Overview of Compliance Essentials for Splunk

The Compliance Essentials for Splunk app contains practices and dashboards that align with the Risk Management Framework (RMF), Cybersecurity Maturity Model Certification (CMMC), Defense Federal Acquisition Regulation Supplement (DFARS) , the Office of Management (OMB M-21-31) MEMORANDUM, the Federal Information Security Management Act (FISMA), the Australian Information Security Manual (ISM), Essential 8 (E8), the Australian Energy Sector Cyber Security Framework (AES-CSF), and NCSC Cyber Assessment Framework (CAF). The app uses the KVStore to store panels for practices and a mapping that maps multiple panels across frameworks.

The app references CMMC version 1.0, NIST SP 800-53, Revision 5 for RMF and FISMA, NIST SP 800-171 Revision 2 for DFARS, ISM version March 2023 variant, Essential Eight November 2022 variant.

Architecture

• 171 CMMC dashboards, 2,900+ RMF dashboards, 300+ FISMA dashboards, 100+ DFARS dashboards, 58 OMB dashboards, 800+ ISM dashboards, 130+ Essential Eight dashboards, 39 CAF dashboards, and 280+ AES-CSF dashboards.
• An Executive Overview, OMB Requirement Overview, ISM/E8 Assessment Overview, and CAF IGP Requirement Overview
• A Solution User Activity, Internal Audit Review, Custom Content Page, System Overview Page, System Health Page, and a Practice Family Collection Setup

Need Help - Report Issues/bugs - Feedback

While this app is not formally supported, questions can be directed to ssg-sce@splunk.com. Feedback is always welcome and appreciated!

You can also reach out on the #compliance-essentials-for-splunk channel on the Splunk usergroups Slack.

Third Party Software Used

A list of third party software used in Compliance Essentials can be found here

Installation Guide

Installation and Upgrade Steps

Fresh Install and Setup Steps

Click to navigate to a framework Setup:

• Cybersecurity Maturity Model Certification (CMMC)
• Risk Management Framework (RMF)
• The Federal Information Security Management Act (FISMA)
• Defense Federal Acquisition Regulation Supplement (DFARS)
• The Office of Management (OMB M-21-31) Memorandum
• The Australian Information Security Manual (ISM)
• ASD Essential 8 (E8)
• The Australian Energy Sector Cyber Security Framework (AES-CSF)
• NCSC Cyber Assessment Framework (CAF)

Upgrading from Previous Version to 2.1.0

1. After installing the latest version, navigate to Apps > Manage Apps > 'Set up' under Compliance Essentials for Splunk

2. To complete the upgrade, click "continue" to set tokens in panels added to dashboards under the local folder If this modal does not show up, please clear the browser cache or restart Splunk

3. Once upgrade is complete, exit the modal, select frameworks, and navigate to the multi-system docs page on steps to start adding systems.

Install and Configuration Steps for AES-CSF

Where to Install Compliance Essentials

The Application should be installed on the Search Head, either through the UI via “Manage Apps” or by extracting the archive into /opt/splunk/etc/apps folder.

Fresh Install and Setup Steps

Download Compliance Essentials for Splunk

1. Install App Dependencies:

   • Data Mapping (Required)
     • Install Common Information Model (CIM)
     • Data sources should be mapped to CIM.
     • Ensure utilized data models are accelerated as expected (recommend >=30 days acceleration in a similar fashion to a standard ES implementation).
     • For examples of Data Sources, navigate to Data Souce Examples.
   • Apps used for Visualizations:
     • Splunk Sankey Diagram
     • Horseshoe Meter
     • Punchcard App
     • Machine Learning Toolkit (MLTK): used for limited anomaly functions and visualizations
     • Python for Scientific Computing: required for MLTK
   • Optional: recommend installing the Lookup File Editor for easier import and modification to KV Store collections

2. Select Framework(s): Navigating to the app after a fresh install will direct you to the App Initial Setup Page. Once a framework or selection of frameworks are selected, a prompt will appear to navigate you to the Domain Overview Page.

1. Setup Default Levels Navigate to the “Practice Family Collection Setup” page to set up default level selection. Level Cards that are selected will be displayed by default in the Practice Overview Page.

2. Enrich lookups used to filter dashboard: Throughout the solution, individual dashboards may be subject to specific requirements, values / ranges / averages. These dashboards utilize lookups and KV Store collections to enrich and filter datasets. Enrich the following lookups listed on Dashboard Lookups page.

3. Add panels to dashboards: The solution includes 300+ panels that can be added to dashboards through the Custom Content Page, or through the “Add Panels” button on each practice dashboard. For setup instructions visit Add Content to Dashboard Page

4. Setup Multi-Systems (Optional): To setup multiple systems (e.g. a system for each sub-organization) visit the Multi-System Setup page.

5. Start creating audit entries: Visit the AES-CSF Dashboards page to learn more.

Install and Configuration Steps for CAF

Where to Install Compliance Essentials

The Application should be installed on the Search Head, either through the UI via “Manage Apps” or by extracting the archive into /opt/splunk/etc/apps folder.

Fresh Install and Setup Steps

Download Compliance Essentials for Splunk

1. Install App Dependencies:

   • Data Mapping (Required)
     • Install Common Information Model (CIM)
     • Data sources should be mapped to CIM.
     • Ensure utilized data models are accelerated as expected (recommend >=30 days acceleration in a similar fashion to a standard ES implementation).
     • For examples of Data Sources, navigate to Data Souce Examples.
   • Apps used for Visualizations:
     • Splunk Sankey Diagram
     • Horseshoe Meter
     • Punchcard App
     • Machine Learning Toolkit (MLTK): used for limited anomaly functions and visualizations
     • Python for Scientific Computing: required for MLTK
   • Optional: recommend installing the Lookup File Editor for easier import and modification to KV Store collections

2. Select Framework(s): Navigating to the app after a fresh install will direct you to the App Initial Setup Page. Once a framework or selection of frameworks are selected, a prompt will appear to navigate you to the Domain Overview Page.

1. Enrich lookups used to filter dashboard: Throughout the solution, individual dashboards may be subject to specific requirements, values / ranges / averages. These dashboards utilize lookups and KV Store collections to enrich and filter datasets. Enrich the following lookups listed on Dashboard Lookups page.

2. Add panels to dashboards: The solution includes 300+ panels that can be added to dashboards through the Custom Content Page, or through the “Add Panels” button on each practice dashboard. For setup instructions visit the Add Content to Dashboard Page

3. Setup Multi-Systems (Optional): To setup multiple systems (e.g. a system for each sub-organization) visit the Multi-System Setup page.

4. Start creating audit and assessment entries: Visit the CAF Dashboards page to learn more.

Install and Configuration Steps for CMMC

Where to Install Compliance Essentials

The Application should be installed on the Search Head, either through the UI via “Manage Apps” or by extracting the archive into /opt/splunk/etc/apps folder.

For CMMC Levels 3 and above:The application should be installed in the same search head as Enterprise Security.

Fresh Install and Setup Steps

Download Compliance Essentials for Splunk

1. Install App Dependencies:

   • Data Mapping (Required)
     • Install Common Information Model (CIM)
     • Data sources should be mapped to CIM.
     • Ensure utilized data models are accelerated as expected (recommend >=30 days acceleration in a similar fashion to a standard ES implementation).
     • For examples of Data Sources, navigate to Data Souce Examples.
   • Apps used for Visualizations:
     • Splunk Sankey Diagram
     • Horseshoe Meter
     • Punchcard App
     • Machine Learning Toolkit (MLTK): used for limited anomaly functions and visualizations
     • Python for Scientific Computing: required for MLTK
   • Optional: recommend installing the Lookup File Editor for easier import and modification to KV Store collections

2. Select Framework(s): Navigating to the app after a fresh install will direct you to the App Initial Setup Page. Once a framework or selection of frameworks are selected, a prompt will appear to navigate you to the Domain Overview Page.

1. Setup Default Levels Navigate to the “Practice Family Collection Setup” page to set up default level selection. Level Cards that are selected will be displayed by default in the Practice Overview Page.

2. Enrich lookups used to filter dashboard: Throughout the solution, individual dashboards may be subject to specific requirements, values / ranges / averages. These dashboards utilize lookups and KV Store collections to enrich and filter datasets. Enrich the following lookups listed on Dashboard Lookups page.

3. Add panels to dashboards: The solution includes 300+ panels that can be added to dashboards through the Custom Content Page, or through the “Add Panels” button on each practice dashboard. For setup instructions visit the Add Content to Dashboard Page

4. For CMMC Levels 3 and above: visit the CMMC Additional Setup page for additional configuration.

5. Setup Multi-Systems (Optional): To setup multiple systems (e.g. a system for each sub-organization) visit the Multi-System Setup page.

6. Start creating audit entries: Visit the CMMC Dashboards page to learn more.

Install and Configuration Steps for DFARS

Where to Install Compliance Essentials

The Application should be installed on the Search Head, either through the UI via “Manage Apps” or by extracting the archive into /opt/splunk/etc/apps folder.

Fresh Install and Setup Steps

Download Compliance Essentials for Splunk

1. Install App Dependencies:

   • Data Mapping (Required)
     • Install Common Information Model (CIM)
     • Data sources should be mapped to CIM.
     • Ensure utilized data models are accelerated as expected (recommend >=30 days acceleration in a similar fashion to a standard ES implementation).
     • For examples of Data Sources, navigate to Data Souce Examples.
   • Apps used for Visualizations:
     • Splunk Sankey Diagram
     • Horseshoe Meter
     • Punchcard App
     • Machine Learning Toolkit (MLTK): used for limited anomaly functions and visualizations
     • Python for Scientific Computing: required for MLTK
   • Optional: recommend installing the Lookup File Editor for easier import and modification to KV Store collections

2. Select Framework(s): Navigating to the app after a fresh install will direct you to the App Initial Setup Page. Once a framework or selection of frameworks are selected, a prompt will appear to navigate you to the Domain Overview Page.

1. Enrich lookups used to filter dashboard: Throughout the solution, individual dashboards may be subject to specific requirements, values / ranges / averages. These dashboards utilize lookups and KV Store collections to enrich and filter datasets. Enrich the following lookups listed on Dashboard Lookups page.

2. Add panels to dashboards: The solution includes 300+ panels that can be added to dashboards through the Custom Content Page, or through the “Add Panels” button on each practice dashboard. For setup instructions visit the Add Content to Dashboard Page

3. Setup Multi-Systems (Optional): To setup multiple systems (e.g. a system for each sub-organization) visit the Multi-System Setup page.

4. Start creating audit entries: Visit the DFARS Dashboards page to learn more.

Install and Configuration Steps for Essential 8

Where to Install Compliance Essentials

The Application should be installed on the Search Head, either through the UI via “Manage Apps” or by extracting the archive into /opt/splunk/etc/apps folder.

Fresh Install and Setup Steps

Download Compliance Essentials for Splunk

1. Install App Dependencies:

   • Data Mapping (Required)
     • Install Common Information Model (CIM)
     • Data sources should be mapped to CIM.
     • Ensure utilized data models are accelerated as expected (recommend >=30 days acceleration in a similar fashion to a standard ES implementation).
     • For examples of Data Sources, navigate to Data Souce Examples.
   • Apps used for Visualizations:
     • Splunk Sankey Diagram
     • Horseshoe Meter
     • Punchcard App
     • Machine Learning Toolkit (MLTK): used for limited anomaly functions and visualizations
     • Python for Scientific Computing: required for MLTK
   • Optional: recommend installing the Lookup File Editor for easier import and modification to KV Store collections

2. Select Framework(s): Navigating to the app after a fresh install will direct you to the App Initial Setup Page. Once a framework or selection of frameworks are selected, a prompt will appear to navigate you to the Domain Overview Page.

1. Setup Default Levels Navigate to the “Practice Family Collection Setup” page to set up default level selection. Level Cards that are selected will be displayed by default in the Practice Overview Page.

2. Enrich lookups used to filter dashboard: Throughout the solution, individual dashboards may be subject to specific requirements, values / ranges / averages. These dashboards utilize lookups and KV Store collections to enrich and filter datasets. Enrich the following lookups listed on Dashboard Lookups page.

3. Add panels to dashboards: The solution includes 300+ panels that can be added to dashboards through the Custom Content Page, or through the “Add Panels” button on each practice dashboard. For setup instructions visit the Add Content to Dashboard Page

4. Setup Multi-Systems (Optional): To setup multiple systems (e.g. a system for each sub-organization) visit the Multi-System Setup page.

5. Start creating audit and assessment entries: Visit the Essential 8 Dashboards page to learn more.

Install and Configuration Steps for FISMA

Where to Install Compliance Essentials

The Application should be installed on the Search Head, either through the UI via “Manage Apps” or by extracting the archive into /opt/splunk/etc/apps folder.

Fresh Install and Setup Steps

Download Compliance Essentials for Splunk

1. Install App Dependencies:

   • Data Mapping (Required)
     • Install Common Information Model (CIM)
     • Data sources should be mapped to CIM.
     • Ensure utilized data models are accelerated as expected (recommend >=30 days acceleration in a similar fashion to a standard ES implementation).
     • For examples of Data Sources, navigate to Data Souce Examples.
   • Apps used for Visualizations:
     • Splunk Sankey Diagram
     • Horseshoe Meter
     • Punchcard App
     • Machine Learning Toolkit (MLTK): used for limited anomaly functions and visualizations
     • Python for Scientific Computing: required for MLTK
   • Optional: recommend installing the Lookup File Editor for easier import and modification to KV Store collections

2. Select Framework(s): Navigating to the app after a fresh install will direct you to the App Initial Setup Page. Once a framework or selection of frameworks are selected, a prompt will appear to navigate you to the Domain Overview Page.

1. Setup Default Levels Navigate to the “Practice Family Collection Setup” page to set up default level selection. Level Cards that are selected will be displayed by default in the Practice Overview Page.

2. Enrich lookups used to filter dashboard: Throughout the solution, individual dashboards may be subject to specific requirements, values / ranges / averages. These dashboards utilize lookups and KV Store collections to enrich and filter datasets. Enrich the following lookups listed on Dashboard Lookups page.

3. Add panels to dashboards: The solution includes 300+ panels that can be added to dashboards through the Custom Content Page, or through the “Add Panels” button on each practice dashboard. For setup instructions visit the Add Content to Dashboard Page

4. Setup Multi-Systems (Optional): To setup multiple systems (e.g. a system for each sub-organization) visit the Multi-System Setup page.

5. Start creating audit entries: Visit the FISMA Dashboards page to learn more.

Install and Configuration Steps for ISM

Where to Install Compliance Essentials

The Application should be installed on the Search Head, either through the UI via “Manage Apps” or by extracting the archive into /opt/splunk/etc/apps folder.

Fresh Install and Setup Steps

Download Compliance Essentials for Splunk

1. Install App Dependencies:

   • Data Mapping (Required)
     • Install Common Information Model (CIM)
     • Data sources should be mapped to CIM.
     • Ensure utilized data models are accelerated as expected (recommend >=30 days acceleration in a similar fashion to a standard ES implementation).
     • For examples of Data Sources, navigate to Data Souce Examples.
   • Apps used for Visualizations:
     • Splunk Sankey Diagram
     • Horseshoe Meter
     • Punchcard App
     • Machine Learning Toolkit (MLTK): used for limited anomaly functions and visualizations
     • Python for Scientific Computing: required for MLTK
   • Optional: recommend installing the Lookup File Editor for easier import and modification to KV Store collections

2. Select Framework(s): Navigating to the app after a fresh install will direct you to the App Initial Setup Page. Once a framework or selection of frameworks are selected, a prompt will appear to navigate you to the Domain Overview Page.

1. Setup Default Levels Navigate to the “Practice Family Collection Setup” page to set up default level selection. Level Cards that are selected will be displayed by default in the Practice Overview Page.

2. Enrich lookups used to filter dashboard: Throughout the solution, individual dashboards may be subject to specific requirements, values / ranges / averages. These dashboards utilize lookups and KV Store collections to enrich and filter datasets. Enrich the following lookups listed on Dashboard Lookups page.

3. Add panels to dashboards: The solution includes 300+ panels that can be added to dashboards through the Custom Content Page, or through the “Add Panels” button on each practice dashboard. For setup instructions visit the Add Content to Dashboard Page

4. Setup Multi-Systems (Optional): To setup multiple systems (e.g. a system for each sub-organization) visit the Multi-System Setup page.

5. Start creating audit and assessment entries: Visit the ISM Dashboards page to learn more.

Install and Configuration Steps for OMB 21-31

Where to Install Compliance Essentials

The Application should be installed on the Search Head, either through the UI via “Manage Apps” or by extracting the archive into /opt/splunk/etc/apps folder.

Fresh Install and Setup Steps

Download Compliance Essentials for Splunk

1. Install App Dependencies:

   • Data Mapping (Required)
     • Install Common Information Model (CIM)
     • Data sources should be mapped to CIM.
     • Ensure utilized data models are accelerated as expected (recommend >=30 days acceleration in a similar fashion to a standard ES implementation).
     • For examples of Data Sources, navigate to Data Souce Examples.
   • Apps used for Visualizations:
     • Splunk Sankey Diagram
     • Horseshoe Meter
     • Punchcard App
     • Machine Learning Toolkit (MLTK): used for limited anomaly functions and visualizations
     • Python for Scientific Computing: required for MLTK
   • Optional: recommend installing the Lookup File Editor for easier import and modification to KV Store collections

2. Select Framework(s): Navigating to the app after a fresh install will direct you to the App Initial Setup Page. Once a framework or selection of frameworks are selected, a prompt will appear to navigate you to the Domain Overview Page.

1. Setup Default Levels Navigate to the “Practice Family Collection Setup” page to set up default level selection. Level Cards that are selected will be displayed by default in the Practice Overview Page.

2. Enrich lookups used to filter dashboard: Throughout the solution, individual dashboards may be subject to specific requirements, values / ranges / averages. These dashboards utilize lookups and KV Store collections to enrich and filter datasets. Enrich the following lookups listed on Dashboard Lookups page.

3. Add panels to dashboards: The solution includes 300+ panels that can be added to dashboards through the Custom Content Page, or through the “Add Panels” button on each practice dashboard. For setup instructions visit Add Content to Dashboard Page

4. Additional Configuration: visit the OMB - Additional Setup page for additional configuration. Please do not enable the 'OMB Data Inventory' Data Model acceleration before configuring the macro settings

5. Setup Multi-Systems (Optional): To setup multiple systems (e.g. a system for each sub-organization) visit the Multi-System Setup page.

6. Start creating audit and assessment entries: Visit the OMB Dashboards page to learn more.

Install and Configuration Steps for RMF

Where to Install Compliance Essentials

The Application should be installed on the Search Head, either through the UI via “Manage Apps” or by extracting the archive into /opt/splunk/etc/apps folder.

Fresh Install and Setup Steps

Download Compliance Essentials for Splunk

1. Install App Dependencies:

   • Data Mapping (Required)
     • Install Common Information Model (CIM)
     • Data sources should be mapped to CIM.
     • Ensure utilized data models are accelerated as expected (recommend >=30 days acceleration in a similar fashion to a standard ES implementation).
     • For examples of Data Sources, navigate to Data Souce Examples.
   • Apps used for Visualizations:
     • Splunk Sankey Diagram
     • Horseshoe Meter
     • Punchcard App
     • Machine Learning Toolkit (MLTK): used for limited anomaly functions and visualizations
     • Python for Scientific Computing: required for MLTK
   • Optional: recommend installing the Lookup File Editor for easier import and modification to KV Store collections

2. Select Framework(s): Navigating to the app after a fresh install will direct you to the App Initial Setup Page. Once a framework or selection of frameworks are selected, a prompt will appear to navigate you to the Domain Overview Page.

1. Enrich lookups used to filter dashboard: Throughout the solution, individual dashboards may be subject to specific requirements, values / ranges / averages. These dashboards utilize lookups and KV Store collections to enrich and filter datasets. Enrich the following lookups listed on Dashboard Lookups page.

2. Add panels to dashboards: The solution includes 300+ panels that can be added to dashboards through the Custom Content Page, or through the “Add Panels” button on each practice dashboard. For setup instructions visit the Add Content to Dashboard page.

3. Additional Configuration: visit the RMF - Additional Setup page for additional configuration.

4. Setup Multi-Systems (Optional): To setup multiple systems (e.g. a system for each sub-organization) visit the Multi-System Setup page.

5. Start creating audit entries: Visit the RMF Dashboards page to learn more.

Additional Configuration Steps for CMMC Levels 3 and Above

Import types of training

Dashboards AT.3.058 and AT.4.59 include a panel for users to submit their training entries, including the type of training completed. Training types can be added to the KV Store collection training_types_collection\ Required fields: - dashboard: enter dashboard ID (e.g. AT_3_058) - activity_type: name of training type - default_follow_up_date: enter number of days before training expires (e.g. 365 for annual training)

Premium Security Product Data

Data from Splunk Security Suite products is assumed to be collected and available to the solution for reporting and analysis in a variety of controls. Depending on a combination of the desired use case, using individuals, architecture, and desired level of effort, combinations of data and links to the appropriate products may be appropriate. The following datasets of security products are used in the solution:

Enterprise Security (ES)

Datasets used: - Notable Events - Investigation Data - Correlation Searches

Splunk for CMMC should be installed on the same search head as Enterprise Security to surface ES investigation metadata more easliy. An alternative is using the ES Mothership App to pull data from ES and into a summary index.

SOAR (Phantom)

Datasets used:

• Containers
• Actions Playbooks

Dataset can be pulled via Phantom App

External Product link

External links to Splunk Premium apps (Enterprise Security, Soar, and User Behavior Analytics (UBA)) can be added in the 'Practice Family Collection Setup' by clicking the 'Update' button on the dashboard you want to update, and adding a link under 'External Link'. Absolute links are supported (e.g. https://\<splunk instance>/en-US/app/SplunkEnterpriseSecuritySuite/ess_investigation_list)

Additional Configuration for OMB

Please do not enable the '* Data Inventory' Data Models acceleration before configuring the macro settings below

Note: * see table below for list of Data Inventory datamodels

OMB Data Inventory Setup

OMB Data Inventory panels uses the Data Inventory datamodels included in the app and can be found under Settings > Data Models (under Knowledge). Run the following steps to setup the datamodels:

1. Set Index Macros: Each Data Set uses a macro in the base search to define which index to search events in. Navigate to Settings > Advanced Search (under Knowledge) and select "Search Macros". Set each '*_indexes' macro listed in "Compliance Essentials" to the relevant index e.g. (index=windows_events)

2. Choose which Datamodels to Accelerate:

   a. Navigate to Settings > Data Models (under Knowledge).

   b. Click Edit > Edit Acceleration under Actions for each "* Data Inventory" Datamodel

   c. Select "Accelerate" and select the Summary Range.

The speed of summary creation depends on the amount of events involved and the size of the summary range. You can track progress towards summary completion on the Data Models management page. Under the Data Inventory datamodel, expand its row, and review the information that appears under ACCELERATION.

For more information on Accelerated Data Models, view Splunk Docs

Add additional Sourcetypes to the "* Data Inventory" Data Models (Optional)

Custom Sourcetypes can be added to the Data Model by running the following steps:

Creating an Eventtype

1. Navigate to Settings > Eventtypes (under Knowledge)
2. Create a new eventtype
3. Set destination app to "compliance_essentials", add a name and the new sourcetype in the search string (e.g. sourcetype=wineventlog) and enter a tag (view the steps below on how to determine which tag to enter)

Linking an Eventtype to the "* Data Inventory" Data Models through Tags

1. Navigate to Settings > Data Models (under Knowledge) > OMB Data Inventory
2. Select the Dataset to link the eventtype to and copy the tag under "Constraints" (e.g. to add to Windows Security Logs, click Windows Security Logs under Vendor-Specific Data, and copying the tag VendorSpecific-winsec).
3. Add that tag to step 3 under "Creating an Eventtype"

List of Data Inventory datamodels and associated macros that ship with Compliance Essentials

Data Model	Associated macro
Anti-Virus or Anti-Malware Data Inventory	AntiVirus_or_AntiMalware_indexes
Application Data Inventory	Application_Data_indexes
Application Load Balancer Inventory	Application_Load_Balancer_indexes
Authentication Data Inventory	Authentication_indexes
Configuration Management Data Inventory	Configuration_Management_indexes
Database Server Data Inventory	DatabaseServer_indexes
DLP Data Inventory	DLP_indexes
DNS Data Inventory	DNS_indexes
Email Data Inventory	Email_indexes
Endpoint Detection and Response Data Inventory	Endpoint_Detection_and_Response_indexes
Host Performance Data Inventory	Host_Performance_indexes
IDS or IPS Alerts Data Inventory	IDS_IPS_indexes
IP Address Assignment Data Inventory	IP_Address_Assignment_indexes
Network Communication Data Inventory	Network_Communication_indexes
Patch Management Data Inventory	Patch_Management_indexes
System Logs Data Inventory	System_Logs_indexes
Vendor-Specific Data Inventory	VendorSpecific_Data_indexes
Vulnerability Detection Data Inventory	Vulnerability_Detection_indexes
Web Application Firewall Data Inventory	Web_Application_Firewall_indexes
Web Proxy Data Inventory	Web_Proxy_indexes
Web Server Data Inventory	Web_Server_indexes
Windows Group Management Data Inventory	Windows_Group_Management_indexes

Additional Configuration Steps for RMF

CIA Levels

Overview

Each dashboard under RMF contains a CIA (confidentiality, integrity, or availability) panel that runs off of a csv. More information on the CIA base levels can be found below:

FIPS Publication 199 & 200 defines the security categorization standards

The initial security categorization for the information and the system is performed during the initiation phase of the system development life cycle along with an initial security risk assessment. The initial risk assessment defines the threat environment in which the system operates and includes an initial description of the basic security needs of the system. These needs are contingent upon an understanding of how a possible loss of confidentiality, integrity, or availability of information of a system component can impact the organization and the resulting security categorization.

