-03 Media Labeling
T4
MP-04 Media Storage
T4
MP-05 Media Transport
T4
MP-06 Media Sanitization And Disposal
T4
MP-07 Media Use
T4
MP-08 Media Downgrading
T4

PE Physical and Environmental Protection

Control Name UAE IA References
PE-01 Physical And Environmental Protection Policy And Procedures
T3T6
PE-02 Physical Access Authorizations
T6
PE-03 Physical Access Control
T6
PE-04 Access Control For Transmission Medium
T6
PE-05 Access Control For Display Medium
T6
PE-06 Monitoring Physical Access
T6
PE-07 Visitor Control
T6
PE-08 Access Records
T6
PE-09 Power Equipment And Power Cabling
T6
PE-10 Emergency Shutoff
T6
PE-11 Emergency Power
T6
PE-12 Emergency Lighting
T6
PE-13 Fire Protection
T6
PE-14 Temperature And Humidity Controls
T6
PE-15 Water Damage Protection
T6
PE-16 Delivery And Removal
T6
PE-17 Alternate Work Site
T6
PE-18 Location Of Information System Components
T6
PE-19 Information Leakage
T6
PE-20 Asset Monitoring and Tracking
T6
PE-21 Electromagnetic Pulse Protection
T6
PE-22 Component Marking
T6
PE-23 Facility Location
T6

PL Planning

Control Name UAE IA References
PL-01 Security Planning Policy And Procedures
T1T3
PL-02 System Security Plan
T3
PL-04 Rules Of Behavior
T3T5
PL-09 Central Management
T1
PL-10 Baseline Selection
T1T2
PL-11 Baseline Tailoring
T1T2

PM Program Management

Control Name UAE IA References
PM-01 Information Security Program Plan
T1T3
PM-02 Information Security Program Leadership Role
T1
PM-03 Information Security and Privacy Resources
T1
PM-05 System Inventory
T4
PM-06 Measures of Performance
T1
PM-07 Enterprise Architecture
T1
PM-08 Critical Infrastructure Plan
T12
PM-09 Risk Management Strategy
T1T2
PM-10 Authorization Process
T1
PM-11 Mission and Business Process Definition
T12
PM-13 Security and Privacy Workforce
T1T5
PM-14 Testing, Training, and Monitoring
T1T11
PM-15 Security and Privacy Groups and Associations
T1
PM-28 Risk Framing
T2
PM-29 Risk Management Program Leadership Roles
T1

PS Personnel Security

Control Name UAE IA References
PS-01 Personnel Security Policy And Procedures
T3T5
PS-02 Position Categorization
T5
PS-03 Personnel Screening
T5
PS-04 Personnel Termination
T5
PS-05 Personnel Transfer
T5
PS-06 Access Agreements
T5
PS-07 Third-Party Personnel Security
T5
PS-08 Personnel Sanctions
T5
PS-09 Position Descriptions
T1T5

PT Personally Identifiable Information Processing and Transparency

Control Name UAE IA References
PT-01 Policy and Procedures
T3

RA Risk Assessment

Control Name UAE IA References
RA-01 Risk Assessment Policy And Procedures
T2T3
RA-02 Security Categorization
T2T4
RA-03 Risk Assessment
T2
RA-05 Vulnerability Scanning
T2T7
RA-07 Risk Response
T2
RA-09 Criticality Analysis
T2
RA-10 Threat Hunting
T2

SA System and Services Acquisition

Control Name UAE IA References
SA-01 System And Services Acquisition Policy And Procedures
T10T3
SA-02 Allocation Of Resources
T10
SA-03 Life Cycle Support
T10
SA-04 Acquisitions
T10
SA-05 Information System Documentation
T10
SA-08 Security Engineering Principles
T10
SA-09 External Information System Services
T10
SA-10 Developer Configuration Management
T10
SA-11 Developer Security Testing
T10T7
SA-15 Development Process, Standards, and Tools
T10
SA-16 Developer-Provided Training
T10
SA-17 Developer Security and Privacy Architecture and Design
T10
SA-20 Customized Development of Critical Components
T10
SA-21 Developer Screening
T10
SA-22 Unsupported System Components
T10

SC System and Communications Protection

Control Name UAE IA References
SC-01 System And Communications Protection Policy And Procedures
T3T8
SC-04 Information Remnance
T7
SC-05 Denial Of Service Protection
T7
SC-06 Resource Priority
T7
SC-07 Boundary Protection
T8
SC-08 Transmission Integrity
T8
SC-10 Network Disconnect
T8
SC-11 Trusted Path
T8
SC-12 Cryptographic Key Establishment And Management
T8
SC-13 Use Of Cryptography
T8
SC-20 Secure Name / Address Resolution Service (Authoritative Source)
T8
SC-21 Secure Name / Address Resolution Service (Recursive Or Caching Resolver)
T8
SC-22 Architecture And Provisioning For Name / Address Resolution Service
T8
SC-23 Session Authenticity
T8
SC-28 Protection of Information at Rest
T4T8
SC-32 System Partitioning
T8

SI System and Information Integrity

Control Name UAE IA References
SI-01 System And Information Integrity Policy And Procedures
T3T7
SI-02 Flaw Remediation
T7
SI-03 Malicious Code Protection
T7
SI-04 Information System Monitoring Tools And Techniques
T11T7
SI-05 Security Alerts And Advisories
T7
SI-07 Software And Information Integrity
T7
SI-10 Information Accuracy, Completeness, Validity, And Authenticity
T7
SI-16 Memory Protection
T7

SR Supply Chain Risk Management

Control Name UAE IA References
SR-01 Policy and Procedures
T10T3
SR-02 Supply Chain Risk Management Plan
T10
SR-03 Supply Chain Controls and Processes
T10
SR-04 Provenance
T10
SR-05 Acquisition Strategies, Tools, and Methods
T10
SR-06 Supplier Assessments and Reviews
T10
SR-09 Tamper Resistance and Detection
T10
SR-10 Inspection of Systems or Components
T10
SR-11 Component Authenticity
T10