Tailoring CIA Levels: NIST SP 800-60 describes the criteria for adjusting the provisional security impact values. The confidentiality, integrity, and availability impact values may be adjusted as necessary during the review. The special factor guidance in NIST SP 800-60, Volume II, provides guidance to adjust each information type. If the special factor guidance applies to the individual system, the impact value for the security objective can be modified.

CIA Levels Setup Steps

To set the initial baseline and control selection:

1. Log into the Splunk Search Head that has the Compliance Essentials for Splunk installed
2. Open the Splunk App for Lookup File Editing
3. Search for the site_cia_levels.csv
4. Click on site_cia_levels.csv to open the csv
5. Type in your Availability, Confidentiality, and Integrity Levels
6. Select Save Lookup

To adjust the baseline for a security objective:

1. Log into the Splunk Search Head that has the Compliance Essentials for Splunk installed
2. Open the Splunk App for Lookup File Editing
3. Search for the basecia.csv
4. Click on basecia.csv to open the csv
5. Type in your Availability, Confidentiality, Integrity, and RMF key. Note: Only type in the RMF Key’s for the CCI’s that you would like to overwrite the CIA levels on. The RMF key can be found in the URL for any CCI dashboard
6. Select Save Lookup

Additional Configuration Steps for Multi-Systems

Creating a System

1. To create a System, click Add a new System on the top right corner

2. System Details: set a name, description, system owner (optional), and a framework if multiple were selected during initial setup. If only one framework is being used, the framework is selected by default.

3. System Hosts: add a host, source, sourcetype or index that ties to devices under the system. A csv lookup can be used (via Splunk lookup or upload) to import hosts into the rows, or rows can be added manually by clicking '+Add Input' If using a lookup, be sure to select the correct column for the type (must be 'host', 'source', 'sourcetype' or 'index'), and the value (e.g. type is host, value is systemd) when prompted.

4. System Permissions: add users and/or roles that can have access to view this system in the System Overview, and in the control/practice dashboards. There are three ways to import a user/role: 1. Selecting a user from the search box, 2. selecting or uploading a csv lookup, 3. adding a row manually by clicking '+Add Input' If using a csv lookup, be sure to select the correct column for the type (must be 'user' or 'role'), and the value (e.g. type is user, value is jdoe) when prompted.

5. Control/Practice Visibility: Toggling visibility for a system will show/hide controls in the Practice Overview Page. A Splunk lookup can be used to import control/practice visibility, or can be manually set by toggling by rows in the 'Visibility' column. If using a lookup, be sure to select the correct column for AP Acronym (name of control/practice) and Implementation Status ("Not Applicable, "Implemented",Planned) when prompted.

6. Click Done

Data Source Examples

Data Model / Source	Example Data Sources (Not Exhaustive)
Authentication	Windows, *Nix, Okta, Cisco ISE, Juniper (VPN)
Change	Windows, *Nix, Okta, Netscreen (Firewall), Syslog, CarbonBlack
Compute_Inventory	*Nix, Windows, Cisco UCS
Endpoint Ports	*Nix
Endpoint Processes	*Nix
Endpoint Services	*Nix
Intrusion_Detection	Netscreen (Firewall), Juniper (IDP), McAfee (IDS), Okta (IM), Carbonblack, Wireless IDS (Air Defender)
Malware	McAffee EPO
Network_Sessions	Juniper (VPN), Stream/Bro DHCP
Network_Traffic	Netscreen (Firewall), Cisco ISE, Juniper (Firewall), Carbonblack
Updates	Windows, *Nix
Vulnerabilities	Nessus, Windows
Web	Websense, Bro (HTTP)

Ended: Installation Guide

Administration Guide

Dashboard Tailoring Expectations

Lookups Used to Filter Dashboard Analytics

Enrich the following lookups using the fields described below, the 'Dashboard' column describes where the lookups are used for reference:

Lookup	Fields	Dashboard
approved_software_servers	product: name of software product is_approved: set 1 for approved, 0 for unapproved software	CM.2.062, CM.2.063
approved_software_workstations	product: name of software product is_approved: set 1 for approved, 0 for unapproved software	CM.2.062, CM.2.063
disabled_ports	port: port number is_disabled: set 1 for approved, 0 for unapproved port	CM.2.062
disabled_services	service: name of service is_disabled: set 1 for approved, 0 for unapproved service	CM.2.062
system_list	system_name: name of service is_server: set to 1 if server is_workstation: set to 1 if workstation	CM.2.062, CM.2.063
owner_badge_ids	badge_id: badge ID of badge owner first_name: first Name badge owner last_name: last name of badge owner	MP.2.119, PP.1.134, PP.2.135
whitelist_remote	remote_host: name of host is_approved: set 1 for approved, 0 for unapproved	AC.2.013
visitor_badge_list	badge_id: badge ID visitor: name of visitor	PP.1.132

Compliance Essentials for Splunk - Data Source Guidance

Anti-Virus or Anti-Malware

Technologies

Technology	Splunkbase Link
Symantec EP	Splunk Add-on for Symantec Endpoint Protection
Trend Micro AV	Splunk Add-on for Unix and Linux
McAfee AV Plus	Splunk for Cisco Identity Services (ISE)

Authentication

Technologies

Technology	Splunkbase Link
Windows Security Logs	Splunk Add-on for Microsoft Windows
Linux Auth Logs	Splunk Add-on for Unix and Linux
Cisco ISE	Splunk for Cisco Identity Services (ISE)
Cisco ASA	Splunk Add-on for Cisco ASA
Okta	Okta Identity Cloud Add-on for Splunk
Duo	Duo Splunk Connector

Cloud Environments

Technologies

Technology	Splunkbase Link
AWS Cloudtrail	Splunk Add-on for Amazon Web Services (AWS)
Azure	Splunk Add-on for Microsoft Cloud Services
GCP	Splunk Add-on for Google Cloud Platform

DLP

Technologies

Technology	Splunkbase Link
Symantec DLP	Splunk Add-on for Amazon Web Services (AWS)
Digital Guardian	Splunk Add-on for Microsoft Cloud Services
Forcepoint	Splunk Add-on for Google Cloud Platform
Intel Security	Splunk Add-on for Google Cloud Platform

DNS

Technologies

Technology	Splunkbase Link
Zscaler	Zscaler Technical Add-On for Splunk
Splunk Stream DNS	Splunk App for Stream
Windows DNS	Add-On for Windows DNS Analytical Logging
Microsoft Sysmon	Splunk Add-on for Sysmon
Cisco Umbrella	Cisco Umbrella Investigate Add-on
Infoblox	Splunk Add-on for Infoblox

Email

Technologies

Technology	Splunkbase Link
Microsoft Office 365	Splunk Add-on for Microsoft Office 365

Endpoint Detection and Response

Technologies

Technology	Splunkbase Link
Windows Process Launch Logs	Splunk Add-on for Microsoft Windows
Microsoft Sysmon	Splunk Add-on for Sysmon
Tanium	TA-Tanium
PAN Traps	Palo Alto Networks Add-on for Splunk
Carbon Black	Splunk Add-on for Carbon Black
Symantec EP	Splunk Add-on for Symantec Endpoint Protection
CrowdStrike	CrowdStrike Falcon Event Streams Technical Add-On
Cylance	CylancePROTECT App for Splunk

Network Communication

Technologies

Technology	Splunkbase Link
Zscaler	Zscaler Technical Add-On for Splunk
Palo Alto Networks	Palo Alto Networks Add-on for Splunk
Cisco ASA	Splunk Add-on for Cisco ASA
AWS VPC Flow	Splunk Add-on for Amazon Web Services (AWS)
Cisco iOS	Cisco Networks Add-on for Splunk Enterprise
Juniper Devices	Splunk Add-on for Infoblox
Check Point	Cisco Umbrella Investigate Add-on
Netflow	Technology Add-on for NetFlow
Splunk Stream	Splunk App for Stream

IDS or IPS

Technologies

Technology	Splunkbase Link
Palo Alto Networks	Palo Alto Networks Add-on for Splunk
Check Point	Cisco Umbrella Investigate Add-on

Application Data

Technologies

Technology	Splunkbase Link
Windows Application Log	Splunk Add-on for Microsoft Windows

IP Address Assignment

Technologies

Technology	Splunkbase Link
ISC DHCP	Splunk Add-on for ISC DHCP

Vendor-Specific Data

Technologies

Technology	Splunkbase Link
AWS Cloudtrail	Splunk Add-on for Amazon Web Services (AWS)
AWS CloudWatch Kubernetes Audit	Splunk Add-on for Amazon Web Services (AWS)
Azure Audit	Splunk Add-on for Microsoft Cloud Services
Azure AD Audit	Splunk Add on for Microsoft Azure
GCP	Splunk Add-on for Google Cloud Platform
Okta	Okta Identity Cloud Add-on for Splunk
Splunk Stream	Splunk App for Stream
Windows Security Logs	Splunk Add-on for Microsoft Windows

Vulnerability Detection

Technologies

Technology	Splunkbase Link
Nessus	Tenable Add-On for Splunk
Tenable	Tenable Add-On for Splunk
Qualys	Qualys Technology Add-on (TA) for Splunk

Web Server

Technologies

Technology	Splunkbase Link
Apache	Splunk Add-on for Apache Web Server
IIS	Splunk Add-on for Microsoft IIS

Web Proxy

Technologies

Technology	Splunkbase Link
Zscaler	Zscaler Technical Add-On for Splunk
BlueCoat	Splunk Add-on for Symantec Blue Coat ProxySG
WebSense	Splunk Add-on for Websense DLP
Palo Alto Networks	Palo Alto Networks Add-on for Splunk
Check Point	Check Point App for Splunk

References

Non Tailoring Collections

The scpa_access_time collection is populated by javascript that automatically runs as dashboards are loaded. Data can be viewed on the Solution Activity page.

Data Source Examples

Data Model / Source	Example Data Sources (Not Exhaustive)
Authentication	Windows, *Nix, Okta, Cisco ISE, Juniper (VPN)
Change	Windows, *Nix, Okta, Netscreen (Firewall), Syslog, CarbonBlack
Compute_Inventory	*Nix, Windows, Cisco UCS
Endpoint Ports	*Nix
Endpoint Processes	*Nix
Endpoint Services	*Nix
Intrusion_Detection	Netscreen (Firewall), Juniper (IDP), McAfee (IDS), Okta (IM), Carbonblack, Wireless IDS (Air Defender)
Malware	McAffee EPO
Network_Sessions	Juniper (VPN), Stream/Bro DHCP
Network_Traffic	Netscreen (Firewall), Cisco ISE, Juniper (Firewall), Carbonblack
Updates	Windows, *Nix
Vulnerabilities	Nessus, Windows
Web	Websense, Bro (HTTP)

Audit status records

Audit status records are color coded. Available color options are available here and can be added into the KV Store collection audit_status_collection

Alerts and Saved Searches

Failed Audit Changes

Practice AU.3.046 calls for alerting for audit record failure.

Hosts without Events Logged for 1 Day

Display number of hosts without events logged for a day. Alerts when number of hosts is greater than zero.

Index Audit Events

Scheduled Saved Search to send data from audit entries collection to the summary index.

Mapping panels across Frameworks

The custom content panels use the lookup “panel_framework_mapping” to map panels that are consistent across frameworks. To add additional mapping, add a practice to the corresponding framework field in the panel_framework_mapping lookup. For Example:

cmmc	dfars	fisma	rmf	omb
AC.1.001	3.1.1	AC-2	AC-2.1	Identity and Credential Management

Ended: Administration Guide

Usage

Adding Content to Dashboards

The solution includes 300+ panels that can be added to dashboards through the Custom Content Page, or through the “Add Panels” button on each practice dashboard.

Dashboards may have panels related to the control through a mapping that is stored in the KVStore lookup "panel_framework_mapping".

Panels are stored in the KVStore lookup “custom_content_panels”.

Add Panels via Dashboard

To add panels to a dashboard:

1. Click the 'Add Panels' button on the top right corner of the dashboard.
2. Preview the panel by clicking panel titles (Optional).
3. Click the checkmark of the desired panel(s) and click 'Add panels to dashboard'.
4. The dashboard will refresh with the new panels added.

Add Panels via Custom Content Page

The Custom Content page can be accessed by clicking 'Custom Content' on the navigation bar.

The page displays all dashboard panels that align to a specific domain or practice, and can be filtered by domain, practice, title, or category.

To add panels to a dashboard:

1. Click the 'Add to Dashboard' button in the row of the panel and hit confirm.
2. Once a panel is added, the cell will change to 'Added' in the Added column.
3. The panel should now be appended to the dashboard

For additional details on the Custom Content page, such as how to add, export, and import panels visit the Custom Content Usage page.

CAF Requirements Overview

Overview

The CAF Requirements Overview provides a top-down view of the status of the various data requirement review entries for CAF

CAF Requirements Status

CAF Requirements Entries created in CAF dashboards are displayed in this panel. Controls can be filtered by level and status of the requirement entry.

Selecting a Principle will open an additional panel that displays each most recent requirement statuses for each control in that Principle.

Clicking on a practice will open the dashboard and the selected system in a new tab.

CAF Requirements Timeline

Scrolling further down, this page also shows the high level cadence of requirements review entry activity The timechart is split by reviewer so we can see how often, and how many practices are reviewed by each of the reviewers in your organization

Each dot drilldowns to the dashboard and filters the time and system

Custom Content Usage

The Custom Content page can be accessed by clicking 'Custom Content' on the navigation bar.

The page displays all dashboard panels that align to a specific domain or practice, and can be filtered by domain, practice, title, or category.

Add a Panel to a Dashboard

To add panels to a dashboard: 1. Click the 'Add to Dashboard' button in the row of the panel and hit confirm. 2. Once a panel is added, the cell will change to 'Added' in the Added column. 3. The panel should now be appended to the dashboard

Create a Panel

To create a panel: 1. Click 'Create a Custom Panel 2. Panel Details: Enter a Panel title, description and XML Panel definition. The XML definition should be enclosed in <panel></panel> tags. 3. Practice Details: Enter a Domain and Practice to tie the panel to 4. Click Submit

Exporting Panels

To export panels: 1. Select panels that you wish to export 2. Click the gear icon on the top right corner 3. A JSON file containing the panels will automatically be downloaded. This file can be used to import panels into another Splunk instance

Importing Panels

To import panels: 1. Click "Import Panels" 2. Upload a JSON file created from exporting panels (steps are outlined in the Exporting Panels section) 3. Panels will automatically added to the custom content table

Domain and Practice Overview Pages

Domain Overview

- Under Practices Families > Domain Overview - Displays selection of Domains that drilldown into the Practice Overview Page

Practice Overview

- Under Practices Families > Practice Overview - Displays selection of Practices that drilldown into dashboards. - Can be filtered by levels using the buttons on the top page, or by Domain using the Practice Selector

Essential 8 Assessment Overview

Overview

The Essential 8 Assessment Overview provides a top-down view of the status of the various data requirement review entries for Essential 8

Essential 8 Assessment Status

Essential 8 Assessment Entries created in Essential 8 dashboards are displayed in this panel. Controls can be filtered by level and status of the requirement entry.

Selecting a Guideline will open an additional panel that displays each most recent requirement statuses for each control in that Guideline.

Clicking on a practice will open the dashboard and the selected system in a new tab.

Essential 8 Assessment Timeline

Scrolling further down, this page also shows the high level cadence of assessment review entry activity The timechart is split by reviewer so we can see how often, and how many practices are reviewed by each of the reviewers in your organization

Each dot drilldowns to the dashboard and filters the time and system

Executive Overview

Overview

The Executive Overview dashboard provides a top-down view of the status of the various audit review entries across the full scope of the solution. Guidance on creating audit review entries can be found in the Practice Dashboards page.

Audit Status

Audit Entries created in practice dashboards are displayed in this panel. Practices can be filtered by level/capability, control, and status of the audit entry.

Selecting a Domain will open an additional panel that displays each most recent audit status for each practice in that Domain.

Clicking on a practice will open the dashboard and the selected system in a new tab.

ISM Assessment Overview

Overview

The ISM Assessment Overview provides a top-down view of the status of the various data requirement review entries for ISM

ISM Assessment Status

ISM Assessment Entries created in ISM dashboards are displayed in this panel. Controls can be filtered by level and status of the requirement entry.

Selecting a Guideline will open an additional panel that displays each most recent requirement statuses for each control in that Guideline.

Clicking on a practice will open the dashboard and the selected system in a new tab.

ISM Assessment Timeline

Scrolling further down, this page also shows the high level cadence of assessment review entry activity The timechart is split by reviewer so we can see how often, and how many practices are reviewed by each of the reviewers in your organization

Each dot drilldowns to the dashboard and filters the time and system

OMB Data Requirements Overview

Overview

The OMB Data Requirements Overview Overview dashboard provides a top-down view of the status of the various data requirement review entries for OMB

OMB Data Requirements Status

OMB Data Requirement Entries created in OMB practice dashboards are displayed in this panel. Practices can be filtered by level and status of the requirement entry.

Selecting a Domain will open an additional panel that displays each most recent requirement statuses for each practice in that Domain.

Clicking on a practice will open the dashboard and the selected system in a new tab.

AES-CSF Dashboards

Audit Entries Panel

Each practice dashboard includes a panel to enter Audit Review information on each practice in the solution.

This workflow can be used by you and your internal teams to track practices, including:

• Comments and feedback from reviews
• Practice compliance status
• Follow-up review dates

Audit entries can also be viewed in Executive Overview and Systems Overview dashboards.

How to add an Audit Entry

1. Click 'Create audit entry'
2. Add details:
3. Practice reviewer/author: The practice reviewer will automatically be set to the current splunk name.
4. Status: Select the status for the audit review.
5. Audit Date: date of the audit event that is being reviewed, sets to the current date by default
6. Recurring/Follow-up review (optional): toggle and set the date for a follow-up review
7. Title: Title of audit entry
8. Description: Description of audit entry
9. Click submit

Artifact Entries Panel

For some practices, documentation or policy will describe some or all of the practice requirements

Each practice dashboard includes the capability to enter relevant documentation and artifacts directly within Splunk, allowing the Compliance Essentials to be a one-stop shop for all mediums of controls.

CRUD Panel Permissions

Audit and Artifact Entry Panels have the following permissions:

• Users without audit_admin role can only edit own issues
• Users with audit_admin role can update and delete others

Add Panels

The solution includes 300+ panels that can be added to dashboards through the Custom Content Page, or through the “Add Panels” button on each practice dashboard. For setup instructions visit the Add Content to Dashboard page.

CAF Dashboards

Audit Entries Panel

Each practice dashboard includes a panel to enter Audit Review information on each practice in the solution.

This workflow can be used by you and your internal teams to track practices, including:

• Comments and feedback from reviews
• Practice compliance status
• Follow-up review dates

Audit entries can also be viewed in Executive Overview and Systems Overview dashboards.

How to add an Audit Entry

1. Click 'Create audit entry'
2. Add details:
3. Practice reviewer/author: The practice reviewer will automatically be set to the current splunk name.
4. Status: Select the status for the audit review.
5. Audit Date: date of the audit event that is being reviewed, sets to the current date by default
6. Recurring/Follow-up review (optional): toggle and set the date for a follow-up review
7. Title: Title of audit entry
8. Description: Description of audit entry
9. Click submit

CAF Requirement Entries Panel

Each practice dashboard includes a panel to enter CAF Requirements reviews on each practice in the solution.

CAF Requirement entries can be used to review data based on Indicators of Good Practice (IGP) of that requirement.

CAF Requirements entries can also be viewed in CAF IGP Overview and Systems Overview dashboards.

How to add a CAF Requirement Entry

1. Click 'Create a new requirement entry'
2. Add details:
3. Practice reviewer/author: The practice reviewer will automatically be set to the current splunk name.
4. Requirement: Select the IGP for the review.
5. Status: Select the status for selected IGP.
6. Assessment Date: date of the audit event that is being reviewed, sets to the current date by default
7. Recurring/Follow-up review (optional): toggle and set the date for a follow-up review
8. Title: Title of audit entry
9. Description: Description of audit entry
10. Click submit

Artifact Entries Panel

For some practices, documentation or policy will describe some or all of the practice requirements

Each practice dashboard includes the capability to enter relevant documentation and artifacts directly within Splunk, allowing the Compliance Essentials to be a one-stop shop for all mediums of controls.

CRUD Panel Permissions

Audit and Artifact Entry Panels have the following permissions:

• Users without audit_admin role can only edit own issues
• Users with audit_admin role can update and delete others

Add Panels

The solution includes 300+ panels that can be added to dashboards through the Custom Content Page, or through the “Add Panels” button on each practice dashboard. For setup instructions visit the Add Content to Dashboard page.

CMMC Dashboards

Audit Entries Panel

Each practice dashboard includes a panel to enter Audit Review information on each practice in the solution.

This workflow can be used by you and your internal teams to track practices, including:

• Comments and feedback from reviews
• Practice compliance status
• Follow-up review dates

Audit entries can also be viewed in Executive Overview and Systems Overview dashboards.

How to add an Audit Entry

1. Click 'Create audit entry'
2. Add details:
3. Practice reviewer/author: The practice reviewer will automatically be set to the current splunk name.
4. Status: Select the status for the audit review.
5. Audit Date: date of the audit event that is being reviewed, sets to the current date by default
6. Recurring/Follow-up review (optional): toggle and set the date for a follow-up review
7. Title: Title of audit entry
8. Description: Description of audit entry
9. Click submit

Artifact Entries Panel

For some practices, documentation or policy will describe some or all of the practice requirements

Each practice dashboard includes the capability to enter relevant documentation and artifacts directly within Splunk, allowing the Compliance Essentials to be a one-stop shop for all mediums of controls.

Training Entries Panel

CMMC Dashboards AT.3.058 and AT.4.59 include a panel for users to enter training entries.

CRUD Panel Permissions

Audit, Artifact, and Training Entry Panels have the following permissions:

• Users without audit_admin role can only edit own issues
• Users with audit_admin role can update and delete others

Add Panels

The solution includes 300+ panels that can be added to dashboards through the Custom Content Page, or through the “Add Panels” button on each practice dashboard. For setup instructions visit the Add Content to Dashboard page.

DFARS Dashboards

Audit Entries Panel

Each practice dashboard includes a panel to enter Audit Review information on each practice in the solution.

This workflow can be used by you and your internal teams to track practices, including:

• Comments and feedback from reviews
• Practice compliance status
• Follow-up review dates

Audit entries can also be viewed in Executive Overview and Systems Overview dashboards.

How to add an Audit Entry

1. Click 'Create audit entry'
2. Add details:
3. Practice reviewer/author: The practice reviewer will automatically be set to the current splunk name.
4. Status: Select the status for the audit review.
5. Audit Date: date of the audit event that is being reviewed, sets to the current date by default
6. Recurring/Follow-up review (optional): toggle and set the date for a follow-up review
7. Title: Title of audit entry
8. Description: Description of audit entry
9. Click submit

Artifact Entries Panel

For some practices, documentation or policy will describe some or all of the practice requirements

Each practice dashboard includes the capability to enter relevant documentation and artifacts directly within Splunk, allowing the Compliance Essentials to be a one-stop shop for all mediums of controls.

CRUD Panel Permissions

Audit and Artifact Entry Panels have the following permissions:

• Users without audit_admin role can only edit own issues
• Users with audit_admin role can update and delete others

Add Panels

The solution includes 300+ panels that can be added to dashboards through the Custom Content Page, or through the “Add Panels” button on each practice dashboard. For setup instructions visit the Add Content to Dashboard page.

Essential 8 Dashboards

Audit Entries Panel

Each practice dashboard includes a panel to enter Audit Review information on each practice in the solution.

This workflow can be used by you and your internal teams to track practices, including:

• Comments and feedback from reviews
• Practice compliance status
• Follow-up review dates

Audit entries can also be viewed in Executive Overview and Systems Overview dashboards.

How to add an Audit Entry

1. Click 'Create audit entry'
2. Add details:
3. Practice reviewer/author: The practice reviewer will automatically be set to the current splunk name.
4. Status: Select the status for the audit review.
5. Audit Date: date of the audit event that is being reviewed, sets to the current date by default
6. Recurring/Follow-up review (optional): toggle and set the date for a follow-up review
7. Title: Title of audit entry
8. Description: Description of audit entry
9. Click submit

Assessment Entries Panel

Each practice dashboard includes a panel to enter Assessment reviews on each practice in the solution.

Assessment entries can be used to review data based on Operational Effectiveness, Design Effectiveness, and Quality of Evidence.

Assessment entries can also be viewed in Essential 8 Assesment Overview and Systems Overview dashboards.

How to add an Assessment Entry

1. Click 'Create a new assessment'
2. Add details:
3. Practice reviewer/author: The practice reviewer will automatically be set to the current splunk name.
4. Assessment Type: Select the type of assessment (Operational Effectiveness, Design Effectiveness, and Quality of Evidence).
5. Assessment Status: Select the status for the assessment review.
6. Assessment Date: date of the audit event that is being reviewed, sets to the current date by default
7. Recurring/Follow-up review (optional): toggle and set the date for a follow-up review
8. Title: Title of audit entry
9. Description: Description of audit entry
10. Click submit

Artifact Entries Panel

For some practices, documentation or policy will describe some or all of the practice requirements

Each practice dashboard includes the capability to enter relevant documentation and artifacts directly within Splunk, allowing the Compliance Essentials to be a one-stop shop for all mediums of controls.

CRUD Panel Permissions

Audit and Artifact Entry Panels have the following permissions:

• Users without audit_admin role can only edit own issues
• Users with audit_admin role can update and delete others

Add Panels

The solution includes 300+ panels that can be added to dashboards through the Custom Content Page, or through the “Add Panels” button on each practice dashboard. For setup instructions visit the Add Content to Dashboard page.

FISMA Dashboards

Audit Entries Panel

Each practice dashboard includes a panel to enter Audit Review information on each practice in the solution.

This workflow can be used by you and your internal teams to track practices, including:

• Comments and feedback from reviews
• Practice compliance status
• Follow-up review dates

Audit entries can also be viewed in Executive Overview and Systems Overview dashboards.

How to add an Audit Entry

1. Click 'Create audit entry'
2. Add details:
3. Practice reviewer/author: The practice reviewer will automatically be set to the current splunk name.
4. Status: Select the status for the audit review.
5. Audit Date: date of the audit event that is being reviewed, sets to the current date by default
6. Recurring/Follow-up review (optional): toggle and set the date for a follow-up review
7. Title: Title of audit entry
8. Description: Description of audit entry
9. Click submit

Artifact Entries Panel

For some practices, documentation or policy will describe some or all of the practice requirements

Each practice dashboard includes the capability to enter relevant documentation and artifacts directly within Splunk, allowing the Compliance Essentials to be a one-stop shop for all mediums of controls.

CRUD Panel Permissions

Audit and Artifact Entry Panels have the following permissions:

• Users without audit_admin role can only edit own issues
• Users with audit_admin role can update and delete others

Add Panels

The solution includes 300+ panels that can be added to dashboards through the Custom Content Page, or through the “Add Panels” button on each practice dashboard. For setup instructions visit the Add Content to Dashboard page.

ISM Dashboards

Audit Entries Panel

Each practice dashboard includes a panel to enter Audit Review information on each practice in the solution.

This workflow can be used by you and your internal teams to track practices, including:

• Comments and feedback from reviews
• Practice compliance status
• Follow-up review dates

Audit entries can also be viewed in Executive Overview and Systems Overview dashboards.

How to add an Audit Entry

1. Click 'Create audit entry'
2. Add details:
3. Practice reviewer/author: The practice reviewer will automatically be set to the current splunk name.
4. Status: Select the status for the audit review.
5. Audit Date: date of the audit event that is being reviewed, sets to the current date by default
6. Recurring/Follow-up review (optional): toggle and set the date for a follow-up review
7. Title: Title of audit entry
8. Description: Description of audit entry
9. Click submit

Assessment Entries Panel

Each practice dashboard includes a panel to enter Assessment reviews on each practice in the solution.

Assessment entries can be used to review data based on Operational Effectiveness, Design Effectiveness, and Quality of Evidence.

Assessment entries can also be viewed in ISM Assesment Overview and Systems Overview dashboards.

How to add an Assessment Entry

1. Click 'Create a new assessment'
2. Add details:
3. Practice reviewer/author: The practice reviewer will automatically be set to the current splunk name.
4. Assessment Type: Select the type of assessment (Operational Effectiveness, Design Effectiveness, and Quality of Evidence).
5. Assessment Status: Select the status for the assessment review.
6. Assessment Date: date of the audit event that is being reviewed, sets to the current date by default
7. Recurring/Follow-up review (optional): toggle and set the date for a follow-up review
8. Title: Title of audit entry
9. Description: Description of audit entry
10. Click submit

Artifact Entries Panel

For some practices, documentation or policy will describe some or all of the practice requirements

Each practice dashboard includes the capability to enter relevant documentation and artifacts directly within Splunk, allowing the Compliance Essentials to be a one-stop shop for all mediums of controls.

CRUD Panel Permissions

Audit and Artifact Entry Panels have the following permissions:

• Users without audit_admin role can only edit own issues
• Users with audit_admin role can update and delete others

Add Panels

The solution includes 300+ panels that can be added to dashboards through the Custom Content Page, or through the “Add Panels” button on each practice dashboard. For setup instructions visit the Add Content to Dashboard page.

OMB 21-31 Dashboards

Audit Entries Panel

Each practice dashboard includes a panel to enter Audit Review information on each practice in the solution.

This workflow can be used by you and your internal teams to track practices, including:

• Comments and feedback from reviews
• Practice compliance status
• Follow-up review dates

Audit entries can also be viewed in Executive Overview and Systems Overview dashboards.

How to add an Audit Entry

1. Click 'Create audit entry'
2. Add details:
3. Practice reviewer/author: The practice reviewer will automatically be set to the current splunk name.
4. Status: Select the status for the audit review.
5. Audit Date: date of the audit event that is being reviewed, sets to the current date by default
6. Recurring/Follow-up review (optional): toggle and set the date for a follow-up review
7. Title: Title of audit entry
8. Description: Description of audit entry
9. Click submit

Data Requirement Entries Panel

All OMB Dashboards include a panel for users to enter data requirement entries. Similarly to audit entries, the data requirement panel can be used by you and your internal teams to track that each data requirement is being logged.

Data Requirement entries is used in the OMB Executive and Systems Overview Pages.

Artifact Entries Panel

For some practices, documentation or policy will describe some or all of the practice requirements

Each practice dashboard includes the capability to enter relevant documentation and artifacts directly within Splunk, allowing the Compliance Essentials to be a one-stop shop for all mediums of controls.

CRUD Panel Permissions

Audit and Artifact Entry Panels have the following permissions:

• Users without audit_admin role can only edit own issues
• Users with audit_admin role can update and delete others

Add Panels

The solution includes 300+ panels that can be added to dashboards through the Custom Content Page, or through the “Add Panels” button on each practice dashboard. For setup instructions visit the Add Content to Dashboard page.

RMF Dashboards

Audit Entries Panel

Each practice dashboard includes a panel to enter Audit Review information on each practice in the solution.

This workflow can be used by you and your internal teams to track practices, including:

• Comments and feedback from reviews
• Practice compliance status
• Follow-up review dates

Audit entries can also be viewed in Executive Overview and Systems Overview dashboards.

How to add an Audit Entry

1. Click 'Create audit entry'
2. Add details:
3. Practice reviewer/author: The practice reviewer will automatically be set to the current splunk name.
4. Status: Select the status for the audit review.
5. Audit Date: date of the audit event that is being reviewed, sets to the current date by default
6. Recurring/Follow-up review (optional): toggle and set the date for a follow-up review
7. Title: Title of audit entry
8. Description: Description of audit entry
9. Click submit

Artifact Entries Panel

For some practices, documentation or policy will describe some or all of the practice requirements

Each practice dashboard includes the capability to enter relevant documentation and artifacts directly within Splunk, allowing the Compliance Essentials to be a one-stop shop for all mediums of controls.

Data Requirement Entries Panel

All OMB Dashboards include a panel for users to enter data requirement entries. Similarly to audit entries, the data requirement panel can be used by you and your internal teams to track that each data requirement is being logged.

Data Requirement entries is used in the OMB Executive and Systems Overview Pages.

Training Entries Panel

CMMC Dashboards AT.3.058 and AT.4.59 include a panel for users to enter training entries.

CRUD Panel Permissions

Audit and Artifact Entry Panels have the following permissions:

• Users without audit_admin role can only edit own issues
• Users with audit_admin role can update and delete others

Add Panels

The solution includes 300+ panels that can be added to dashboards through the Custom Content Page, or through the “Add Panels” button on each practice dashboard. For setup instructions visit the Add Content to Dashboard page.

Practice Family Collection Setup

Overview

In order to enable your organization to evolve over time and make it easy to manage the solution, we’ve built an administrative control dashboard to put managing navigation and other tasks right in Splunk web.

From this page, you can modify the cards and navigation associated with the domains and practices throughout the solution. If you’d like to change descriptions, icons, or expanded guidance information, you can do it right on this page.

Default Levels

Frameworks CMMC, FISMA, and OMB M 21-31 have the option to select levels that will be selected by default in the Practice Overview Page.

Domains

Domains can be edited or created. Created Domain will be added to the Domain Overview and Navigation Bar

Create a New Domain

Generating a new domain can be executed from Practice Family Collection Setup page 1. Select “Add a new Domain” 2. Enter values for the following fields and click submit:

Field Name	Description	Required/Optional
Domain Name	Name of the Domain	Required
Domain Code	Typically a 2 letter code (e.g. AC)	Required, optional for OMB
Icon	Icons are pulled from Fontawesome and can be searched in the Icon field	Required
Description	Description of the Domain	Required, optional for OMB

1. New Domain will populate in the domain collection list
2. Click “Update Navigation” at the top of the page to update the navigation bar with the new practice

Practices

Practices can be edited or created. Created Practices will be added to the Practice Overview and Navigation Bar

Practices can be hidden by toggling the Visibility column or selecting a Splunk lookup. For multi-systems, visibility can only be set per system in the System Overview page.

Create a New Practice

Generating a new practice can be executed from Practice Family Collection Setup page 1. Click “Add a new practice” 2. Enter values for the following fields and click submit 3. Click “Update Navigation” at the top of the page to update the navigation bar with the new practice 4. Create the corresponding dashboard XML with the dashboard id created in step 2 ( e.g., ND_3_999_CMMC.xml)

Toggle Visibility

To toggle the visibility of the practices, click toggle the switch under the “Visible” column.

To toggle multiple practices, follow these steps: 1. Upload a csv that includes the field “Control Name Field” (field to match against Control Name) and “Implementation Status Field” (“Not Applicable” sets visibility to false). If using RMF, a eMass POAM report can be uploaded. An example of a csv can be found below:

Control Name Field	Implementation Status Field
AC-1	Not Applicable
AC-2	Applicable

In the Practice Family Collection Setup, click “Select a lookup to toggle visibility” 2. Select the csv you uploaded in the first step. 3. The fields will automatically be set to “Control Name Field” and “Implementation Status Field”. 4. Once submitted, the practice table will update.

Removing Practices and Domains

When selecting a row, a setting gear icon will appear on the top right corner of the table. Select the option to delete a practice or domain.

System Overview

The System Overview displays systems created and Audit Entries tied to that system. OMB Data Requirement Entries are displayed as well if system is under OMB.

Each system drilldowns into the Executive Overview page that gives more details on the Audit Entries.

Creating a System

For intructions on creating a system, visit the Multi-system Setup page for guidance.

Editing or Deleting a System

A system can be edited or deleted by opening 'Actions' > and clicking 'Edit' or 'Delete'

System Search

Use the System Search to search for a specific or a set of systems. Wildcards are supported (e.g. system*)

Field Search

Use the Field Search to filter systems that is tied to a host, source, sourcetype or index. The example above shows systems that has a host or source with "systemd"

Solution User Activity

The Solution User Activity page provides the ability to audit the auditor, or track activity and utilization of the app itself. This page also allows for monitoring of your audit and continuous monitoring, both in terms of activities and overall trends. This additional data and visibility is important to implementing new practices, establishing new cadence, and ensuring that your organization is meeting its goals and objectives for continuous monitoring

Ended: Usage

Troubleshooting

Troubleshooting

Required Permissions

The setup page requires users to have the capability “output_file”, to check if you have this role, complete the following steps:

Finding your role

1. Click Settings, and select “Users” under “Users and Authentication”
2. View your role by locating your user name
3. Continue on the next step to find the capabilities tied to your role

Finding capability for your role

1. Click Settings, and select “Roles” under “Users and Authentication”
2. Locate the role your user has, click Edit>Edit and navigate to the Capabilities tab
3. Enter “output_file” in the filter and ensure output_file is checked

View Detailed Error Message

To investigate the issue, a detailed error messages can be found in the console log or displayed on the Setup Page.

To view the Error message in the console log:

1. On the setup page, right click and select “Inspect”
2. A window will appear, select the tab “Console”
3. Navigate back to the Setup page and select a framework
4. View Error message in the Console tab (This error is caused the user missing the “output_file” capability, if you generate the same Error message, review Required Permissions)

Possible Error Messages

Selected Framework Error: an error occurred running the following search

The error occurs when writing to the selected_framework lookup. Ensure the selected_framework_collection is visible in the Splunk Environment

Navigation Bar Error: an error occurred updating the navigation bar

The error occurs when an attempt to write to the navigation bar was denied. Ensure the current user has the correct permissions to update the navigation bar

Domain Setup Error: an error occurred running the saved search Domain Family Collection Setup

The error occurs when trying to run a saved search. Ensure the current user does not have issues running a saved search.

Manual Setup

You may complete the setup manually but completing the following steps in the Manual Setup page

Contact Us

While this app is not formally supported, the developer can be reached at mduran@splunk.com. Responses are made on a best effort basis. Feedback is always welcome and appreciated!

Manual Setup

You may complete the setup manually but completing the following steps:

  1. Create new folder compliance_essentials/local

  2. Create file app.conf in local folder

  3. Add the following to the file:

[install]
is_configured = 1

  4. Create folder path compliance_essentials/local/data/ui/nav

  5. Create file default.xml in nav folder

  6. Copy and paste the xml based on the desired framework. Available below are severl different common nav xml values:

CMMC

RMF

FISMA

DFARS

OMB

OMB_FISMA

  7. Restart splunk

  8. Navigate to Searches, Reports, and Alerts

  9. In the search filter enter “setup”

  10. Run the 5 saved searches displayed

<nav search_view="search" color="#000000">
<collection label="CMMC">
<view name="cmmc_home"/>
<view name="cmmc_contents"/>
<divider />
<collection label="Access Control - AC">
<view name="AC_1_001_cmmc"/>
<view name="AC_2_005_cmmc"/>
<view name="AC_2_006_cmmc"/>
<view name="AC_1_002_cmmc"/>
<view name="AC_2_007_cmmc"/>
<view name="AC_2_008_cmmc"/>
<view name="AC_2_009_cmmc"/>
<view name="AC_2_010_cmmc"/>
<view name="AC_2_011_cmmc"/>
<view name="AC_3_017_cmmc"/>
<view name="AC_3_018_cmmc"/>
<view name="AC_3_019_cmmc"/>
<view name="AC_3_012_cmmc"/>
<view name="AC_3_020_cmmc"/>
<view name="AC_4_023_cmmc"/>
<view name="AC_4_025_cmmc"/>
<view name="AC_5_024_cmmc"/>
<view name="AC_1_003_cmmc"/>
<view name="AC_1_004_cmmc"/>
<view name="AC_2_013_cmmc"/>
<view name="AC_2_015_cmmc"/>
<view name="AC_2_016_cmmc"/>
<view name="AC_3_014_cmmc"/>
<view name="AC_3_021_cmmc"/>
<view name="AC_3_022_cmmc"/>
<view name="AC_4_032_cmmc"/>
</collection>
<collection label="Asset Management - AM">
<view name="AM_3_036_cmmc"/>
<view name="AM_4_226_cmmc"/>
</collection>
<collection label="Audit and Accountability - AU">
<view name="AU_2_041_cmmc"/>
<view name="AU_3_045_cmmc"/>
<view name="AU_3_046_cmmc"/>
<view name="AU_2_042_cmmc"/>
<view name="AU_2_043_cmmc"/>
<view name="AU_3_048_cmmc"/>
<view name="AU_5_055_cmmc"/>
<view name="AU_3_049_cmmc"/>
<view name="AU_3_050_cmmc"/>
<view name="AU_2_044_cmmc"/>
<view name="AU_3_051_cmmc"/>
<view name="AU_3_052_cmmc"/>
<view name="AU_4_053_cmmc"/>
<view name="AU_4_054_cmmc"/>
</collection>
<collection label="Awareness and Training - AT">
<view name="AT_2_056_cmmc"/>
<view name="AT_3_058_cmmc"/>
<view name="AT_4_059_cmmc"/>
<view name="AT_4_060_cmmc"/>
<view name="AT_2_057_cmmc"/>
</collection>
<collection label="Configuration Management - CM">
<view name="CM_2_061_cmmc"/>
<view name="CM_2_062_cmmc"/>
<view name="CM_2_063_cmmc"/>
<view name="CM_2_064_cmmc"/>
<view name="CM_2_065_cmmc"/>
<view name="CM_2_066_cmmc"/>
<view name="CM_3_067_cmmc"/>
<view name="CM_3_068_cmmc"/>
<view name="CM_3_069_cmmc"/>
<view name="CM_4_073_cmmc"/>
<view name="CM_5_074_cmmc"/>
</collection>
<collection label="Identification and Authentication - IA">
<view name="IA_1_076_cmmc"/>
<view name="IA_1_077_cmmc"/>
<view name="IA_2_078_cmmc"/>
<view name="IA_2_079_cmmc"/>
<view name="IA_2_080_cmmc"/>
<view name="IA_2_081_cmmc"/>
<view name="IA_2_082_cmmc"/>
<view name="IA_3_083_cmmc"/>
<view name="IA_3_084_cmmc"/>
<view name="IA_3_085_cmmc"/>
<view name="IA_3_086_cmmc"/>
</collection>
<collection label="Incident Response - IR">
<view name="IR_2_092_cmmc"/>
<view name="IR_4_100_cmmc"/>
<view name="IR_5_106_cmmc"/>
<view name="IR_2_093_cmmc"/>
<view name="IR_2_094_cmmc"/>
<view name="IR_2_096_cmmc"/>
<view name="IR_3_098_cmmc"/>
<view name="IR_4_101_cmmc"/>
<view name="IR_5_102_cmmc"/>
<view name="IR_5_108_cmmc"/>
<view name="IR_2_097_cmmc"/>
<view name="IR_3_099_cmmc"/>
<view name="IR_5_110_cmmc"/>
</collection>
<collection label="Maintenance - MA">
<view name="MA_2_111_cmmc"/>
<view name="MA_2_112_cmmc"/>
<view name="MA_2_113_cmmc"/>
<view name="MA_2_114_cmmc"/>
<view name="MA_3_115_cmmc"/>
<view name="MA_3_116_cmmc"/>
</collection>
<collection label="Media Protection - MP">
<view name="MP_3_122_cmmc"/>
<view name="MP_2_119_cmmc"/>
<view name="MP_2_120_cmmc"/>
<view name="MP_2_121_cmmc"/>
<view name="MP_3_123_cmmc"/>
<view name="MP_1_118_cmmc"/>
<view name="MP_3_124_cmmc"/>
<view name="MP_3_125_cmmc"/>
</collection>
<collection label="Personnel Security - PS">
<view name="PS_2_127_cmmc"/>
<view name="PS_2_128_cmmc"/>
</collection>
<collection label="Physical Protection - PP">
<view name="PP_1_131_cmmc"/>
<view name="PP_1_132_cmmc"/>
<view name="PP_1_133_cmmc"/>
<view name="PP_1_134_cmmc"/>
<view name="PP_2_135_cmmc"/>
<view name="PP_3_136_cmmc"/>
</collection>
<collection label="Recovery - RE">
<view name="RE_2_137_cmmc"/>
<view name="RE_2_138_cmmc"/>
<view name="RE_3_139_cmmc"/>
<view name="RE_5_140_cmmc"/>
</collection>
<collection label="Risk Management - RM">
<view name="RM_2_141_cmmc"/>
<view name="RM_2_142_cmmc"/>
<view name="RM_3_144_cmmc"/>
<view name="RM_4_149_cmmc"/>
<view name="RM_4_150_cmmc"/>
<view name="RM_4_151_cmmc"/>
<view name="RM_2_143_cmmc"/>
<view name="RM_3_146_cmmc"/>
<view name="RM_3_147_cmmc"/>
<view name="RM_5_152_cmmc"/>
<view name="RM_5_155_cmmc"/>
<view name="RM_4_148_cmmc"/>
</collection>
<collection label="Security Assessment - CA">
<view name="CA_2_157_cmmc"/>
<view name="CA_4_163_cmmc"/>
<view name="CA_2_158_cmmc"/>
<view name="CA_2_159_cmmc"/>
<view name="CA_3_161_cmmc"/>
<view name="CA_4_164_cmmc"/>
<view name="CA_4_227_cmmc"/>
<view name="CA_3_162_cmmc"/>
</collection>
<collection label="Situational Awareness - SA">
<view name="SA_3_169_cmmc"/>
<view name="SA_4_171_cmmc"/>
<view name="SA_4_173_cmmc"/>
</collection>
<collection label="System and Communications Protection - SC">
<view name="SC_2_178_cmmc"/>
<view name="SC_2_179_cmmc"/>
<view name="SC_3_177_cmmc"/>
<view name="SC_3_180_cmmc"/>
<view name="SC_3_181_cmmc"/>
<view name="SC_3_182_cmmc"/>
<view name="SC_3_183_cmmc"/>
<view name="SC_3_184_cmmc"/>
<view name="SC_3_185_cmmc"/>
<view name="SC_3_186_cmmc"/>
<view name="SC_4_197_cmmc"/>
<view name="SC_4_228_cmmc"/>
<view name="SC_5_198_cmmc"/>
<view name="SC_5_230_cmmc"/>
<view name="SC_3_187_cmmc"/>
<view name="SC_3_188_cmmc"/>
<view name="SC_3_189_cmmc"/>
<view name="SC_3_190_cmmc"/>
<view name="SC_3_191_cmmc"/>
<view name="SC_1_175_cmmc"/>
<view name="SC_1_176_cmmc"/>
<view name="SC_3_192_cmmc"/>
<view name="SC_3_193_cmmc"/>
<view name="SC_4_199_cmmc"/>
<view name="SC_4_202_cmmc"/>
<view name="SC_4_229_cmmc"/>
<view name="SC_5_208_cmmc"/>
</collection>
<collection label="System and Informational Integrity - SI">
<view name="SI_1_210_cmmc"/>
<view name="SI_2_214_cmmc"/>
<view name="SI_4_221_cmmc"/>
<view name="SI_1_211_cmmc"/>
<view name="SI_1_212_cmmc"/>
<view name="SI_1_213_cmmc"/>
<view name="SI_5_222_cmmc"/>
<view name="SI_2_216_cmmc"/>
<view name="SI_2_217_cmmc"/>
<view name="SI_3_218_cmmc"/>
<view name="SI_5_223_cmmc"/>
<view name="SI_3_219_cmmc"/>
<view name="SI_3_220_cmmc"/>
</collection>
</collection>
<view name="executive_overview" default="true"/>
<view name="practice_setup"/>
<view name="custom_content"/>
<view name="system_overview"/>
<collection label="Other Menus">
<view name="compliance_essentials_health"/>
<view name="audit_workflow"/>
<view name="access_overview"/>
<view name="dashboards"/>
<view name="search"/>
<view name="reports" />
</collection>
<a href="https://splunk.github.io/Compliance_Essentials/" target="_blank">Docs</a>
</nav>

<nav search_view="search" color="#000000">
<a class="disabled" target="" href="dfars_home">DFARS</a>
<collection label="Practice Families">
<view name="dfars_home"/>
<view name="dfars_contents"/>
<divider />
<collection label="Access Control">
<view name="AC_3_1_1_dfars"/>
<view name="AC_3_1_2_dfars"/>
<view name="AC_3_1_3_dfars"/>
<view name="AC_3_1_4_dfars"/>
<view name="AC_3_1_5_dfars"/>
<view name="AC_3_1_6_dfars"/>
<view name="AC_3_1_7_dfars"/>
<view name="AC_3_1_8_dfars"/>
<view name="AC_3_1_9_dfars"/>
<view name="AC_3_1_10_dfars"/>
<view name="AC_3_1_11_dfars"/>
<view name="AC_3_1_12_dfars"/>
<view name="AC_3_1_13_dfars"/>
<view name="AC_3_1_14_dfars"/>
<view name="AC_3_1_15_dfars"/>
<view name="AC_3_1_16_dfars"/>
<view name="AC_3_1_17_dfars"/>
<view name="AC_3_1_18_dfars"/>
<view name="AC_3_1_19_dfars"/>
<view name="AC_3_1_20_dfars"/>
<view name="AC_3_1_21_dfars"/>
<view name="AC_3_1_22_dfars"/>
</collection>
<collection label="Awareness and Training">
<view name="AT_3_2_1_dfars"/>
<view name="AT_3_2_2_dfars"/>
<view name="AT_3_2_3_dfars"/>
</collection>
<collection label="Audit and Accountability">
<view name="AU_3_3_1_dfars"/>
<view name="AU_3_3_2_dfars"/>
<view name="AU_3_3_3_dfars"/>
<view name="AU_3_3_4_dfars"/>
<view name="AU_3_3_5_dfars"/>
<view name="AU_3_3_6_dfars"/>
<view name="AU_3_3_7_dfars"/>
<view name="AU_3_3_8_dfars"/>
<view name="AU_3_3_9_dfars"/>
</collection>
<collection label="Configuration Management">
<view name="CM_3_4_1_dfars"/>
<view name="CM_3_4_2_dfars"/>
<view name="CM_3_4_3_dfars"/>
<view name="CM_3_4_4_dfars"/>
<view name="CM_3_4_5_dfars"/>
<view name="CM_3_4_6_dfars"/>
<view name="CM_3_4_7_dfars"/>
<view name="CM_3_4_8_dfars"/>
<view name="CM_3_4_9_dfars"/>
</collection>
<collection label="Identification and Authentication">
<view name="IA_3_5_1_dfars"/>
<view name="IA_3_5_2_dfars"/>
<view name="IA_3_5_3_dfars"/>
<view name="IA_3_5_4_dfars"/>
<view name="IA_3_5_5_dfars"/>
<view name="IA_3_5_6_dfars"/>
<view name="IA_3_5_7_dfars"/>
<view name="IA_3_5_8_dfars"/>
<view name="IA_3_5_9_dfars"/>
<view name="IA_3_5_10_dfars"/>
<view name="IA_3_5_11_dfars"/>
</collection>
<collection label="Incident Response">
<view name="IR_3_6_1_dfars"/>
<view name="IR_3_6_2_dfars"/>
<view name="IR_3_6_3_dfars"/>
</collection>
<collection label="Maintenance">
<view name="MA_3_7_1_dfars"/>
<view name="MA_3_7_2_dfars"/>
<view name="MA_3_7_3_dfars"/>
<view name="MA_3_7_4_dfars"/>
<view name="MA_3_7_5_dfars"/>
<view name="MA_3_7_6_dfars"/>
</collection>
<collection label="Media Protection">
<view name="MP_3_8_1_dfars"/>
<view name="MP_3_8_2_dfars"/>
<view name="MP_3_8_3_dfars"/>
<view name="MP_3_8_4_dfars"/>
<view name="MP_3_8_5_dfars"/>
<view name="MP_3_8_6_dfars"/>
<view name="MP_3_8_7_dfars"/>
<view name="MP_3_8_8_dfars"/>
<view name="MP_3_8_9_dfars"/>
</collection>
<collection label="Personnel Security">
<view name="PS_3_9_1_dfars"/>
<view name="PS_3_9_2_dfars"/>
</collection>
<collection label="Physical Protection">
<view name="PP_3_10_1_dfars"/>
<view name="PP_3_10_2_dfars"/>
<view name="PP_3_10_3_dfars"/>
<view name="PP_3_10_4_dfars"/>
<view name="PP_3_10_5_dfars"/>
<view name="PP_3_10_6_dfars"/>
</collection>
<collection label="Risk Assessment">
<view name="RA_3_11_1_dfars"/>
<view name="RA_3_11_2_dfars"/>
<view name="RA_3_11_3_dfars"/>
</collection>
<collection label="Security Assessment">
<view name="SA_3_12_1_dfars"/>
<view name="SA_3_12_2_dfars"/>
<view name="SA_3_12_3_dfars"/>
<view name="SA_3_12_4_dfars"/>
</collection>
<collection label="System and Communications Protection">
<view name="SC_3_13_1_dfars"/>
<view name="SC_3_13_2_dfars"/>
<view name="SC_3_13_3_dfars"/>
<view name="SC_3_13_4_dfars"/>
<view name="SC_3_13_5_dfars"/>
<view name="SC_3_13_6_dfars"/>
<view name="SC_3_13_7_dfars"/>
<view name="SC_3_13_8_dfars"/>
<view name="SC_3_13_9_dfars"/>
<view name="SC_3_13_10_dfars"/>
<view name="SC_3_13_11_dfars"/>
<view name="SC_3_13_12_dfars"/>
<view name="SC_3_13_13_dfars"/>
<view name="SC_3_13_14_dfars"/>
<view name="SC_3_13_15_dfars"/>
<view name="SC_3_13_16_dfars"/>
</collection>
<collection label="System and Informational Integrity">
<view name="SI_3_14_1_dfars"/>
<view name="SI_3_14_2_dfars"/>
<view name="SI_3_14_3_dfars"/>
<view name="SI_3_14_4_dfars"/>
<view name="SI_3_14_5_dfars"/>
<view name="SI_3_14_6_dfars"/>
<view name="SI_3_14_7_dfars"/>
</collection>
</collection>
<view name="executive_overview" default="true"/>
<view name="practice_setup"/>
<view name="custom_content"/>
<view name="system_overview"/>
<collection label="Other Menus">
<view name="compliance_essentials_health"/>
<view name="audit_workflow"/>
<view name="access_overview"/>
<view name="dashboards"/>
<view name="search"/>
<view name="reports" />
</collection>
<a href="https://splunk.github.io/Compliance_Essentials/" target="_blank">Docs</a>
</nav>

<nav search_view="search" color="#000000">
<a class="disabled" target="" href="fisma_home">FISMA</a>
<collection label="Practice Families">
<view name="fisma_home"/>
<view name="fisma_contents"/>
<divider />
<collection label="Access Control">
<collection label="AC-1">
<view name="AC_1_fisma"/>
</collection>
<collection label="AC-10">
<view name="AC_10_fisma"/>
</collection>
<collection label="AC-11">
<view name="AC_11-1_fisma"/>
<view name="AC_11_fisma"/>
</collection>
<collection label="AC-12">
<view name="AC_12_fisma"/>
</collection>
<collection label="AC-14">
<view name="AC_14_fisma"/>
</collection>
<collection label="AC-17">
<view name="AC_17-1_fisma"/>
<view name="AC_17-2_fisma"/>
<view name="AC_17-3_fisma"/>
<view name="AC_17-4_fisma"/>
<view name="AC_17_fisma"/>
</collection>
<collection label="AC-18">
<view name="AC_18-1_fisma"/>
<view name="AC_18-3_fisma"/>
<view name="AC_18-4_fisma"/>
<view name="AC_18-5_fisma"/>
<view name="AC_18_fisma"/>
</collection>
<collection label="AC-19">
<view name="AC_19-5_fisma"/>
<view name="AC_19_fisma"/>
</collection>
<collection label="AC-2">
<view name="AC_2-1_fisma"/>
<view name="AC_2-11_fisma"/>
<view name="AC_2-12_fisma"/>
<view name="AC_2-13_fisma"/>
<view name="AC_2-2_fisma"/>
<view name="AC_2-3_fisma"/>
<view name="AC_2-4_fisma"/>
<view name="AC_2-5_fisma"/>
<view name="AC_2_fisma"/>
</collection>
<collection label="AC-20">
<view name="AC_20-1_fisma"/>
<view name="AC_20-2_fisma"/>
<view name="AC_20_fisma"/>
</collection>
<collection label="AC-21">
<view name="AC_21_fisma"/>
</collection>
<collection label="AC-22">
<view name="AC_22_fisma"/>
</collection>
<collection label="AC-3">
<view name="AC_3_fisma"/>
</collection>
<collection label="AC-4">
<view name="AC_4-4_fisma"/>
<view name="AC_4_fisma"/>
</collection>
<collection label="AC-5">
<view name="AC_5_fisma"/>
</collection>
<collection label="AC-6">
<view name="AC_6-1_fisma"/>
<view name="AC_6-10_fisma"/>
<view name="AC_6-2_fisma"/>
<view name="AC_6-3_fisma"/>
<view name="AC_6-5_fisma"/>
<view name="AC_6-7_fisma"/>
<view name="AC_6-9_fisma"/>
<view name="AC_6_fisma"/>
</collection>
<collection label="AC-7">
<view name="AC_7_fisma"/>
</collection>
<collection label="AC-8">
<view name="AC_8_fisma"/>
</collection>
</collection>
<collection label="Assessment, Authorization, And Monitoring">
<collection label="CA-1">
<view name="CA_1_fisma"/>
</collection>
<collection label="CA-2">
<view name="CA_2-1_fisma"/>
<view name="CA_2-2_fisma"/>
<view name="CA_2_fisma"/>
</collection>
<collection label="CA-3">
<view name="CA_3-6_fisma"/>
<view name="CA_3_fisma"/>
</collection>
<collection label="CA-5">
<view name="CA_5_fisma"/>
</collection>
<collection label="CA-6">
<view name="CA_6_fisma"/>
</collection>
<collection label="CA-7">
<view name="CA_7-1_fisma"/>
<view name="CA_7-4_fisma"/>
<view name="CA_7_fisma"/>
</collection>
<collection label="CA-8">
<view name="CA_8-1_fisma"/>
<view name="CA_8_fisma"/>
</collection>
<collection label="CA-9">
<view name="CA_9_fisma"/>
</collection>
</collection>
<collection label="Audit and Accountability">
<collection label="AU-1">
<view name="AU_1_fisma"/>
</collection>
<collection label="AU-10">
<view name="AU_10_fisma"/>
</collection>
<collection label="AU-11">
<view name="AU_11_fisma"/>
</collection>
<collection label="AU-12">
<view name="AU_12-1_fisma"/>
<view name="AU_12-3_fisma"/>
<view name="AU_12_fisma"/>
</collection>
<collection label="AU-2">
<view name="AU_2_fisma"/>
</collection>
<collection label="AU-3">
<view name="AU_3-1_fisma"/>
<view name="AU_3_fisma"/>
</collection>
<collection label="AU-4">
<view name="AU_4_fisma"/>
</collection>
<collection label="AU-5">
<view name="AU_5-1_fisma"/>
<view name="AU_5-2_fisma"/>
<view name="AU_5_fisma"/>
</collection>
<collection label="AU-6">
<view name="AU_6-1_fisma"/>
<view name="AU_6-3_fisma"/>
<view name="AU_6-5_fisma"/>
<view name="AU_6-6_fisma"/>
<view name="AU_6_fisma"/>
</collection>
<collection label="AU-7">
<view name="AU_7-1_fisma"/>
<view name="AU_7_fisma"/>
</collection>
<collection label="AU-8">
<view name="AU_8_fisma"/>
</collection>
<collection label="AU-9">
<view name="AU_9-2_fisma"/>
<view name="AU_9-3_fisma"/>
<view name="AU_9-4_fisma"/>
<view name="AU_9_fisma"/>
</collection>
</collection>
<collection label="Awareness and Training">
<collection label="AT-1">
<view name="AT_1_fisma"/>
</collection>
<collection label="AT-2">
<view name="AT_2-2_fisma"/>
<view name="AT_2-3_fisma"/>
<view name="AT_2_fisma"/>
</collection>
<collection label="AT-3">
<view name="AT_3_fisma"/>
</collection>
<collection label="AT-4">
<view name="AT_4_fisma"/>
</collection>
</collection>
<collection label="Configuration Management">
<collection label="CM-1">
<view name="CM_1_fisma"/>
</collection>
<collection label="CM-10">
<view name="CM_10_fisma"/>
</collection>
<collection label="CM-11">
<view name="CM_11_fisma"/>
</collection>
<collection label="CM-2">
<view name="CM_2-2_fisma"/>
<view name="CM_2-3_fisma"/>
<view name="CM_2-7_fisma"/>
<view name="CM_2_fisma"/>
</collection>
<collection label="CM-3">
<view name="CM_3-1_fisma"/>
<view name="CM_3-2_fisma"/>
<view name="CM_3-4_fisma"/>
<view name="CM_3-6_fisma"/>
<view name="CM_3_fisma"/>
</collection>
<collection label="CM-4">
<view name="CM_4-1_fisma"/>
<view name="CM_4-2_fisma"/>
<view name="CM_4_fisma"/>
</collection>
<collection label="CM-5">
<view name="CM_5-1_fisma"/>
<view name="CM_5_fisma"/>
</collection>
<collection label="CM-6">
<view name="CM_6-1_fisma"/>
<view name="CM_6-2_fisma"/>
<view name="CM_6_fisma"/>
</collection>
<collection label="CM-7">
<view name="CM_7-1_fisma"/>
<view name="CM_7-2_fisma"/>
<view name="CM_7-5_fisma"/>
<view name="CM_7_fisma"/>
</collection>
<collection label="CM-8">
<view name="CM_8-1_fisma"/>
<view name="CM_8-2_fisma"/>
<view name="CM_8-3_fisma"/>
<view name="CM_8-4_fisma"/>
<view name="CM_8_fisma"/>
</collection>
<collection label="CM-9">
<view name="CM_9_fisma"/>
</collection>
</collection>
<collection label="Contingency Planning">
<collection label="CP-1">
<view name="CP_1_fisma"/>
</collection>
<collection label="CP-10">
<view name="CP_10-2_fisma"/>
<view name="CP_10-4_fisma"/>
<view name="CP_10_fisma"/>
</collection>
<collection label="CP-2">
<view name="CP_2-1_fisma"/>
<view name="CP_2-2_fisma"/>
<view name="CP_2-3_fisma"/>
<view name="CP_2-5_fisma"/>
<view name="CP_2-8_fisma"/>
<view name="CP_2_fisma"/>
</collection>
<collection label="CP-3">
<view name="CP_3-1_fisma"/>
<view name="CP_3_fisma"/>
</collection>
<collection label="CP-4">
<view name="CP_4-1_fisma"/>
<view name="CP_4-2_fisma"/>
<view name="CP_4_fisma"/>
</collection>
<collection label="CP-6">
<view name="CP_6-1_fisma"/>
<view name="CP_6-2_fisma"/>
<view name="CP_6-3_fisma"/>
<view name="CP_6_fisma"/>
</collection>
<collection label="CP-7">
<view name="CP_7-1_fisma"/>
<view name="CP_7-2_fisma"/>
<view name="CP_7-3_fisma"/>
<view name="CP_7-4_fisma"/>
<view name="CP_7_fisma"/>
</collection>
<collection label="CP-8">
<view name="CP_8-1_fisma"/>
<view name="CP_8-2_fisma"/>
<view name="CP_8-3_fisma"/>
<view name="CP_8-4_fisma"/>
<view name="CP_8_fisma"/>
</collection>
<collection label="CP-9">
<view name="CP_9-1_fisma"/>
<view name="CP_9-2_fisma"/>
<view name="CP_9-3_fisma"/>
<view name="CP_9-5_fisma"/>
<view name="CP_9-8_fisma"/>
<view name="CP_9_fisma"/>
</collection>
</collection>
<collection label="Identification and Authentication">
<collection label="IA-1">
<view name="IA_1_fisma"/>
</collection>
<collection label="IA-11">
<view name="IA_11_fisma"/>
</collection>
<collection label="IA-2">
<view name="IA_2-1_fisma"/>
<view name="IA_2-12_fisma"/>
<view name="IA_2-2_fisma"/>
<view name="IA_2-5_fisma"/>
<view name="IA_2-8_fisma"/>
<view name="IA_2_fisma"/>
</collection>
<collection label="IA-3">
<view name="IA_3_fisma"/>
</collection>
<collection label="IA-4">
<view name="IA_4-4_fisma"/>
<view name="IA_4_fisma"/>
</collection>
<collection label="IA-5">
<view name="IA_5-1_fisma"/>
<view name="IA_5-2_fisma"/>
<view name="IA_5-6_fisma"/>
<view name="IA_5_fisma"/>
</collection>
<collection label="IA-6">
<view name="IA_6_fisma"/>
</collection>
<collection label="IA-7">
<view name="IA_7_fisma"/>
</collection>
<collection label="IA-8">
<view name="IA_8-1_fisma"/>
<view name="IA_8-2_fisma"/>
<view name="IA_8-4_fisma"/>
<view name="IA_8_fisma"/>
</collection>
</collection>
<collection label="Incident Response">
<collection label="IR-1">
<view name="IR_1_fisma"/>
</collection>
<collection label="IR-2">
<view name="IR_2-1_fisma"/>
<view name="IR_2-2_fisma"/>
<view name="IR_2_fisma"/>
</collection>
<collection label="IR-3">
<view name="IR_3-2_fisma"/>
<view name="IR_3_fisma"/>
</collection>
<collection label="IR-4">
<view name="IR_4-1_fisma"/>
<view name="IR_4-4_fisma"/>
<view name="IR_4-11_fisma"/>
<view name="IR_4_fisma"/>
</collection>
<collection label="IR-5">
<view name="IR_5-1_fisma"/>
<view name="IR_5_fisma"/>
</collection>
<collection label="IR-6">
<view name="IR_6-1_fisma"/>
<view name="IR_6-3_fisma"/>
<view name="IR_6_fisma"/>
</collection>
<collection label="IR-7">
<view name="IR_7-1_fisma"/>
<view name="IR_7_fisma"/>
</collection>
<collection label="IR-8">
<view name="IR_8_fisma"/>
</collection>
</collection>
<collection label="Maintenance">
<collection label="MA-1">
<view name="MA_1_fisma"/>
</collection>
<collection label="MA-2">
<view name="MA_2-2_fisma"/>
<view name="MA_2_fisma"/>
</collection>
<collection label="MA-3">
<view name="MA_3-1_fisma"/>
<view name="MA_3-2_fisma"/>
<view name="MA_3-3_fisma"/>
<view name="MA_3-4_fisma"/>
<view name="MA_3_fisma"/>
</collection>
<collection label="MA-4">
<view name="MA_4-3_fisma"/>
<view name="MA_4_fisma"/>
</collection>
<collection label="MA-5">
<view name="MA_5-1_fisma"/>
<view name="MA_5_fisma"/>
</collection>
<collection label="MA-6">
<view name="MA_6_fisma"/>
</collection>
</collection>
<collection label="Media Protection">
<collection label="MP-1">
<view name="MP_1_fisma"/>
</collection>
<collection label="MP-2">
<view name="MP_2_fisma"/>
</collection>
<collection label="MP-3">
<view name="MP_3_fisma"/>
</collection>
<collection label="MP-4">
<view name="MP_4_fisma"/>
</collection>
<collection label="MP-5">
<view name="MP_5_fisma"/>
</collection>
<collection label="MP-6">
<view name="MP_6-1_fisma"/>
<view name="MP_6-2_fisma"/>
<view name="MP_6-3_fisma"/>
<view name="MP_6_fisma"/>
</collection>
<collection label="MP-7">
<view name="MP_7_fisma"/>
</collection>
</collection>
<collection label="Personnel Security">
<collection label="PS-1">
<view name="PS_1_fisma"/>
</collection>
<collection label="PS-2">
<view name="PS_2_fisma"/>
</collection>
<collection label="PS-3">
<view name="PS_3_fisma"/>
</collection>
<collection label="PS-4">
<view name="PS_4-2_fisma"/>
<view name="PS_4_fisma"/>
</collection>
<collection label="PS-5">
<view name="PS_5_fisma"/>
</collection>
<collection label="PS-6">
<view name="PS_6_fisma"/>
</collection>
<collection label="PS-7">
<view name="PS_7_fisma"/>
</collection>
<collection label="PS-8">
<view name="PS_8_fisma"/>
</collection>
<collection label="PS-9">
<view name="PS_9_fisma"/>
</collection>
</collection>
<collection label="Physical and Environmental Protection">
<collection label="PE-1">
<view name="PE_1_fisma"/>
</collection>
<collection label="PE-10">
<view name="PE_10_fisma"/>
</collection>
<collection label="PE-11">
<view name="PE_11-1_fisma"/>
<view name="PE_11_fisma"/>
</collection>
<collection label="PE-12">
<view name="PE_12_fisma"/>
</collection>
<collection label="PE-13">
<view name="PE_13-1_fisma"/>
<view name="PE_13-2_fisma"/>
<view name="PE_13_fisma"/>
</collection>
<collection label="PE-14">
<view name="PE_14_fisma"/>
</collection>
<collection label="PE-15">
<view name="PE_15-1_fisma"/>
<view name="PE_15_fisma"/>
</collection>
<collection label="PE-16">
<view name="PE_16_fisma"/>
</collection>
<collection label="PE-17">
<view name="PE_17_fisma"/>
</collection>
<collection label="PE-18">
<view name="PE_18_fisma"/>
</collection>
<collection label="PE-2">
<view name="PE_2_fisma"/>
</collection>
<collection label="PE-3">
<view name="PE_3-1_fisma"/>
<view name="PE_3_fisma"/>
</collection>
<collection label="PE-4">
<view name="PE_4_fisma"/>
</collection>
<collection label="PE-5">
<view name="PE_5_fisma"/>
</collection>
<collection label="PE-6">
<view name="PE_6-1_fisma"/>
<view name="PE_6-4_fisma"/>
<view name="PE_6_fisma"/>
</collection>
<collection label="PE-8">
<view name="PE_8-1_fisma"/>
<view name="PE_8_fisma"/>
</collection>
<collection label="PE-9">
<view name="PE_9_fisma"/>
</collection>
</collection>
<collection label="Planning">
<collection label="PL-1">
<view name="PL_1_fisma"/>
</collection>
<collection label="PL-2">
<view name="PL_2_fisma"/>
</collection>
<collection label="PL-4">
<view name="PL_4-1_fisma"/>
<view name="PL_4_fisma"/>
</collection>
<collection label="PL-8">
<view name="PL_8_fisma"/>
</collection>
</collection>
<collection label="Risk Assessment">
<collection label="RA-1">
<view name="RA_1_fisma"/>
</collection>
<collection label="RA-2">
<view name="RA_2_fisma"/>
</collection>
<collection label="RA-3">
<view name="RA_3-1_fisma"/>
<view name="RA_3_fisma"/>
</collection>
<collection label="RA-5">
<view name="RA_5-2_fisma"/>
<view name="RA_5-4_fisma"/>
<view name="RA_5-5_fisma"/>
<view name="RA_5-11_fisma"/>
<view name="RA_5_fisma"/>
</collection>
<collection label="RA-7">
<view name="RA_7_fisma"/>
</collection>
<collection label="RA-9">
<view name="RA_9_fisma"/>
</collection>
</collection>
<collection label="System and Communications Protection">
<collection label="SC-1">
<view name="SC_1_fisma"/>
</collection>
<collection label="SC-10">
<view name="SC_10_fisma"/>
</collection>
<collection label="SC-12">
<view name="SC_12-1_fisma"/>
<view name="SC_12_fisma"/>
</collection>
<collection label="SC-13">
<view name="SC_13_fisma"/>
</collection>
<collection label="SC-15">
<view name="SC_15_fisma"/>
</collection>
<collection label="SC-17">
<view name="SC_17_fisma"/>
</collection>
<collection label="SC-18">
<view name="SC_18_fisma"/>
</collection>
<collection label="SC-2">
<view name="SC_2_fisma"/>
</collection>
<collection label="SC-20">
<view name="SC_20_fisma"/>
</collection>
<collection label="SC-21">
<view name="SC_21_fisma"/>
</collection>
<collection label="SC-22">
<view name="SC_22_fisma"/>
</collection>
<collection label="SC-23">
<view name="SC_23_fisma"/>
</collection>
<collection label="SC-24">
<view name="SC_24_fisma"/>
</collection>
<collection label="SC-28">
<view name="SC_28-1_fisma"/>
<view name="SC_28_fisma"/>
</collection>
<collection label="SC-3">
<view name="SC_3_fisma"/>
</collection>
<collection label="SC-39">
<view name="SC_39_fisma"/>
</collection>
<collection label="SC-4">
<view name="SC_4_fisma"/>
</collection>
<collection label="SC-5">
<view name="SC_5_fisma"/>
</collection>
<collection label="SC-7">
<view name="SC_7-18_fisma"/>
<view name="SC_7-21_fisma"/>
<view name="SC_7-3_fisma"/>
<view name="SC_7-4_fisma"/>
<view name="SC_7-5_fisma"/>
<view name="SC_7-7_fisma"/>
<view name="SC_7-8_fisma"/>
<view name="SC_7_fisma"/>
</collection>
<collection label="SC-8">
<view name="SC_8-1_fisma"/>
<view name="SC_8_fisma"/>
</collection>
</collection>
<collection label="System and Informational Integrity">
<collection label="SI-1">
<view name="SI_1_fisma"/>
</collection>
<collection label="SI-10">
<view name="SI_10_fisma"/>
</collection>
<collection label="SI-11">
<view name="SI_11_fisma"/>
</collection>
<collection label="SI-12">
<view name="SI_12_fisma"/>
</collection>
<collection label="SI-16">
<view name="SI_16_fisma"/>
</collection>
<collection label="SI-2">
<view name="SI_2-2_fisma"/>
<view name="SI_2_fisma"/>
</collection>
<collection label="SI-3">
<view name="SI_3_fisma"/>
</collection>
<collection label="SI-4">
<view name="SI_4-10_fisma"/>
<view name="SI_4-12_fisma"/>
<view name="SI_4-14_fisma"/>
<view name="SI_4-2_fisma"/>
<view name="SI_4-20_fisma"/>
<view name="SI_4-22_fisma"/>
<view name="SI_4-4_fisma"/>
<view name="SI_4-5_fisma"/>
<view name="SI_4_fisma"/>
</collection>
<collection label="SI-5">
<view name="SI_5-1_fisma"/>
<view name="SI_5_fisma"/>
</collection>
<collection label="SI-6">
<view name="SI_6_fisma"/>
</collection>
<collection label="SI-7">
<view name="SI_7-1_fisma"/>
<view name="SI_7-15_fisma"/>
<view name="SI_7-2_fisma"/>
<view name="SI_7-5_fisma"/>
<view name="SI_7-7_fisma"/>
<view name="SI_7_fisma"/>
</collection>
<collection label="SI-8">
<view name="SI_8-2_fisma"/>
<view name="SI_8_fisma"/>
</collection>
</collection>
<collection label="System And Services Acquisition">
<collection label="SA-1">
<view name="SA_1_fisma"/>
</collection>
<collection label="SA-10">
<view name="SA_10-1_fisma"/>
<view name="SA_10_fisma"/>
</collection>
<collection label="SA-11">
<view name="SA_11_fisma"/>
</collection>
<collection label="SA-15">
<view name="SA_15-3_fisma"/>
<view name="SA_15_fisma"/>
</collection>
<collection label="SA-16">
<view name="SA_16_fisma"/>
</collection>
<collection label="SA-17">
<view name="SA_17_fisma"/>
</collection>
<collection label="SA-2">
<view name="SA_2_fisma"/>
</collection>
<collection label="SA-21">
<view name="SA_21_fisma"/>
</collection>
<collection label="SA-22">
<view name="SA_22_fisma"/>
</collection>
<collection label="SA-3">
<view name="SA_3_fisma"/>
</collection>
<collection label="SA-4">
<view name="SA_4-1_fisma"/>
<view name="SA_4-10_fisma"/>
<view name="SA_4-2_fisma"/>
<view name="SA_4-5_fisma"/>
<view name="SA_4-9_fisma"/>
<view name="SA_4_fisma"/>
</collection>
<collection label="SA-5">
<view name="SA_5_fisma"/>
</collection>
<collection label="SA-8">
<view name="SA_8_fisma"/>
</collection>
<collection label="SA-9">
<view name="SA_9-2_fisma"/>
<view name="SA_9_fisma"/>
</collection></collection>
</collection>
<view name="executive_overview" default="true"/>
<view name="practice_setup"/>
<view name="custom_content"/>
<view name="system_overview"/>
<collection label="Other Menus">
<view name="compliance_essentials_health"/>
<view name="audit_workflow"/>
<view name="access_overview"/>
<view name="dashboards"/>
<view name="search"/>
<view name="reports" />
</collection>
<a href="https://splunk.github.io/Compliance_Essentials/" target="_blank">Docs</a>
</nav>

<nav search_view="search" color="#000000">
<collection label="OMB">
<view name="omb_home"/>
<view name="omb_contents"/>
<view name="omb_data_requirements_overview"/>
<divider />
<collection label="Anti-Virus and Behavior-Based Malware Protection">
<view name="29_omb"/>
<view name="30_omb"/>
</collection>
<collection label="Application Level">
<view name="50_omb"/>
<view name="51_omb"/>
<view name="39_omb"/>
<view name="40_omb"/>
<view name="38_omb"/>
<view name="41_omb"/>
</collection>
<collection label="Authentication and Authorization">
<view name="26_omb"/>
<view name="27_omb"/>
</collection>
<collection label="Cloud AWS">
<view name="20_omb"/>
</collection>
<collection label="Cloud Azure">
<view name="21_omb"/>
</collection>
<collection label="Cloud Environments (General Events)">
<view name="18_omb"/>
</collection>
<collection label="Cloud Environments (General Logging)">
<view name="19_omb"/>
</collection>
<collection label="Cloud GCP">
<view name="22_omb"/>
</collection>
<collection label="Container - Cluster/Pod Events">
<view name="58_omb"/>
</collection>
<collection label="Container - Engine (Management / Orchestration)">
<view name="53_omb"/>
</collection>
<collection label="Container - Image">
<view name="52_omb"/>
</collection>
<collection label="Container - OS">
<view name="54_omb"/>
</collection>
<collection label="Container - Supply Chain">
<view name="45_omb"/>
</collection>
<collection label="Data Loss Prevention">
<view name="48_omb"/>
</collection>
<collection label="Database Level">
<view name="37_omb"/>
</collection>
<collection label="Email Filtering, Spam, and Phishing">
<view name="28_omb"/>
<view name="03_omb"/>
<view name="47_omb"/>
<view name="56_omb"/>
</collection>
<collection label="Identity and Credential Management">
<view name="01_omb"/>
</collection>
<collection label="Mainframes">
<view name="57_omb"/>
</collection>
<collection label="Mobile (Smartphones and Tablets) EMM (UEM) / MTD Agent Logs">
<view name="44_omb"/>
</collection>
<collection label="Mobile (Smartphones and Tablets) EMM (UEM) / MTD Server Logs">
<view name="43_omb"/>
</collection>
<collection label="Network Device Infrastructure">
<view name="31_omb"/>
<view name="04_omb"/>
<view name="33_omb"/>
<view name="05_omb"/>
<view name="07_omb"/>
<view name="08_omb"/>
<view name="32_omb"/>
<view name="11_omb"/>
<view name="06_omb"/>
<view name="13_omb"/>
<view name="12_omb"/>
<view name="10_omb"/>
<view name="34_omb"/>
</collection>
<collection label="Network Device Infrastructure (Access, Authorization, and Accounting)">
<view name="14_omb"/>
</collection>
<collection label="Network Device Infrastructure (General Logging)">
<view name="09_omb"/>
</collection>
<collection label="Network Traffic">
<view name="49_omb"/>
</collection>
<collection label="Operating Systems - BSD (Linux)">
<view name="17_omb"/>
</collection>
<collection label="Operating Systems - MACOS (Or Other Apple Desktop and Server Operating Systems)">
<view name="16_omb"/>
</collection>
<collection label="Operating Systems - Windows Infrastructure and Operating Systems">
<view name="15_omb"/>
</collection>
<collection label="PKI Infrastructure">
<view name="35_omb"/>
</collection>
<collection label="Privileged Identity and Credential Management">
<view name="02_omb"/>
</collection>
<collection label="System Configuration and Performance">
<view name="23_omb"/>
<view name="25_omb"/>
<view name="24_omb"/>
<view name="55_omb"/>
<view name="46_omb"/>
</collection>
<collection label="Virtualization System">
<view name="42_omb"/>
</collection>
<collection label="Vulnerability Assessments">
<view name="36_omb"/>
</collection>
</collection>
<collection label="FISMA">
<view name="fisma_home"/>
<view name="fisma_contents"/>
<divider />
<collection label="Access Control">
<collection label="AC-1">
<view name="AC_1_fisma"/>
</collection>
<collection label="AC-2">
<view name="AC_2-1_fisma"/>
<view name="AC_2_11_fisma"/>
<view name="AC_2_12_fisma"/>
<view name="AC_2_13_fisma"/>
<view name="AC_2-2_fisma"/>
<view name="AC_2-3_fisma"/>
<view name="AC_2-4_fisma"/>
<view name="AC_2-5_fisma"/>
<view name="AC_2_fisma"/>
</collection>
<collection label="AC-3">
<view name="AC_3_fisma"/>
</collection>
<collection label="AC-4">
<view name="AC_4-4_fisma"/>
<view name="AC_4_fisma"/>
</collection>
<collection label="AC-5">
<view name="AC_5_fisma"/>
</collection>
<collection label="AC-6">
<view name="AC_6-1_fisma"/>
<view name="AC_6_10_fisma"/>
<view name="AC_6-2_fisma"/>
<view name="AC_6-3_fisma"/>
<view name="AC_6-5_fisma"/>
<view name="AC_6-7_fisma"/>
<view name="AC_6-9_fisma"/>
<view name="AC_6_fisma"/>
</collection>
<collection label="AC-7">
<view name="AC_7_fisma"/>
</collection>
<collection label="AC-8">
<view name="AC_8_fisma"/>
</collection>
<collection label="AC-10">
<view name="AC_10_fisma"/>
</collection>
<collection label="AC-11">
<view name="AC_11-1_fisma"/>
<view name="AC_11_fisma"/>
</collection>
<collection label="AC-12">
<view name="AC_12_fisma"/>
</collection>
<collection label="AC-14">
<view name="AC_14_fisma"/>
</collection>
<collection label="AC-17">
<view name="AC_17-1_fisma"/>
<view name="AC_17-2_fisma"/>
<view name="AC_17-3_fisma"/>
<view name="AC_17-4_fisma"/>
<view name="AC_17_fisma"/>
</collection>
<collection label="AC-18">
<view name="AC_18-1_fisma"/>
<view name="AC_18-3_fisma"/>
<view name="AC_18-4_fisma"/>
<view name="AC_18-5_fisma"/>
<view name="AC_18_fisma"/>
</collection>
<collection label="AC-19">
<view name="AC_19-5_fisma"/>
<view name="AC_19_fisma"/>
</collection>
<collection label="AC-20">
<view name="AC_20-1_fisma"/>
<view name="AC_20-2_fisma"/>
<view name="AC_20_fisma"/>
</collection>
<collection label="AC-21">
<view name="AC_21_fisma"/>
</collection>
<collection label="AC-22">
<view name="AC_22_fisma"/>
</collection>
</collection>
<collection label="Assessment, Authorization, And Monitoring">
<collection label="CA-1">
<view name="CA_1_fisma"/>
</collection>
<collection label="CA-2">
<view name="CA_2-1_fisma"/>
<view name="CA_2-2_fisma"/>
<view name="CA_2_fisma"/>
</collection>
<collection label="CA-3">
<view name="CA_3-6_fisma"/>
<view name="CA_3_fisma"/>
</collection>
<collection label="CA-5">
<view name="CA_5_fisma"/>
</collection>
<collection label="CA-6">
<view name="CA_6_fisma"/>
</collection>
<collection label="CA-7">
<view name="CA_7-1_fisma"/>
<view name="CA_7-4_fisma"/>
<view name="CA_7_fisma"/>
</collection>
<collection label="CA-8">
<view name="CA_8-1_fisma"/>
<view name="CA_8_fisma"/>
</collection>
<collection label="CA-9">
<view name="CA_9_fisma"/>
</collection>
</collection>
<collection label="Audit and Accountability">
<collection label="AU-1">
<view name="AU_1_fisma"/>
</collection>
<collection label="AU-2">
<view name="AU_2_fisma"/>
</collection>
<collection label="AU-3">
<view name="AU_3-1_fisma"/>
<view name="AU_3_fisma"/>
</collection>
<collection label="AU-4">
<view name="AU_4_fisma"/>
</collection>
<collection label="AU-5">
<view name="AU_5-1_fisma"/>
<view name="AU_5-2_fisma"/>
<view name="AU_5_fisma"/>
</collection>
<collection label="AU-6">
<view name="AU_6-1_fisma"/>
<view name="AU_6-3_fisma"/>
<view name="AU_6-5_fisma"/>
<view name="AU_6-6_fisma"/>
<view name="AU_6_fisma"/>
</collection>
<collection label="AU-7">
<view name="AU_7-1_fisma"/>
<view name="AU_7_fisma"/>
</collection>
<collection label="AU-8">
<view name="AU_8_fisma"/>
</collection>
<collection label="AU-9">
<view name="AU_9-2_fisma"/>
<view name="AU_9-3_fisma"/>
<view name="AU_9-4_fisma"/>
<view name="AU_9_fisma"/>
</collection>
<collection label="AU-10">
<view name="AU_10_fisma"/>
</collection>
<collection label="AU-11">
<view name="AU_11_fisma"/>
</collection>
<collection label="AU-12">
<view name="AU_12-1_fisma"/>
<view name="AU_12-3_fisma"/>
<view name="AU_12_fisma"/>
</collection>
</collection>
<collection label="Awareness and Training">
<collection label="AT-1">
<view name="AT_1_fisma"/>
</collection>
<collection label="AT-2">
<view name="AT_2-2_fisma"/>
<view name="AT_2-3_fisma"/>
<view name="AT_2_fisma"/>
</collection>
<collection label="AT-3">
<view name="AT_3_fisma"/>
</collection>
<collection label="AT-4">
<view name="AT_4_fisma"/>
</collection>
</collection>
<collection label="Configuration Management">
<collection label="CM-1">
<view name="CM_1_fisma"/>
</collection>
<collection label="CM-2">
<view name="CM_2-2_fisma"/>
<view name="CM_2-3_fisma"/>
<view name="CM_2-7_fisma"/>
<view name="CM_2_fisma"/>
</collection>
<collection label="CM-3">
<view name="CM_3-1_fisma"/>
<view name="CM_3-2_fisma"/>
<view name="CM_3-4_fisma"/>
<view name="CM_3-6_fisma"/>
<view name="CM_3_fisma"/>
</collection>
<collection label="CM-4">
<view name="CM_4-1_fisma"/>
<view name="CM_4-2_fisma"/>
<view name="CM_4_fisma"/>
</collection>
<collection label="CM-5">
<view name="CM_5-1_fisma"/>
<view name="CM_5_fisma"/>
</collection>
<collection label="CM-6">
<view name="CM_6-1_fisma"/>
<view name="CM_6-2_fisma"/>
<view name="CM_6_fisma"/>
</collection>
<collection label="CM-7">
<view name="CM_7-1_fisma"/>
<view name="CM_7-2_fisma"/>
<view name="CM_7-5_fisma"/>
<view name="CM_7_fisma"/>
</collection>
<collection label="CM-8">
<view name="CM_8-1_fisma"/>
<view name="CM_8-2_fisma"/>
<view name="CM_8-3_fisma"/>
<view name="CM_8-4_fisma"/>
<view name="CM_8_fisma"/>
</collection>
<collection label="CM-9">
<view name="CM_9_fisma"/>
</collection>
<collection label="CM-10">
<view name="CM_10_fisma"/>
</collection>
<collection label="CM-11">
<view name="CM_11_fisma"/>
</collection>
</collection>
<collection label="Contingency Planning">
<collection label="CP-1">
<view name="CP_1_fisma"/>
</collection>
<collection label="CP-2">
<view name="CP_2-1_fisma"/>
<view name="CP_2-2_fisma"/>
<view name="CP_2-3_fisma"/>
<view name="CP_2-5_fisma"/>
<view name="CP_2-8_fisma"/>
<view name="CP_2_fisma"/>
</collection>
<collection label="CP-3">
<view name="CP_3-1_fisma"/>
<view name="CP_3_fisma"/>
</collection>
<collection label="CP-4">
<view name="CP_4-1_fisma"/>
<view name="CP_4-2_fisma"/>
<view name="CP_4_fisma"/>
</collection>
<collection label="CP-6">
<view name="CP_6-1_fisma"/>
<view name="CP_6-2_fisma"/>
<view name="CP_6-3_fisma"/>
<view name="CP_6_fisma"/>
</collection>
<collection label="CP-7">
<view name="CP_7-1_fisma"/>
<view name="CP_7-2_fisma"/>
<view name="CP_7-3_fisma"/>
<view name="CP_7-4_fisma"/>
<view name="CP_7_fisma"/>
</collection>
<collection label="CP-8">
<view name="CP_8-1_fisma"/>
<view name="CP_8-2_fisma"/>
<view name="CP_8-3_fisma"/>
<view name="CP_8-4_fisma"/>
<view name="CP_8_fisma"/>
</collection>
<collection label="CP-9">
<view name="CP_9-1_fisma"/>
<view name="CP_9-2_fisma"/>
<view name="CP_9-3_fisma"/>
<view name="CP_9-5_fisma"/>
<view name="CP_9-8_fisma"/>
<view name="CP_9_fisma"/>
</collection>
<collection label="CP-10">
<view name="CP_10-2_fisma"/>
<view name="CP_10-4_fisma"/>
<view name="CP_10_fisma"/>
</collection>
</collection>
<collection label="Identification and Authentication">
<collection label="IA-1">
<view name="IA_1_fisma"/>
</collection>
<collection label="IA-2">
<view name="IA_2-1_fisma"/>
<view name="IA_2_12_fisma"/>
<view name="IA_2-2_fisma"/>
<view name="IA_2-5_fisma"/>
<view name="IA_2-8_fisma"/>
<view name="IA_2_fisma"/>
</collection>
<collection label="IA-3">
<view name="IA_3_fisma"/>
</collection>
<collection label="IA-4">
<view name="IA_4-4_fisma"/>
<view name="IA_4_fisma"/>
</collection>
<collection label="IA-5">
<view name="IA_5-1_fisma"/>
<view name="IA_5-2_fisma"/>
<view name="IA_5-6_fisma"/>
<view name="IA_5_fisma"/>
</collection>
<collection label="IA-6">
<view name="IA_6_fisma"/>
</collection>
<collection label="IA-7">
<view name="IA_7_fisma"/>
</collection>
<collection label="IA-8">
<view name="IA_8-1_fisma"/>
<view name="IA_8-2_fisma"/>
<view name="IA_8-4_fisma"/>
<view name="IA_8_fisma"/>
</collection>
<collection label="IA-11">
<view name="IA_11_fisma"/>
</collection>
</collection>
<collection label="Incident Response">
<collection label="IR-1">
<view name="IR_1_fisma"/>
</collection>
<collection label="IR-2">
<view name="IR_2-1_fisma"/>
<view name="IR_2-2_fisma"/>
<view name="IR_2_fisma"/>
</collection>
<collection label="IR-3">
<view name="IR_3-2_fisma"/>
<view name="IR_3_fisma"/>
</collection>
<collection label="IR-4">
<view name="IR_4-1_fisma"/>
<view name="IR_4-4_fisma"/>
<view name="IR_4_11_fisma"/>
<view name="IR_4_fisma"/>
</collection>
<collection label="IR-5">
<view name="IR_5-1_fisma"/>
<view name="IR_5_fisma"/>
</collection>
<collection label="IR-6">
<view name="IR_6-1_fisma"/>
<view name="IR_6-3_fisma"/>
<view name="IR_6_fisma"/>
</collection>
<collection label="IR-7">
<view name="IR_7-1_fisma"/>
<view name="IR_7_fisma"/>
</collection>
<collection label="IR-8">
<view name="IR_8_fisma"/>
</collection>
</collection>
<collection label="Maintenance">
<collection label="MA-1">
<view name="MA_1_fisma"/>
</collection>
<collection label="MA-2">
<view name="MA_2-2_fisma"/>
<view name="MA_2_fisma"/>
</collection>
<collection label="MA-3">
<view name="MA_3-1_fisma"/>
<view name="MA_3-2_fisma"/>
<view name="MA_3-3_fisma"/>
<view name="MA_3-4_fisma"/>
<view name="MA_3_fisma"/>
</collection>
<collection label="MA-4">
<view name="MA_4-3_fisma"/>
<view name="MA_4_fisma"/>
</collection>
<collection label="MA-5">
<view name="MA_5-1_fisma"/>
<view name="MA_5_fisma"/>
</collection>
<collection label="MA-6">
<view name="MA_6_fisma"/>
</collection>
</collection>
<collection label="Media Protection">
<collection label="MP-1">
<view name="MP_1_fisma"/>
</collection>
<collection label="MP-2">
<view name="MP_2_fisma"/>
</collection>
<collection label="MP-3">
<view name="MP_3_fisma"/>
</collection>
<collection label="MP-4">
<view name="MP_4_fisma"/>
</collection>
<collection label="MP-5">
<view name="MP_5_fisma"/>
</collection>
<collection label="MP-6">
<view name="MP_6-1_fisma"/>
<view name="MP_6-2_fisma"/>
<view name="MP_6-3_fisma"/>
<view name="MP_6_fisma"/>
</collection>
<collection label="MP-7">
<view name="MP_7_fisma"/>
</collection>
</collection>
<collection label="Personnel Security">
<collection label="PS-1">
<view name="PS_1_fisma"/>
</collection>
<collection label="PS-2">
<view name="PS_2_fisma"/>
</collection>
<collection label="PS-3">
<view name="PS_3_fisma"/>
</collection>
<collection label="PS-4">
<view name="PS_4-2_fisma"/>
<view name="PS_4_fisma"/>
</collection>
<collection label="PS-5">
<view name="PS_5_fisma"/>
</collection>
<collection label="PS-6">
<view name="PS_6_fisma"/>
</collection>
<collection label="PS-7">
<view name="PS_7_fisma"/>
</collection>
<collection label="PS-8">
<view name="PS_8_fisma"/>
</collection>
<collection label="PS-9">
<view name="PS_9_fisma"/>
</collection>
</collection>
<collection label="Physical and Environmental Protection">
<collection label="PE-1">
<view name="PE_1_fisma"/>
</collection>
<collection label="PE-2">
<view name="PE_2_fisma"/>
</collection>
<collection label="PE-3">
<view name="PE_3-1_fisma"/>
<view name="PE_3_fisma"/>
</collection>
<collection label="PE-4">
<view name="PE_4_fisma"/>
</collection>
<collection label="PE-5">
<view name="PE_5_fisma"/>
</collection>
<collection label="PE-6">
<view name="PE_6-1_fisma"/>
<view name="PE_6-4_fisma"/>
<view name="PE_6_fisma"/>
</collection>
<collection label="PE-8">
<view name="PE_8-1_fisma"/>
<view name="PE_8_fisma"/>
</collection>
<collection label="PE-9">
<view name="PE_9_fisma"/>
</collection>
<collection label="PE-10">
<view name="PE_10_fisma"/>
</collection>
<collection label="PE-11">
<view name="PE_11-1_fisma"/>
<view name="PE_11_fisma"/>
</collection>
<collection label="PE-12">
<view name="PE_12_fisma"/>
</collection>
<collection label="PE-13">
<view name="PE_13-1_fisma"/>
<view name="PE_13-2_fisma"/>
<view name="PE_13_fisma"/>
</collection>
<collection label="PE-14">
<view name="PE_14_fisma"/>
</collection>
<collection label="PE-15">
<view name="PE_15-1_fisma"/>
<view name="PE_15_fisma"/>
</collection>
<collection label="PE-16">
<view name="PE_16_fisma"/>
</collection>
<collection label="PE-17">
<view name="PE_17_fisma"/>
</collection>
<collection label="PE-18">
<view name="PE_18_fisma"/>
</collection>
</collection>
<collection label="Planning">
<collection label="PL-1">
<view name="PL_1_fisma"/>
</collection>
<collection label="PL-2">
<view name="PL_2_fisma"/>
</collection>
<collection label="PL-4">
<view name="PL_4-1_fisma"/>
<view name="PL_4_fisma"/>
</collection>
<collection label="PL-8">
<view name="PL_8_fisma"/>
</collection>
</collection>
<collection label="Risk Assessment">
<collection label="RA-1">
<view name="RA_1_fisma"/>
</collection>
<collection label="RA-2">
<view name="RA_2_fisma"/>
</collection>
<collection label="RA-3">
<view name="RA_3-1_fisma"/>
<view name="RA_3_fisma"/>
</collection>
<collection label="RA-5">
<view name="RA_5-2_fisma"/>
<view name="RA_5-4_fisma"/>
<view name="RA_5-5_fisma"/>
<view name="RA_5_11_fisma"/>
<view name="RA_5_fisma"/>
</collection>
<collection label="RA-7">
<view name="RA_7_fisma"/>
</collection>
<collection label="RA-9">
<view name="RA_9_fisma"/>
</collection>
</collection>
<collection label="System And Services Acquisition">
<collection label="SA-1">
<view name="SA_1_fisma"/>
</collection>
<collection label="SA-2">
<view name="SA_2_fisma"/>
</collection>
<collection label="SA-3">
<view name="SA_3_fisma"/>
</collection>
<collection label="SA-4">
<view name="SA_4-1_fisma"/>
<view name="SA_4_10_fisma"/>
<view name="SA_4-2_fisma"/>
<view name="SA_4-5_fisma"/>
<view name="SA_4-9_fisma"/>
<view name="SA_4_fisma"/>
</collection>
<collection label="SA-5">
<view name="SA_5_fisma"/>
</collection>
<collection label="SA-8">
<view name="SA_8_fisma"/>
</collection>
<collection label="SA-9">
<view name="SA_9-2_fisma"/>
<view name="SA_9_fisma"/>
</collection>
<collection label="SA-10">
<view name="SA_10-1_fisma"/>
<view name="SA_10_fisma"/>
</collection>
<collection label="SA-11">
<view name="SA_11_fisma"/>
</collection>
<collection label="SA-15">
<view name="SA_15-3_fisma"/>
<view name="SA_15_fisma"/>
</collection>
<collection label="SA-16">
<view name="SA_16_fisma"/>
</collection>
<collection label="SA-17">
<view name="SA_17_fisma"/>
</collection>
<collection label="SA-21">
<view name="SA_21_fisma"/>
</collection>
<collection label="SA-22">
<view name="SA_22_fisma"/>
</collection>
</collection>
<collection label="System and Communications Protection">
<collection label="SC-1">
<view name="SC_1_fisma"/>
</collection>
<collection label="SC-2">
<view name="SC_2_fisma"/>
</collection>
<collection label="SC-3">
<view name="SC_3_fisma"/>
</collection>
<collection label="SC-4">
<view name="SC_4_fisma"/>
</collection>
<collection label="SC-5">
<view name="SC_5_fisma"/>
</collection>
<collection label="SC-7">
<view name="SC_7_18_fisma"/>
<view name="SC_7_21_fisma"/>
<view name="SC_7-3_fisma"/>
<view name="SC_7-4_fisma"/>
<view name="SC_7-5_fisma"/>
<view name="SC_7-7_fisma"/>
<view name="SC_7-8_fisma"/>
<view name="SC_7_fisma"/>
</collection>
<collection label="SC-8">
<view name="SC_8-1_fisma"/>
<view name="SC_8_fisma"/>
</collection>
<collection label="SC-10">
<view name="SC_10_fisma"/>
</collection>
<collection label="SC-12">
<view name="SC_12-1_fisma"/>
<view name="SC_12_fisma"/>
</collection>
<collection label="SC-13">
<view name="SC_13_fisma"/>
</collection>
<collection label="SC-15">
<view name="SC_15_fisma"/>
</collection>
<collection label="SC-17">
<view name="SC_17_fisma"/>
</collection>
<collection label="SC-18">
<view name="SC_18_fisma"/>
</collection>
<collection label="SC-20">
<view name="SC_20_fisma"/>
</collection>
<collection label="SC-21">
<view name="SC_21_fisma"/>
</collection>
<collection label="SC-22">
<view name="SC_22_fisma"/>
</collection>
<collection label="SC-23">
<view name="SC_23_fisma"/>
</collection>
<collection label="SC-24">
<view name="SC_24_fisma"/>
</collection>
<collection label="SC-28">
<view name="SC_28-1_fisma"/>
<view name="SC_28_fisma"/>
</collection>
<collection label="SC-39">
<view name="SC_39_fisma"/>
</collection>
</collection>
<collection label="System and Informational Integrity">
<collection label="SI-1">
<view name="SI_1_fisma"/>
</collection>
<collection label="SI-2">
<view name="SI_2-2_fisma"/>
<view name="SI_2_fisma"/>
</collection>
<collection label="SI-3">
<view name="SI_3_fisma"/>
</collection>
<collection label="SI-4">
<view name="SI_4_10_fisma"/>
<view name="SI_4_12_fisma"/>
<view name="SI_4_14_fisma"/>
<view name="SI_4-2_fisma"/>
<view name="SI_4_20_fisma"/>
<view name="SI_4_22_fisma"/>
<view name="SI_4-4_fisma"/>
<view name="SI_4-5_fisma"/>
<view name="SI_4_fisma"/>
</collection>
<collection label="SI-5">
<view name="SI_5-1_fisma"/>
<view name="SI_5_fisma"/>
</collection>
<collection label="SI-6">
<view name="SI_6_fisma"/>
</collection>
<collection label="SI-7">
<view name="SI_7-1_fisma"/>
<view name="SI_7_15_fisma"/>
<view name="SI_7-2_fisma"/>
<view name="SI_7-5_fisma"/>
<view name="SI_7-7_fisma"/>
<view name="SI_7_fisma"/>
</collection>
<collection label="SI-8">
<view name="SI_8-2_fisma"/>
<view name="SI_8_fisma"/>
</collection>
<collection label="SI-10">
<view name="SI_10_fisma"/>
</collection>
<collection label="SI-11">
<view name="SI_11_fisma"/>
</collection>
<collection label="SI-12">
<view name="SI_12_fisma"/>
</collection>
<collection label="SI-16">
<view name="SI_16_fisma"/>
</collection>
</collection>
</collection>

<view name="executive_overview" default="true"/>
<view name="practice_setup"/>
<view name="custom_content"/>
<view name="system_overview"/>
<collection label="Other Menus">
<view name="compliance_essentials_health"/>
<view name="audit_workflow"/>
<view name="access_overview"/>
<view name="dashboards"/>
<view name="search"/>
<view name="reports" />
</collection>
<a href="https://splunk.github.io/Compliance_Essentials/" target="_blank">Docs</a>
</nav>

<nav search_view="search" color="#000000">
<a class="disabled" target="" href="omb_home">OMB</a>
<collection label="Practice Families">
<view name="omb_home"/>
<view name="omb_contents"/>
<divider />
<collection label="Identity and Credential Management">
<view name="01_omb"/>
</collection>
<collection label="Privileged Identity and Credential Management">
<view name="02_omb"/>
</collection>
<collection label="Email Filtering, Spam, and Phishing">
<view name="03_omb"/>
</collection>
<collection label="Network Device Infrastructure">
<view name="04_omb"/>
<view name="05_omb"/>
<view name="06_omb"/>
<view name="07_omb"/>
<view name="08_omb"/>
</collection>
<collection label="Network Device Infrastructure (General Logging)">
<view name="09_omb"/>
<view name="10_omb"/>
<view name="11_omb"/>
<view name="12_omb"/>
<view name="13_omb"/>
</collection>
<collection label="Network Device Infrastructure (Access, Authorization, and Accounting)">
<view name="14_omb"/>
</collection>
<collection label="Operating Systems - Windows Infrastructure and Operating Systems">
<view name="15_omb"/>
</collection>
<collection label="Operating Systems - MACOS (Or Other Apple Desktop and Server Operating Systems)">
<view name="16_omb"/>
</collection>
<collection label="Operating Systems - BSD (Linux)">
<view name="17_omb"/>
</collection>
<collection label="Cloud Environments (General Events)">
<view name="18_omb"/>
</collection>
<collection label="Cloud Environments (General Logging)">
<view name="19_omb"/>
</collection>
<collection label="Cloud AWS">
<view name="20_omb"/>
</collection>
<collection label="Cloud Azure">
<view name="21_omb"/>
</collection>
<collection label="Cloud GCP">
<view name="22_omb"/>
</collection>
<collection label="System Configuration and Performance">
<view name="23_omb"/>
<view name="24_omb"/>
<view name="25_omb"/>
</collection>
<collection label="Authentication and Authorization">
<view name="26_omb"/>
<view name="27_omb"/>
<view name="28_omb"/>
</collection>
<collection label="Anti-Virus and Behavior-Based Malware Protection">
<view name="29_omb"/>
<view name="30_omb"/>
<view name="31_omb"/>
<view name="32_omb"/>
<view name="33_omb"/>
<view name="34_omb"/>
</collection>
<collection label="PKI Infrastructure">
<view name="35_omb"/>
</collection>
<collection label="Vulnerability Assessments">
<view name="36_omb"/>
</collection>
<collection label="Database Level">
<view name="37_omb"/>
</collection>
<collection label="Application Level">
<view name="38_omb"/>
<view name="39_omb"/>
<view name="40_omb"/>
<view name="41_omb"/>
</collection>
<collection label="Virtualization System">
<view name="42_omb"/>
</collection>
<collection label="Mobile (Smartphones and Tablets) EMM (UEM) / MTD Server Logs">
<view name="43_omb"/>
</collection>
<collection label="Mobile (Smartphones and Tablets) EMM (UEM) / MTD Agent Logs">
<view name="44_omb"/>
</collection>
<collection label="Container - Supply Chain">
<view name="45_omb"/>
<view name="46_omb"/>
<view name="47_omb"/>
</collection>
<collection label="Data Loss Prevention">
<view name="48_omb"/>
</collection>
<collection label="Network Traffic">
<view name="49_omb"/>
<view name="50_omb"/>
<view name="51_omb"/>
</collection>
<collection label="Container - Image">
<view name="52_omb"/>
</collection>
<collection label="Container - Engine (Management / Orchestration)">
<view name="53_omb"/>
</collection>
<collection label="Container - OS">
<view name="54_omb"/>
<view name="55_omb"/>
<view name="56_omb"/>
</collection>
<collection label="Mainframes">
<view name="57_omb"/>
</collection>
<collection label="Container - Cluster/Pod Events">
<view name="58_omb"/>
</collection>
</collection>
<view name="executive_overview" default="true"/>
<view name="practice_setup"/>
<view name="custom_content"/>
<view name="system_overview"/>
<collection label="Other Menus">
<view name="compliance_essentials_health"/>
<view name="audit_workflow"/>
<view name="access_overview"/>
<view name="dashboards"/>
<view name="search"/>
<view name="reports" />
</collection>
<a href="https://splunk.github.io/Compliance_Essentials/" target="_blank">Docs</a>
</nav>

<nav search_view="search" color="#000000">
<collection label="RMF">
<view name="rmf_home"/>
<divider />
<collection label="Access Control">
<collection label="AC-1 - Policy and Procedures">
<collection label="AC-1 - Policy and Procedures">
<view name="AC_1_1_rmf"/>
<view name="AC_1_2_rmf"/>
<view name="AC_1_4_rmf"/>
<view name="AC_1_5_rmf"/>
<view name="AC_1_6_rmf"/>
<view name="AC_1_7_rmf"/>
<view name="AC_1_9_rmf"/>
<view name="AC_1_9_rmf"/>
<view name="AC_1_10_rmf"/>
</collection>
</collection>
<collection label="AC-2 - Account Management">
<collection label="AC-2 - Account Management">
<view name="AC_2_1_rmf"/>
<view name="AC_2_2_rmf"/>
<view name="AC_2_3_rmf"/>
<view name="AC_2_4_rmf"/>
<view name="AC_2_5_rmf"/>
<view name="AC_2_6_rmf"/>
<view name="AC_2_7_rmf"/>
<view name="AC_2_8_rmf"/>
<view name="AC_2_9_rmf"/>
<view name="AC_2_10_rmf"/>
<view name="AC_2_11_rmf"/>
<view name="AC_2_12_rmf"/>
<view name="AC_2_13_rmf"/>
<view name="AC_2_14_rmf"/>
<view name="AC_2_15_rmf"/>
<view name="AC_2_16_rmf"/>
<view name="AC_2_17_rmf"/>
<view name="AC_2_18_rmf"/>
<view name="AC_2_19_rmf"/>
<view name="AC_2_20_rmf"/>
<view name="AC_2_21_rmf"/>
<view name="AC_2_22_rmf"/>
<view name="AC_2_23_rmf"/>
<view name="AC_2_24_rmf"/>
</collection>
<collection label="AC-2(1) - Account Management | Automated System Account Management">
<view name="AC_2-1_1_rmf"/>
</collection>
<collection label="AC-2(10) - Account Management | Shared and Group Account Credential Change">
<view name="AC_2-10_1_rmf"/>
</collection>
<collection label="AC-2(11) - Account Management | Usage Conditions">
<view name="AC_2-11_1_rmf"/>
<view name="AC_2-11_2_rmf"/>
<view name="AC_2-11_3_rmf"/>
</collection>
<collection label="AC-2(12) - Account Management | Account Monitoring for Atypical Usage">
<view name="AC_2-12_1_rmf"/>
<view name="AC_2-12_2_rmf"/>
<view name="AC_2-12_3_rmf"/>
<view name="AC_2-12_4_rmf"/>
</collection>
<collection label="AC-2(13) - Account Management | Disable Accounts for High-risk Individuals">
<view name="AC_2-13_1_rmf"/>
<view name="AC_2-13_2_rmf"/>
</collection>
<collection label="AC-2(2) - Account Management | Automated Temporary and Emergency Account Management">
<view name="AC_2-2_1_rmf"/>
<view name="AC_2-2_2_rmf"/>
<view name="AC_2-2_3_rmf"/>
<view name="AC_2-2_4_rmf"/>
</collection>
<collection label="AC-2(3) - Account Management | Disable Accounts">
<view name="AC_2-3_1_rmf"/>
<view name="AC_2-3_2_rmf"/>
</collection>
<collection label="AC-2(4) - Account Management | Automated Audit Actions">
<view name="AC_2-4_1_rmf"/>
<view name="AC_2-4_2_rmf"/>
<view name="AC_2-4_3_rmf"/>
<view name="AC_2-4_4_rmf"/>
<view name="AC_2-4_5_rmf"/>
<view name="AC_2-4_6_rmf"/>
<view name="AC_2-4_7_rmf"/>
<view name="AC_2-4_8_rmf"/>
<view name="AC_2-4_9_rmf"/>
</collection>
<collection label="AC-2(5) - Account Management | Inactivity Logout">
<view name="AC_2-5_1_rmf"/>
<view name="AC_2-5_2_rmf"/>
<view name="AC_2-5_3_rmf"/>
</collection>
<collection label="AC-2(6) - Account Management | Dynamic Privilege Management">
<view name="AC_2-6_1_rmf"/>
<view name="AC_2-6_2_rmf"/>
</collection>
<collection label="AC-2(7) - Account Management | Privileged User Accounts">
<view name="AC_2-7_1_rmf"/>
<view name="AC_2-7_2_rmf"/>
<view name="AC_2-7_3_rmf"/>
<view name="AC_2-7_4_rmf"/>
<view name="AC_2-7_5_rmf"/>
</collection>
<collection label="AC-2(8) - Account Management | Dynamic Account Management">
<view name="AC_2-8_1_rmf"/>
<view name="AC_2-8_2_rmf"/>
</collection>
<collection label="AC-2(9) - Account Management | Restrictions on Use of Shared and Group Accounts">
<view name="AC_2-9_1_rmf"/>
<view name="AC_2-9_2_rmf"/>
<view name="AC_2-4_10_rmf"/>
<view name="AC_2-4_11_rmf"/>
</collection>
</collection>
<collection label="AC-3 - Access Enforcement">
<collection label="AC-3 - Access Enforcement">
<view name="AC_3_1_rmf"/>
</collection>
<collection label="AC-3(10) - Access Enforcement | Audited Override of Access Control Mechanisms">
<view name="AC_3-10_1_rmf"/>
<view name="AC_3-10_2_rmf"/>
</collection>
<collection label="AC-3(2) - Access Enforcement | Dual Authorization">
<view name="AC_3-2_1_rmf"/>
<view name="AC_3-2_2_rmf"/>
<view name="AC_3-2_3_rmf"/>
</collection>
<collection label="AC-3(3) - Access Enforcement | Mandatory Access Control">
<view name="AC_3-3_1_rmf"/>
<view name="AC_3-3_2_rmf"/>
<view name="AC_3-3_3_rmf"/>
<view name="AC_3-3_4_rmf"/>
<view name="AC_3-3_5_rmf"/>
<view name="AC_3-3_6_rmf"/>
<view name="AC_3-3_7_rmf"/>
<view name="AC_3-3_8_rmf"/>
<view name="AC_3-3_9_rmf"/>
</collection>
<collection label="AC-3(4) - Access Enforcement | Discretionary Access Control">
<view name="AC_3-4_1_rmf"/>
<view name="AC_3-4_2_rmf"/>
<view name="AC_3-4_3_rmf"/>
</collection>
<collection label="AC-3(5) - Access Enforcement | Security-relevant Information">
<view name="AC_3-5_1_rmf"/>
<view name="AC_3-5_2_rmf"/>
</collection>
<collection label="AC-3(7) - Access Enforcement | Role-based Access Control">
<view name="AC_3-7_1_rmf"/>
<view name="AC_3-7_2_rmf"/>
<view name="AC_3-7_3_rmf"/>
<view name="AC_3-7_4_rmf"/>
<view name="AC_3-7_5_rmf"/>
<view name="AC_3-7_6_rmf"/>
<view name="AC_3-7_7_rmf"/>
</collection>
<collection label="AC-3(8) - Access Enforcement | Revocation of Access Authorizations">
<view name="AC_3-8_1_rmf"/>
<view name="AC_3-8_2_rmf"/>
<view name="AC_3-8_3_rmf"/>
</collection>
<collection label="AC-3(9) - Access Enforcement | Controlled Release">
<view name="AC_3-9_1_rmf"/>
<view name="AC_3-9_2_rmf"/>
<view name="AC_3-9_3_rmf"/>
<view name="AC_3-9_4_rmf"/>
<view name="AC_3-9_5_rmf"/>
<view name="AC_3-3_10_rmf"/>
<view name="AC_3-3_11_rmf"/>
<view name="AC_3-3_12_rmf"/>
</collection>
</collection>
<collection label="AC-4 - Information Flow Enforcement">
<collection label="AC-4 - Information Flow Enforcement">
<view name="AC_4_1_rmf"/>
<view name="AC_4_2_rmf"/>
<view name="AC_4_3_rmf"/>
<view name="AC_4_4_rmf"/>
<view name="AC_4_5_rmf"/>
<view name="AC_4_6_rmf"/>
</collection>
<collection label="AC-4(1) - Information Flow Enforcement | Object Security and Privacy Attributes">
<view name="AC_4-1_1_rmf"/>
<view name="AC_4-1_2_rmf"/>
<view name="AC_4-1_3_rmf"/>
<view name="AC_4-1_4_rmf"/>
</collection>
<collection label="AC-4(10) - Information Flow Enforcement | Enable and Disable Security or Privacy Policy Filters">
<view name="AC_4-10_1_rmf"/>
<view name="AC_4-10_2_rmf"/>
<view name="AC_4-10_3_rmf"/>
</collection>
<collection label="AC-4(11) - Information Flow Enforcement | Configuration of Security or Privacy Policy Filters">
<view name="AC_4-11_1_rmf"/>
<view name="AC_4-11_2_rmf"/>
</collection>
<collection label="AC-4(12) - Information Flow Enforcement | Data Type Identifiers">
<view name="AC_4-12_1_rmf"/>
<view name="AC_4-12_2_rmf"/>
</collection>
<collection label="AC-4(13) - Information Flow Enforcement | Decomposition into Policy-relevant Subcomponents">
<view name="AC_4-13_1_rmf"/>
<view name="AC_4-13_2_rmf"/>
</collection>
<collection label="AC-4(14) - Information Flow Enforcement | Security or Privacy Policy Filter Constraints">
<view name="AC_4-14_1_rmf"/>
<view name="AC_4-14_2_rmf"/>
</collection>
<collection label="AC-4(15) - Information Flow Enforcement | Detection of Unsanctioned Information">
<view name="AC_4-15_1_rmf"/>
<view name="AC_4-15_2_rmf"/>
<view name="AC_4-15_3_rmf"/>
<view name="AC_4-15_4_rmf"/>
</collection>
<collection label="AC-4(17) - Information Flow Enforcement | Domain Authentication">
<view name="AC_4-17_1_rmf"/>
<view name="AC_4-17_2_rmf"/>
</collection>
<collection label="AC-4(18) - Information Flow Enforcement | Security Attribute Binding">
<view name="AC_4-18_1_rmf"/>
<view name="AC_4-18_2_rmf"/>
</collection>
<collection label="AC-4(19) - Information Flow Enforcement | Validation of Metadata">
<view name="AC_4-19_1_rmf"/>
</collection>
<collection label="AC-4(2) - Information Flow Enforcement | Processing Domains">
<view name="AC_4-2_1_rmf"/>
<view name="AC_4-2_2_rmf"/>
</collection>
<collection label="AC-4(20) - Information Flow Enforcement | Approved Solutions">
<view name="AC_4-20_1_rmf"/>
<view name="AC_4-20_2_rmf"/>
<view name="AC_4-20_3_rmf"/>
</collection>
<collection label="AC-4(21) - Information Flow Enforcement | Physical or Logical Separation of Information Flows">
<view name="AC_4-21_1_rmf"/>
<view name="AC_4-21_2_rmf"/>
<view name="AC_4-21_3_rmf"/>
</collection>
<collection label="AC-4(22) - Information Flow Enforcement | Access Only">
<view name="AC_4-22_1_rmf"/>
</collection>
<collection label="AC-4(3) - Information Flow Enforcement | Dynamic Information Flow Control">
<view name="AC_4-3_1_rmf"/>
<view name="AC_4-3_2_rmf"/>
</collection>
<collection label="AC-4(4) - Information Flow Enforcement | Flow Control of Encrypted Information">
<view name="AC_4-4_1_rmf"/>
<view name="AC_4-4_2_rmf"/>
</collection>
<collection label="AC-4(5) - Information Flow Enforcement | Embedded Data Types">
<view name="AC_4-5_1_rmf"/>
<view name="AC_4-5_2_rmf"/>
</collection>
<collection label="AC-4(6) - Information Flow Enforcement | Metadata">
<view name="AC_4-6_1_rmf"/>
<view name="AC_4-6_2_rmf"/>
</collection>
<collection label="AC-4(7) - Information Flow Enforcement | One-way Flow Mechanisms">
<view name="AC_4-7_1_rmf"/>
<view name="AC_4-7_2_rmf"/>
</collection>
<collection label="AC-4(8) - Information Flow Enforcement | Security and Privacy Policy Filters">
<view name="AC_4-8_1_rmf"/>
<view name="AC_4-8_2_rmf"/>
<view name="AC_4-8_3_rmf"/>
</collection>
<collection label="AC-4(9) - Information Flow Enforcement | Human Reviews">
<view name="AC_4-9_1_rmf"/>
<view name="AC_4-9_2_rmf"/>
<view name="AC_4-9_3_rmf"/>
</collection>
</collection>
<collection label="AC-5 - Separation of Duties">
<collection label="AC-5 - Separation of Duties">
<view name="AC_5_1_rmf"/>
<view name="AC_5_2_rmf"/>
<view name="AC_5_3_rmf"/>
<view name="AC_5_4_rmf"/>
</collection>
</collection>
<collection label="AC-6 - Least Privilege">
<collection label="AC-6 - Least Privilege">
<view name="AC_6_1_rmf"/>
</collection>
<collection label="AC-6(1) - Least Privilege | Authorize Access to Security Functions">
<view name="AC_6-1_1_rmf"/>
<view name="AC_6-1_2_rmf"/>
<view name="AC_6-1_3_rmf"/>
<view name="AC_6-1_4_rmf"/>
</collection>
<collection label="AC-6(10) - Least Privilege | Prohibit Non-privileged Users from Executing Privileged Functions">
<view name="AC_6-10_1_rmf"/>
</collection>
<collection label="AC-6(2) - Least Privilege | Non-privileged Access for Nonsecurity Functions">
<view name="AC_6-2_1_rmf"/>
<view name="AC_6-2_2_rmf"/>
</collection>
<collection label="AC-6(3) - Least Privilege | Network Access to Privileged Commands">
<view name="AC_6-3_1_rmf"/>
<view name="AC_6-3_2_rmf"/>
<view name="AC_6-3_3_rmf"/>
<view name="AC_6-3_4_rmf"/>
</collection>
<collection label="AC-6(4) - Least Privilege | Separate Processing Domains">
<view name="AC_6-4_1_rmf"/>
</collection>
<collection label="AC-6(5) - Least Privilege | Privileged Accounts">
<view name="AC_6-5_1_rmf"/>
<view name="AC_6-5_2_rmf"/>
</collection>
<collection label="AC-6(6) - Least Privilege | Privileged Access by Non-organizational Users">
<view name="AC_6-6_1_rmf"/>
</collection>
<collection label="AC-6(7) - Least Privilege | Review of User Privileges">
<view name="AC_6-7_1_rmf"/>
<view name="AC_6-7_2_rmf"/>
<view name="AC_6-7_3_rmf"/>
<view name="AC_6-7_4_rmf"/>
</collection>
<collection label="AC-6(8) - Least Privilege | Privilege Levels for Code Execution">
<view name="AC_6-8_1_rmf"/>
<view name="AC_6-8_2_rmf"/>
</collection>
<collection label="AC-6(9) - Least Privilege | Log Use of Privileged Functions">
<view name="AC_6-9_1_rmf"/>
</collection>
</collection>
<collection label="AC-7 - Unsuccessful Logon Attempts">
<collection label="AC-7 - Unsuccessful Logon Attempts">
<view name="AC_7_1_rmf"/>
<view name="AC_7_2_rmf"/>
<view name="AC_7_3_rmf"/>
<view name="AC_7_4_rmf"/>
<view name="AC_7_5_rmf"/>
<view name="AC_7_6_rmf"/>
</collection>
<collection label="AC-7(2) - Unsuccessful Logon Attempts | Purge or Wipe Mobile Device">
<view name="AC_7-2_1_rmf"/>
<view name="AC_7-2_2_rmf"/>
<view name="AC_7-2_3_rmf"/>
<view name="AC_7-2_4_rmf"/>
</collection>
</collection>
<collection label="AC-8 - System Use Notification">
<collection label="AC-8 - System Use Notification">
<view name="AC_8_1_rmf"/>
<view name="AC_8_2_rmf"/>
<view name="AC_8_3_rmf"/>
<view name="AC_8_4_rmf"/>
<view name="AC_8_5_rmf"/>
<view name="AC_8_6_rmf"/>
<view name="AC_8_7_rmf"/>
<view name="AC_8_8_rmf"/>
<view name="AC_8_9_rmf"/>
<view name="AC_8_10_rmf"/>
<view name="AC_8_11_rmf"/>
<view name="AC_8_12_rmf"/>
<view name="AC_8_13_rmf"/>
</collection>
</collection>
<collection label="AC-9 - Previous Logon Notification">
<collection label="AC-9 - Previous Logon Notification">
<view name="AC_9_1_rmf"/>
</collection>
<collection label="AC-9(1) - Previous Logon Notification | Unsuccessful Logons">
<view name="AC_9-1_1_rmf"/>
</collection>
<collection label="AC-9(2) - Previous Logon Notification | Successful and Unsuccessful Logons">
<view name="AC_9-2_1_rmf"/>
<view name="AC_9-2_2_rmf"/>
<view name="AC_9-2_3_rmf"/>
<view name="AC_9-2_4_rmf"/>
</collection>
<collection label="AC-9(3) - Previous Logon Notification | Notification of Account Changes">
<view name="AC_9-3_1_rmf"/>
<view name="AC_9-3_2_rmf"/>
<view name="AC_9-3_3_rmf"/>
</collection>
<collection label="AC-9(4) - Previous Logon Notification | Additional Logon Information">
<view name="AC_9-4_1_rmf"/>
<view name="AC_9-4_2_rmf"/>
</collection>
</collection>
<collection label="AC-10 - Concurrent Session Control">
<collection label="AC-10 - Concurrent Session Control">
<view name="AC_10_1_rmf"/>
<view name="AC_10_2_rmf"/>
<view name="AC_10_3_rmf"/>
</collection>
<collection label="AC-11(1) - Device Lock | Pattern-hiding Displays">
<view name="AC_11-1_1_rmf"/>
</collection>
</collection>
<collection label="AC-11 - Device Lock">
<collection label="AC-11 - Device Lock">
<view name="AC_11_2_rmf"/>
<view name="AC_11_3_rmf"/>
<view name="AC_11_4_rmf"/>
</collection>
<collection label="AC-12(1) - Session Termination | User-initiated Logouts">
<view name="AC_12-1_1_rmf"/>
<view name="AC_12-1_2_rmf"/>
<view name="AC_12-1_3_rmf"/>
</collection>
</collection>
<collection label="AC-12 - Session Termination">
<collection label="AC-12 - Session Termination">
<view name="AC_12_1_rmf"/>
<view name="AC_12_2_rmf"/>
</collection>
</collection>
<collection label="AC-14 - Permitted Actions Without Identification or Authentication">
<collection label="AC-14 - Permitted Actions Without Identification or Authentication">
<view name="AC_14_1_rmf"/>
<view name="AC_14_2_rmf"/>
</collection>
<collection label="AC-16(1) - Security and Privacy Attributes | Dynamic Attribute Association">
<view name="AC_16-1_1_rmf"/>
<view name="AC_16-1_2_rmf"/>
<view name="AC_16-1_3_rmf"/>
<view name="AC_16-1_4_rmf"/>
<view name="AC_16-1_5_rmf"/>
</collection>
<collection label="AC-16(10) - Security and Privacy Attributes | Attribute Configuration by Authorized Individuals">
<view name="AC_16-10_1_rmf"/>
<view name="AC_16-10_2_rmf"/>
<view name="AC_16-10_3_rmf"/>
<view name="AC_16-10_4_rmf"/>
<view name="AC_16-10_5_rmf"/>
</collection>
<collection label="AC-16(2) - Security and Privacy Attributes | Attribute Value Changes by Authorized Individuals">
<view name="AC_16-2_1_rmf"/>
<view name="AC_16-2_2_rmf"/>
<view name="AC_16-2_3_rmf"/>
<view name="AC_16-2_4_rmf"/>
</collection>
<collection label="AC-16(3) - Security and Privacy Attributes | Maintenance of Attribute Associations by System">
<view name="AC_16-3_1_rmf"/>
<view name="AC_16-3_2_rmf"/>
<view name="AC_16-3_3_rmf"/>
<view name="AC_16-3_4_rmf"/>
<view name="AC_16-3_5_rmf"/>
<view name="AC_16-3_6_rmf"/>
<view name="AC_16-3_7_rmf"/>
</collection>
<collection label="AC-16(4) - Security and Privacy Attributes | Association of Attributes by Authorized Individuals">
<view name="AC_16-4_1_rmf"/>
<view name="AC_16-4_2_rmf"/>
<view name="AC_16-4_3_rmf"/>
<view name="AC_16-4_4_rmf"/>
<view name="AC_16-4_5_rmf"/>
<view name="AC_16-4_6_rmf"/>
<view name="AC_16-4_7_rmf"/>
</collection>
<collection label="AC-16(5) - Security and Privacy Attributes | Attribute Displays on Objects to Be Output">
<view name="AC_16-5_1_rmf"/>
<view name="AC_16-5_2_rmf"/>
<view name="AC_16-5_3_rmf"/>
</collection>
<collection label="AC-16(6) - Security and Privacy Attributes | Maintenance of Attribute Association">
<view name="AC_16-6_1_rmf"/>
<view name="AC_16-6_2_rmf"/>
<view name="AC_16-6_3_rmf"/>
<view name="AC_16-6_4_rmf"/>
<view name="AC_16-6_5_rmf"/>
<view name="AC_16-6_6_rmf"/>
<view name="AC_16-6_7_rmf"/>
<view name="AC_16-6_8_rmf"/>
</collection>
<collection label="AC-16(7) - Security and Privacy Attributes | Consistent Attribute Interpretation">
<view name="AC_16-7_1_rmf"/>
</collection>
<collection label="AC-16(8) - Security and Privacy Attributes | Association Techniques and Technologies">
<view name="AC_16-8_1_rmf"/>
<view name="AC_16-8_2_rmf"/>
<view name="AC_16-8_3_rmf"/>
</collection>
<collection label="AC-16(9) - Security and Privacy Attributes | Attribute Reassignment ? Regrading Mechanisms">
<view name="AC_16-9_1_rmf"/>
<view name="AC_16-9_2_rmf"/>
</collection>
</collection>
<collection label="AC-16 - Security and Privacy Attributes">
<collection label="AC-16 - Security and Privacy Attributes">
<view name="AC_16_1_rmf"/>
<view name="AC_16_2_rmf"/>
<view name="AC_16_3_rmf"/>
<view name="AC_16_4_rmf"/>
<view name="AC_16_5_rmf"/>
<view name="AC_16_6_rmf"/>
<view name="AC_16_7_rmf"/>
<view name="AC_16_8_rmf"/>
<view name="AC_16_9_rmf"/>
<view name="AC_16_10_rmf"/>
<view name="AC_16_11_rmf"/>
<view name="AC_16_12_rmf"/>
<view name="AC_16_13_rmf"/>
<view name="AC_16_14_rmf"/>
<view name="AC_16_15_rmf"/>
<view name="AC_16_16_rmf"/>
</collection>
<collection label="AC-17(1) - Remote Access | Monitoring and Control">
<view name="AC_17-1_1_rmf"/>
<view name="AC_17-1_2_rmf"/>
</collection>
<collection label="AC-17(2) - Remote Access | Protection of Confidentiality and Integrity Using Encryption">
<view name="AC_17-2_1_rmf"/>
<view name="AC_17-2_2_rmf"/>
</collection>
<collection label="AC-17(3) - Remote Access | Managed Access Control Points">
<view name="AC_17-3_1_rmf"/>
<view name="AC_17-3_2_rmf"/>
<view name="AC_17-3_3_rmf"/>
</collection>
<collection label="AC-17(4) - Remote Access | Privileged Commands and Access">
<view name="AC_17-4_1_rmf"/>
<view name="AC_17-4_2_rmf"/>
<view name="AC_17-4_3_rmf"/>
<view name="AC_17-4_4_rmf"/>
<view name="AC_17-4_5_rmf"/>
<view name="AC_17-4_6_rmf"/>
</collection>
<collection label="AC-17(6) - Remote Access | Protection of Mechanism Information">
<view name="AC_17-6_1_rmf"/>
</collection>
<collection label="AC-17(9) - Remote Access | Disconnect or Disable Access">
<view name="AC_17-9_1_rmf"/>
<view name="AC_17-9_2_rmf"/>
</collection>
</collection>
<collection label="AC-17 - Remote Access">
<collection label="AC-17 - Remote Access">
<view name="AC_17_1_rmf"/>
<view name="AC_17_2_rmf"/>
<view name="AC_17_3_rmf"/>
<view name="AC_17_4_rmf"/>
<view name="AC_17_5_rmf"/>
</collection>
<collection label="AC-18(1) - Wireless Access | Authentication and Encryption">
<view name="AC_18-1_1_rmf"/>
<view name="AC_18-1_2_rmf"/>
</collection>
<collection label="AC-18(3) - Wireless Access | Disable Wireless Networking">
<view name="AC_18-3_1_rmf"/>
</collection>
<collection label="AC-18(4) - Wireless Access | Restrict Configurations by Users">
<view name="AC_18-4_1_rmf"/>
</collection>
<collection label="AC-18(5) - Wireless Access | Antennas and Transmission Power Levels">
<view name="AC_18-5_1_rmf"/>
</collection>
</collection>
<collection label="AC-18 - Wireless Access">
<collection label="AC-18 - Wireless Access">
<view name="AC_18_1_rmf"/>
<view name="AC_18_2_rmf"/>
<view name="AC_18_3_rmf"/>
<view name="AC_18_4_rmf"/>
</collection>
<collection label="AC-19(4) - Access Control for Mobile Devices | Restrictions for Classified Information">
<view name="AC_19-4_1_rmf"/>
<view name="AC_19-4_2_rmf"/>
<view name="AC_19-4_3_rmf"/>
<view name="AC_19-4_4_rmf"/>
<view name="AC_19-4_5_rmf"/>
<view name="AC_19-4_6_rmf"/>
<view name="AC_19-4_7_rmf"/>
<view name="AC_19-4_8_rmf"/>
<view name="AC_19-4_9_rmf"/>
</collection>
<collection label="AC-19(5) - Access Control for Mobile Devices | Full Device or Container-based Encryption">
<view name="AC_19-5_1_rmf"/>
<view name="AC_19-5_2_rmf"/>
<view name="AC_19-5_3_rmf"/>
</collection>
</collection>
<collection label="AC-19 - Access Control for Mobile Devices">
<collection label="AC-19 - Access Control for Mobile Devices">
<view name="AC_19_1_rmf"/>
<view name="AC_19_2_rmf"/>
<view name="AC_19_3_rmf"/>
<view name="AC_19_4_rmf"/>
<view name="AC_19_5_rmf"/>
</collection>
<collection label="AC-20(1) - Use of External Systems | Limits on Authorized Use">
<view name="AC_20-1_1_rmf"/>
<view name="AC_20-1_2_rmf"/>
<view name="AC_20-1_3_rmf"/>
<view name="AC_20-1_4_rmf"/>
<view name="AC_20-1_5_rmf"/>
</collection>
<collection label="AC-20(2) - Use of External Systems | Portable Storage Devices ? Restricted Use">
<view name="AC_20-2_1_rmf"/>
</collection>
<collection label="AC-20(3) - Use of External Systems | Non-organizationally Owned Systems ? Restricted Use">
<view name="AC_20-3_1_rmf"/>
</collection>
<collection label="AC-20(4) - Use of External Systems | Network Accessible Storage Devices ? Prohibited Use">
<view name="AC_20-4_1_rmf"/>
<view name="AC_20-4_2_rmf"/>
</collection>
</collection>
<collection label="AC-20 - Use of External Systems">
<collection label="AC-20 - Use of External Systems">
<view name="AC_20_1_rmf"/>
<view name="AC_20_2_rmf"/>
</collection>
<collection label="AC-21(1) - Information Sharing | Automated Decision Support">
<view name="AC_21-1_1_rmf"/>
</collection>
<collection label="AC-21(2) - Information Sharing | Information Search and Retrieval">
<view name="AC_21-2_1_rmf"/>
<view name="AC_21-2_2_rmf"/>
</collection>
</collection>
<collection label="AC-21 - Information Sharing">
<collection label="AC-21 - Information Sharing">
<view name="AC_21_1_rmf"/>
<view name="AC_21_2_rmf"/>
<view name="AC_21_3_rmf"/>
<view name="AC_21_4_rmf"/>
</collection>
</collection>
<collection label="AC-22 - Publicly Accessible Content">
<collection label="AC-22 - Publicly Accessible Content">
<view name="AC_22_1_rmf"/>
<view name="AC_22_2_rmf"/>
<view name="AC_22_3_rmf"/>
<view name="AC_22_4_rmf"/>
<view name="AC_22_5_rmf"/>
<view name="AC_22_6_rmf"/>
</collection>
</collection>
<collection label="AC-23 - Data Mining Protection">
<collection label="AC-23 - Data Mining Protection">
<view name="AC_23_1_rmf"/>
<view name="AC_23_2_rmf"/>
<view name="AC_23_3_rmf"/>
<view name="AC_23_4_rmf"/>
<view name="AC_23_5_rmf"/>
</collection>
<collection label="AC-24(1) - Access Control Decisions | Transmit Access Authorization Information">
<view name="AC_24-1_1_rmf"/>
<view name="AC_24-1_2_rmf"/>
<view name="AC_24-1_3_rmf"/>
<view name="AC_24-1_4_rmf"/>
</collection>
<collection label="AC-24(2) - Access Control Decisions | No User or Process Identity">
<view name="AC_24-2_1_rmf"/>
<view name="AC_24-2_2_rmf"/>
</collection>
</collection>
<collection label="AC-24 - Access Control Decisions">
<collection label="AC-24 - Access Control Decisions">
<view name="AC_24_1_rmf"/>
<view name="AC_24_2_rmf"/>
</collection>
</collection>
<collection label="AC-25 - Reference Monitor">
<collection label="AC-25 - Reference Monitor">
<view name="AC_25_1_rmf"/>
<view name="AC_25_2_rmf"/>
<view name="AC_25_3_rmf"/>
<view name="AC_25_4_rmf"/>
</collection>
</collection>
</collection>
<collection label="Assessment, Authorization, And Monitoring">
<collection label="CA-1 - Policy and Procedures">
<collection label="CA-1 - Policy and Procedures">
<view name="CA_1_1_rmf"/>
<view name="CA_1_2_rmf"/>
<view name="CA_1_3_rmf"/>
<view name="CA_1_4_rmf"/>
<view name="CA_1_5_rmf"/>
<view name="CA_1_6_rmf"/>
<view name="CA_1_7_rmf"/>
<view name="CA_1_8_rmf"/>
<view name="CA_1_9_rmf"/>
<view name="CA_1_10_rmf"/>
</collection>
</collection>
<collection label="CA-2 - Control Assessments">
<collection label="CA-2 - Control Assessments">
<view name="CA_2_1_rmf"/>
<view name="CA_2_2_rmf"/>
<view name="CA_2_3_rmf"/>
<view name="CA_2_4_rmf"/>
<view name="CA_2_5_rmf"/>
<view name="CA_2_6_rmf"/>
<view name="CA_2_7_rmf"/>
<view name="CA_2_8_rmf"/>
<view name="CA_2_9_rmf"/>
<view name="CA_2_10_rmf"/>
</collection>
<collection label="CA-2(1) - Control Assessments | Independent Assessors">
<view name="CA_2-1_1_rmf"/>
<view name="CA_2-1_2_rmf"/>
</collection>
<collection label="CA-2(2) - Control Assessments | Specialized Assessments">
<view name="CA_2-2_1_rmf"/>
<view name="CA_2-2_2_rmf"/>
<view name="CA_2-2_3_rmf"/>
<view name="CA_2-2_4_rmf"/>
<view name="CA_2-2_5_rmf"/>
</collection>
<collection label="CA-2(3) - Control Assessments | Leveraging Results from External Organizations">
<view name="CA_2-3_1_rmf"/>
<view name="CA_2-3_2_rmf"/>
<view name="CA_2-3_3_rmf"/>
<view name="CA_2-3_4_rmf"/>
</collection>
</collection>
<collection label="CA-3 - Information Exchange">
<collection label="CA-3 - Information Exchange">
<view name="CA_3_1_rmf"/>
<view name="CA_3_2_rmf"/>
<view name="CA_3_3_rmf"/>
<view name="CA_3_4_rmf"/>
<view name="CA_3_5_rmf"/>
<view name="CA_3_6_rmf"/>
</collection>
<collection label="CA-3(1) - Information Exchange | Unclassified National Security System Connections">
<view name="CA_3-1_1_rmf"/>
<view name="CA_3-1_2_rmf"/>
<view name="CA_3-1_3_rmf"/>
</collection>
<collection label="CA-3(2) - Information Exchange | Classified National Security System Connections">
<view name="CA_3-2_1_rmf"/>
<view name="CA_3-2_2_rmf"/>
</collection>
<collection label="CA-3(3) - Information Exchange | Unclassified Non-national Security System Connections">
<view name="CA_3-3_1_rmf"/>
<view name="CA_3-3_2_rmf"/>
<view name="CA_3-3_3_rmf"/>
</collection>
<collection label="CA-3(4) - Information Exchange | Connections to Public Networks">
<view name="CA_3-4_1_rmf"/>
<view name="CA_3-4_2_rmf"/>
</collection>
<collection label="CA-3(5) - Information Exchange | Restrictions on External System Connections">
<view name="CA_3-5_1_rmf"/>
<view name="CA_3-5_2_rmf"/>
<view name="CA_3-5_3_rmf"/>
</collection>
</collection>
<collection label="CA-5 - Plan of Action and Milestones">
<collection label="CA-5 - Plan of Action and Milestones">
<view name="CA_5_1_rmf"/>
<view name="CA_5_2_rmf"/>
<view name="CA_5_3_rmf"/>
</collection>
<collection label="CA-5(1) - Plan of Action and Milestones | Automation Support for Accuracy and Currency">
<view name="CA_5-1_1_rmf"/>
<view name="CA_5-1_2_rmf"/>
<view name="CA_5-1_3_rmf"/>
</collection>
</collection>
<collection label="CA-6 - Authorization">
<collection label="CA-6 - Authorization">
<view name="CA_6_1_rmf"/>
<view name="CA_6_2_rmf"/>
<view name="CA_6_3_rmf"/>
<view name="CA_6_4_rmf"/>
</collection>
</collection>
<collection label="CA-7 - Continuous Monitoring">
<collection label="CA-7 - Continuous Monitoring">
<view name="CA_7_1_rmf"/>
<view name="CA_7_2_rmf"/>
<view name="CA_7_3_rmf"/>
<view name="CA_7_4_rmf"/>
<view name="CA_7_5_rmf"/>
<view name="CA_7_6_rmf"/>
<view name="CA_7_7_rmf"/>
<view name="CA_7_8_rmf"/>
<view name="CA_7_9_rmf"/>
<view name="CA_7_10_rmf"/>
<view name="CA_7_11_rmf"/>
</collection>
<collection label="CA-7(1) - Continuous Monitoring | Independent Assessment">
<view name="CA_7-1_1_rmf"/>
<view name="CA_7-1_2_rmf"/>
</collection>
<collection label="CA-7(3) - Continuous Monitoring | Trend Analyses">
<view name="CA_7-3_1_rmf"/>
</collection>
</collection>
<collection label="CA-8 - Penetration Testing">
<collection label="CA-8 - Penetration Testing">
<view name="CA_8_1_rmf"/>
<view name="CA_8_2_rmf"/>
<view name="CA_8_3_rmf"/>
</collection>
<collection label="CA-8(1) - Penetration Testing | Independent Penetration Testing Agent or Team">
<view name="CA_8-1_1_rmf"/>
</collection>
<collection label="CA-8(2) - Penetration Testing | Red Team Exercises">
<view name="CA_8-2_1_rmf"/>
<view name="CA_8-2_2_rmf"/>
<view name="CA_8-2_3_rmf"/>
</collection>
</collection>
<collection label="CA-9 - Internal System Connections">
<collection label="CA-9 - Internal System Connections">
<view name="CA_9_1_rmf"/>
<view name="CA_9_2_rmf"/>
<view name="CA_9_3_rmf"/>
<view name="CA_9_4_rmf"/>
<view name="CA_9_5_rmf"/>
</collection>
<collection label="CA-9(1) - Internal System Connections | Compliance Checks">
<view name="CA_9-1_1_rmf"/>
</collection>
</collection>
</collection>
<collection label="Audit and Accountability">
<collection label="AU-1 - Policy and Procedures">
<collection label="AU-1 - Policy and Procedures">
<view name="AU_1_1_rmf"/>
<view name="AU_1_2_rmf"/>
<view name="AU_1_3_rmf"/>
<view name="AU_1_4_rmf"/>
<view name="AU_1_5_rmf"/>
<view name="AU_1_6_rmf"/>
<view name="AU_1_7_rmf"/>
<view name="AU_1_8_rmf"/>
<view name="AU_1_9_rmf"/>
<view name="AU_1_10_rmf"/>
</collection>
</collection>
<collection label="AU-2 - Event Logging">
<collection label="AU-2 - Event Logging">
<view name="AU_2_1_rmf"/>
<view name="AU_2_2_rmf"/>
<view name="AU_2_3_rmf"/>
<view name="AU_2_4_rmf"/>
<view name="AU_2_5_rmf"/>
<view name="AU_2_6_rmf"/>
<view name="AU_2_7_rmf"/>
</collection>
<collection label="AU-2(3) - Event Logging | Reviews and Updates">
<view name="AU_2-3_1_rmf"/>
<view name="AU_2-3_2_rmf"/>
</collection>
</collection>
<collection label="AU-3 - Content of Audit Records">
<collection label="AU-3 - Content of Audit Records">
<view name="AU_3_1_rmf"/>
<view name="AU_3_2_rmf"/>
<view name="AU_3_3_rmf"/>
<view name="AU_3_4_rmf"/>
<view name="AU_3_5_rmf"/>
<view name="AU_3_6_rmf"/>
</collection>
<collection label="AU-3(1) - Content of Audit Records | Additional Audit Information">
<view name="AU_3-1_1_rmf"/>
<view name="AU_3-1_2_rmf"/>
</collection>
<collection label="AU-3(2) - Content of Audit Records | Centralized Management of Planned Audit Record Content">
<view name="AU_3-2_1_rmf"/>
<view name="AU_3-2_2_rmf"/>
<view name="AU_3-2_3_rmf"/>
</collection>
</collection>
<collection label="AU-4 - Audit Log Storage Capacity">
<collection label="AU-4 - Audit Log Storage Capacity">
<view name="AU_4_1_rmf"/>
<view name="AU_4_2_rmf"/>
</collection>
<collection label="AU-4(1) - Audit Log Storage Capacity | Transfer to Alternate Storage">
<view name="AU_4-1_1_rmf"/>
<view name="AU_4-1_2_rmf"/>
</collection>
</collection>
<collection label="AU-5 - Response to Audit Logging Process Failures">
<collection label="AU-5 - Response to Audit Logging Process Failures">
<view name="AU_5_1_rmf"/>
<view name="AU_5_2_rmf"/>
<view name="AU_5_3_rmf"/>
<view name="AU_5_4_rmf"/>
</collection>
<collection label="AU-5(1) - Response to Audit Logging Process Failures | Storage Capacity Warning">
<view name="AU_5-1_1_rmf"/>
<view name="AU_5-1_2_rmf"/>
<view name="AU_5-1_3_rmf"/>
<view name="AU_5-1_4_rmf"/>
</collection>
<collection label="AU-5(2) - Response to Audit Logging Process Failures | Real-time Alerts">
<view name="AU_5-2_1_rmf"/>
<view name="AU_5-2_2_rmf"/>
<view name="AU_5-2_3_rmf"/>
<view name="AU_5-2_4_rmf"/>
</collection>
<collection label="AU-5(3) - Response to Audit Logging Process Failures | Configurable Traffic Volume Thresholds">
<view name="AU_5-3_1_rmf"/>
<view name="AU_5-3_2_rmf"/>
<view name="AU_5-3_3_rmf"/>
<view name="AU_5-3_4_rmf"/>
</collection>
<collection label="AU-5(4) - Response to Audit Logging Process Failures | Shutdown on Failure">
<view name="AU_5-4_1_rmf"/>
<view name="AU_5-4_2_rmf"/>
<view name="AU_5-4_3_rmf"/>
</collection>
</collection>
<collection label="AU-6 - Audit Record Review, Analysis, and Reporting">
<collection label="AU-6 - Audit Record Review, Analysis, and Reporting">
<view name="AU_6_1_rmf"/>
<view name="AU_6_2_rmf"/>
<view name="AU_6_3_rmf"/>
<view name="AU_6_4_rmf"/>
<view name="AU_6_5_rmf"/>
</collection>
<collection label="AU-6(1) - Audit Record Review, Analysis, and Reporting | Automated Process Integration">
<view name="AU_6-1_1_rmf"/>
<view name="AU_6-1_2_rmf"/>
</collection>
<collection label="AU-6(10) - Audit Record Review, Analysis, and Reporting | Audit Level Adjustment">
<view name="AU_6-10_1_rmf"/>
<view name="AU_6-10_2_rmf"/>
</collection>
<collection label="AU-6(3) - Audit Record Review, Analysis, and Reporting | Correlate Audit Record Repositories">
<view name="AU_6-3_1_rmf"/>
</collection>
<collection label="AU-6(4) - Audit Record Review, Analysis, and Reporting | Central Review and Analysis">
<view name="AU_6-4_1_rmf"/>
</collection>
<collection label="AU-6(5) - Audit Record Review, Analysis, and Reporting | Integrated Analysis of Audit Records">
<view name="AU_6-5_1_rmf"/>
<view name="AU_6-5_2_rmf"/>
</collection>
<collection label="AU-6(6) - Audit Record Review, Analysis, and Reporting | Correlation with Physical Monitoring">
<view name="AU_6-6_1_rmf"/>
</collection>
<collection label="AU-6(7) - Audit Record Review, Analysis, and Reporting | Permitted Actions">
<view name="AU_6-7_1_rmf"/>
<view name="AU_6-7_2_rmf"/>
</collection>
<collection label="AU-6(8) - Audit Record Review, Analysis, and Reporting | Full Text Analysis of Privileged Commands">
<view name="AU_6-8_1_rmf"/>
</collection>
<collection label="AU-6(9) - Audit Record Review, Analysis, and Reporting | Correlation with Information from Nontechnical Sources">
<view name="AU_6-9_1_rmf"/>
</collection>
</collection>
<collection label="AU-7 - Audit Record Reduction and Report Generation">
<collection label="AU-7 - Audit Record Reduction and Report Generation">
<view name="AU_7_1_rmf"/>
<view name="AU_7_2_rmf"/>
<view name="AU_7_3_rmf"/>
<view name="AU_7_4_rmf"/>
<view name="AU_7_5_rmf"/>
<view name="AU_7_6_rmf"/>
<view name="AU_7_7_rmf"/>
<view name="AU_7_8_rmf"/>
</collection>
<collection label="AU-7(1) - Audit Record Reduction and Report Generation | Automatic Processing">
<view name="AU_7-1_1_rmf"/>
<view name="AU_7-1_2_rmf"/>
</collection>
<collection label="AU-7(2) - Audit Record Reduction and Report Generation | Automatic Sort and Search">
<view name="AU_7-2_1_rmf"/>
<view name="AU_7-2_2_rmf"/>
<view name="AU_7-2_3_rmf"/>
<view name="AU_7-2_4_rmf"/>
</collection>
</collection>
<collection label="AU-8 - Time Stamps">
<collection label="AU-8 - Time Stamps">
<view name="AU_8_1_rmf"/>
<view name="AU_8_2_rmf"/>
<view name="AU_8_3_rmf"/>
<view name="AU_8_4_rmf"/>
</collection>
<collection label="AU-8(1) - Time Stamps | Synchronization with Authoritative Time Source">
<view name="AU_8-1_1_rmf"/>
<view name="AU_8-1_2_rmf"/>
<view name="AU_8-1_3_rmf"/>
<view name="AU_8-1_4_rmf"/>
<view name="AU_8-1_5_rmf"/>
</collection>
<collection label="AU-8(2) - Time Stamps | Secondary Authoritative Time Source">
<view name="AU_8-2_1_rmf"/>
</collection>
</collection>
<collection label="AU-9 - Protection of Audit Information">
<collection label="AU-9 - Protection of Audit Information">
<view name="AU_9_1_rmf"/>
<view name="AU_9_2_rmf"/>
<view name="AU_9_3_rmf"/>
<view name="AU_9_4_rmf"/>
<view name="AU_9_5_rmf"/>
<view name="AU_9_6_rmf"/>
</collection>
<collection label="AU-9(1) - Protection of Audit Information | Hardware Write-once Media">
<view name="AU_9-1_1_rmf"/>
</collection>
<collection label="AU-9(2) - Protection of Audit Information | Store on Separate Physical Systems or Components">
<view name="AU_9-2_1_rmf"/>
<view name="AU_9-2_2_rmf"/>
<view name="AU_9-2_3_rmf"/>
</collection>
<collection label="AU-9(3) - Protection of Audit Information | Cryptographic Protection">
<view name="AU_9-3_1_rmf"/>
<view name="AU_9-3_2_rmf"/>
</collection>
<collection label="AU-9(4) - Protection of Audit Information | Access by Subset of Privileged Users">
<view name="AU_9-4_1_rmf"/>
<view name="AU_9-4_2_rmf"/>
</collection>
<collection label="AU-9(5) - Protection of Audit Information | Dual Authorization">
<view name="AU_9-5_1_rmf"/>
<view name="AU_9-5_2_rmf"/>
</collection>
<collection label="AU-9(6) - Protection of Audit Information | Read-only Access">
<view name="AU_9-6_1_rmf"/>
<view name="AU_9-6_2_rmf"/>
</collection>
<collection label="AU-10(1) - Non-repudiation | Association of Identities">
<view name="AU_10-1_1_rmf"/>
<view name="AU_10-1_2_rmf"/>
<view name="AU_10-1_3_rmf"/>
</collection>
<collection label="AU-10(2) - Non-repudiation | Validate Binding of Information Producer Identity">
<view name="AU_10-2_1_rmf"/>
<view name="AU_10-2_2_rmf"/>
<view name="AU_10-2_3_rmf"/>
<view name="AU_10-2_4_rmf"/>
</collection>
<collection label="AU-10(3) - Non-repudiation | Chain of Custody">
<view name="AU_10-3_1_rmf"/>
</collection>
<collection label="AU-10(4) - Non-repudiation | Validate Binding of Information Reviewer Identity">
<view name="AU_10-4_1_rmf"/>
<view name="AU_10-4_2_rmf"/>
<view name="AU_10-4_3_rmf"/>
<view name="AU_10-4_4_rmf"/>
</collection>
</collection>
<collection label="AU-10 - Non-repudiation">
<collection label="AU-10 - Non-repudiation">
<view name="AU_10_1_rmf"/>
<view name="AU_10_2_rmf"/>
</collection>
<collection label="AU-11(1) - Audit Record Retention | Long-term Retrieval Capability">
<view name="AU_11-1_1_rmf"/>
<view name="AU_11-1_2_rmf"/>
</collection>
</collection>
<collection label="AU-11 - Audit Record Retention">
<collection label="AU-11 - Audit Record Retention">
<view name="AU_11_1_rmf"/>
<view name="AU_11_2_rmf"/>
</collection>
<collection label="AU-12(1) - Audit Record Generation | System-wide and Time-correlated Audit Trail">
<view name="AU_12-1_1_rmf"/>
<view name="AU_12-1_2_rmf"/>
<view name="AU_12-1_3_rmf"/>
</collection>
<collection label="AU-12(2) - Audit Record Generation | Standardized Formats">
<view name="AU_12-2_1_rmf"/>
</collection>
<collection label="AU-12(3) - Audit Record Generation | Changes by Authorized Individuals">
<view name="AU_12-3_1_rmf"/>
<view name="AU_12-3_2_rmf"/>
<view name="AU_12-3_3_rmf"/>
<view name="AU_12-3_4_rmf"/>
<view name="AU_12-3_5_rmf"/>
</collection>
</collection>
<collection label="AU-12 - Audit Record Generation">
<collection label="AU-12 - Audit Record Generation">
<view name="AU_12_1_rmf"/>
<view name="AU_12_2_rmf"/>
<view name="AU_12_3_rmf"/>
<view name="AU_12_4_rmf"/>
<view name="AU_12_5_rmf"/>
</collection>
<collection label="AU-13(1) - Monitoring for Information Disclosure | Use of Automated Tools">
<view name="AU_13-1_1_rmf"/>
</collection>
<collection label="AU-13(2) - Monitoring for Information Disclosure | Review of Monitored Sites">
<view name="AU_13-2_1_rmf"/>
<view name="AU_13-2_2_rmf"/>
</collection>
</collection>
<collection label="AU-13 - Monitoring for Information Disclosure">
<collection label="AU-13 - Monitoring for Information Disclosure">
<view name="AU_13_1_rmf"/>
<view name="AU_13_2_rmf"/>
<view name="AU_13_3_rmf"/>
</collection>
<collection label="AU-14(1) - Session Audit | System Start-up">
<view name="AU_14-1_1_rmf"/>
</collection>
<collection label="AU-14(2) - Session Audit | Capture and Record Content">
<view name="AU_14-2_1_rmf"/>
</collection>
<collection label="AU-14(3) - Session Audit | Remote Viewing and Listening">
<view name="AU_14-3_1_rmf"/>
</collection>
</collection>
<collection label="AU-14 - Session Audit">
<collection label="AU-14 - Session Audit">
<view name="AU_14_1_rmf"/>
</collection>
</collection>
<collection label="AU-15 - Alternate Audit Logging Capability">
<collection label="AU-15 - Alternate Audit Logging Capability">
<view name="AU_15_1_rmf"/>
<view name="AU_15_2_rmf"/>
</collection>
<collection label="AU-16(1) - Cross-organizational Audit Logging | Identity Preservation">
<view name="AU_16-1_1_rmf"/>
</collection>
<collection label="AU-16(2) - Cross-organizational Audit Logging | Sharing of Audit Information">
<view name="AU_16-2_1_rmf"/>
<view name="AU_16-2_2_rmf"/>
<view name="AU_16-2_3_rmf"/>
</collection>
</collection>
<collection label="AU-16 - Cross-organizational Audit Logging">
<collection label="AU-16 - Cross-organizational Audit Logging">
<view name="AU_16_1_rmf"/>
<view name="AU_16_2_rmf"/>
<view name="AU_16_3_rmf"/>
</collection>
</collection>
</collection>
<collection label="Awareness and Training">
<collection label="AT-1 - Policy and Procedures">
<collection label="AT-1 - Policy and Procedures">
<view name="AT_1_1_rmf"/>
<view name="AT_1_2_rmf"/>
<view name="AT_1_3_rmf"/>
<view name="AT_1_4_rmf"/>
<view name="AT_1_5_rmf"/>
<view name="AT_1_6_rmf"/>
<view name="AT_1_7_rmf"/>
<view name="AT_1_8_rmf"/>
<view name="AT_1_9_rmf"/>
<view name="AT_1_10_rmf"/>
</collection>
</collection>
<collection label="AT-2 - Literacy Training and Awareness">
<collection label="AT-2 - Literacy Training and Awareness">
<view name="AT_2_1_rmf"/>
<view name="AT_2_2_rmf"/>
<view name="AT_2_3_rmf"/>
<view name="AT_2_4_rmf"/>
</collection>
<collection label="AT-2(1) - Literacy Training and Awareness | Practical Exercises">
<view name="AT_2-1_1_rmf"/>
</collection>
<collection label="AT-2(2) - Literacy Training and Awareness | Insider Threat">
<view name="AT_2-2_1_rmf"/>
</collection>
</collection>
<collection label="AT-3 - Role-based Training">
<collection label="AT-3 - Role-based Training">
<view name="AT_3_1_rmf"/>
<view name="AT_3_2_rmf"/>
<view name="AT_3_3_rmf"/>
<view name="AT_3_4_rmf"/>
</collection>
<collection label="AT-3(1) - Role-based Training | Environmental Controls">
<view name="AT_3-1_1_rmf"/>
<view name="AT_3-1_2_rmf"/>
<view name="AT_3-1_3_rmf"/>
<view name="AT_3-1_4_rmf"/>
</collection>
<collection label="AT-3(2) - Role-based Training | Physical Security Controls">
<view name="AT_3-2_1_rmf"/>
<view name="AT_3-2_2_rmf"/>
<view name="AT_3-2_3_rmf"/>
<view name="AT_3-2_4_rmf"/>
</collection>
<collection label="AT-3(3) - Role-based Training | Practical Exercises">
<view name="AT_3-3_1_rmf"/>
</collection>
<collection label="AT-3(4) - Role-based Training | Suspicious Communications and Anomalous System Behavior">
<view name="AT_3-4_1_rmf"/>
<view name="AT_3-4_2_rmf"/>
</collection>
</collection>
<collection label="AT-4 - Training Records">
<collection label="AT-4 - Training Records">
<view name="AT_4_1_rmf"/>
<view name="AT_4_2_rmf"/>
<view name="AT_4_3_rmf"/>
<view name="AT_4_4_rmf"/>
</collection>
</collection>
</collection>
<collection label="Configuration Management">
<collection label="CM-1 - Policy and Procedures">
<collection label="CM-1 - Policy and Procedures">
<view name="CM_1_1_rmf"/>
<view name="CM_1_2_rmf"/>
<view name="CM_1_3_rmf"/>
<view name="CM_1_4_rmf"/>
<view name="CM_1_5_rmf"/>
<view name="CM_1_6_rmf"/>
<view name="CM_1_7_rmf"/>
<view name="CM_1_8_rmf"/>
<view name="CM_1_9_rmf"/>
<view name="CM_1_10_rmf"/>
</collection>
</collection>
<collection label="CM-2 - Baseline Configuration">
<collection label="CM-2 - Baseline Configuration">
<view name="CM_2_1_rmf"/>
<view name="CM_2_2_rmf"/>
</collection>
<collection label="CM-2(1) - Baseline Configuration | Reviews and Updates">
<view name="CM_2-1_1_rmf"/>
<view name="CM_2-1_2_rmf"/>
<view name="CM_2-1_3_rmf"/>
<view name="CM_2-1_4_rmf"/>
<view name="CM_2-1_5_rmf"/>
<view name="CM_2-1_6_rmf"/>
</collection>
<collection label="CM-2(2) - Baseline Configuration | Automation Support for Accuracy and Currency">
<view name="CM_2-2_1_rmf"/>
<view name="CM_2-2_2_rmf"/>
<view name="CM_2-2_3_rmf"/>
<view name="CM_2-2_4_rmf"/>
</collection>
<collection label="CM-2(3) - Baseline Configuration | Retention of Previous Configurations">
<view name="CM_2-3_1_rmf"/>
<view name="CM_2-3_2_rmf"/>
</collection>
<collection label="CM-2(6) - Baseline Configuration | Development and Test Environments">
<view name="CM_2-6_1_rmf"/>
<view name="CM_2-6_2_rmf"/>
</collection>
<collection label="CM-2(7) - Baseline Configuration | Configure Systems and Components for High-risk Areas">
<view name="CM_2-7_1_rmf"/>
<view name="CM_2-7_2_rmf"/>
<view name="CM_2-7_3_rmf"/>
<view name="CM_2-7_4_rmf"/>
<view name="CM_2-7_5_rmf"/>
</collection>
</collection>
<collection label="CM-3 - Configuration Change Control">
<collection label="CM-3 - Configuration Change Control">
<view name="CM_3_1_rmf"/>
<view name="CM_3_2_rmf"/>
<view name="CM_3_3_rmf"/>
<view name="CM_3_4_rmf"/>
<view name="CM_3_5_rmf"/>
<view name="CM_3_6_rmf"/>
<view name="CM_3_7_rmf"/>
<view name="CM_3_8_rmf"/>
<view name="CM_3_9_rmf"/>
<view name="CM_3_10_rmf"/>
<view name="CM_3_11_rmf"/>
<view name="CM_3_12_rmf"/>
</collection>
<collection label="CM-3(1) - Configuration Change Control | Automated Documentation, Notification, and Prohibition of Changes">
<view name="CM_3-1_1_rmf"/>
<view name="CM_3-1_2_rmf"/>
<view name="CM_3-1_3_rmf"/>
<view name="CM_3-1_4_rmf"/>
<view name="CM_3-1_5_rmf"/>
<view name="CM_3-1_6_rmf"/>
<view name="CM_3-1_7_rmf"/>
<view name="CM_3-1_8_rmf"/>
<view name="CM_3-1_9_rmf"/>
</collection>
<collection label="CM-3(2) - Configuration Change Control | Testing, Validation, and Documentation of Changes">
<view name="CM_3-2_1_rmf"/>
<view name="CM_3-2_2_rmf"/>
<view name="CM_3-2_3_rmf"/>
</collection>
<collection label="CM-3(3) - Configuration Change Control | Automated Change Implementation">
<view name="CM_3-3_1_rmf"/>
<view name="CM_3-3_2_rmf"/>
</collection>
<collection label="CM-3(4) - Configuration Change Control | Security and Privacy Representatives">
<view name="CM_3-4_1_rmf"/>
</collection>
<collection label="CM-3(5) - Configuration Change Control | Automated Security Response">
<view name="CM_3-5_1_rmf"/>
<view name="CM_3-5_2_rmf"/>
</collection>
<collection label="CM-3(6) - Configuration Change Control | Cryptography Management">
<view name="CM_3-6_1_rmf"/>
<view name="CM_3-6_2_rmf"/>
</collection>
</collection>
<collection label="CM-4 - Impact Analyses">
<collection label="CM-4 - Impact Analyses">
<view name="CM_4_1_rmf"/>
</collection>
<collection label="CM-4(1) - Impact Analyses | Separate Test Environments">
<view name="CM_4-1_1_rmf"/>
<view name="CM_4-1_2_rmf"/>
</collection>
<collection label="CM-4(2) - Impact Analyses | Verification of Controls">
<view name="CM_4-2_1_rmf"/>
<view name="CM_4-2_2_rmf"/>
<view name="CM_4-2_3_rmf"/>
</collection>
</collection>
<collection label="CM-5 - Access Restrictions for Change">
<collection label="CM-5 - Access Restrictions for Change">
<view name="CM_5_1_rmf"/>
<view name="CM_5_2_rmf"/>
<view name="CM_5_3_rmf"/>
<view name="CM_5_4_rmf"/>
<view name="CM_5_5_rmf"/>
<view name="CM_5_6_rmf"/>
<view name="CM_5_7_rmf"/>
<view name="CM_5_8_rmf"/>
</collection>
<collection label="CM-5(1) - Access Restrictions for Change | Automated Access Enforcement and Audit Records">
<view name="CM_5-1_1_rmf"/>
<view name="CM_5-1_2_rmf"/>
</collection>
<collection label="CM-5(2) - Access Restrictions for Change | Review System Changes">
<view name="CM_5-2_1_rmf"/>
<view name="CM_5-2_2_rmf"/>
<view name="CM_5-2_3_rmf"/>
<view name="CM_5-2_4_rmf"/>
</collection>
<collection label="CM-5(3) - Access Restrictions for Change | Signed Components">
<view name="CM_5-3_1_rmf"/>
<view name="CM_5-3_2_rmf"/>
<view name="CM_5-3_3_rmf"/>
<view name="CM_5-3_4_rmf"/>
</collection>
<collection label="CM-5(4) - Access Restrictions for Change | Dual Authorization">
<view name="CM_5-4_1_rmf"/>
<view name="CM_5-4_2_rmf"/>
<view name="CM_5-4_3_rmf"/>
<view name="CM_5-4_4_rmf"/>
</collection>
<collection label="CM-5(5) - Access Restrictions for Change | Privilege Limitation for Production and Operation">
<view name="CM_5-5_1_rmf"/>
<view name="CM_5-5_2_rmf"/>
<view name="CM_5-5_3_rmf"/>
<view name="CM_5-5_4_rmf"/>
<view name="CM_5-5_5_rmf"/>
<view name="CM_5-5_6_rmf"/>
</collection>
<collection label="CM-5(6) - Access Restrictions for Change | Limit Library Privileges">
<view name="CM_5-6_1_rmf"/>
</collection>
</collection>
<collection label="CM-6 - Configuration Settings">
<collection label="CM-6 - Configuration Settings">
<view name="CM_6_1_rmf"/>
<view name="CM_6_2_rmf"/>
<view name="CM_6_3_rmf"/>
<view name="CM_6_4_rmf"/>
<view name="CM_6_5_rmf"/>
<view name="CM_6_6_rmf"/>
<view name="CM_6_7_rmf"/>
<view name="CM_6_8_rmf"/>
<view name="CM_6_9_rmf"/>
<view name="CM_6_10_rmf"/>
<view name="CM_6_11_rmf"/>
<view name="CM_6_12_rmf"/>
</collection>
<collection label="CM-6(1) - Configuration Settings | Automated Management, Application, and Verification">
<view name="CM_6-1_1_rmf"/>
<view name="CM_6-1_2_rmf"/>
<view name="CM_6-1_3_rmf"/>
<view name="CM_6-1_4_rmf"/>
</collection>
<collection label="CM-6(2) - Configuration Settings | Respond to Unauthorized Changes">
<view name="CM_6-2_1_rmf"/>
<view name="CM_6-2_2_rmf"/>
<view name="CM_6-2_3_rmf"/>
</collection>
</collection>
<collection label="CM-7 - Least Functionality">
<collection label="CM-7 - Least Functionality">
<view name="CM_7_1_rmf"/>
<view name="CM_7_2_rmf"/>
<view name="CM_7_3_rmf"/>
</collection>
<collection label="CM-7(1) - Least Functionality | Periodic Review">
<view name="CM_7-1_1_rmf"/>
<view name="CM_7-1_2_rmf"/>
<view name="CM_7-1_3_rmf"/>
<view name="CM_7-1_4_rmf"/>
</collection>
<collection label="CM-7(2) - Least Functionality | Prevent Program Execution">
<view name="CM_7-2_1_rmf"/>
<view name="CM_7-2_2_rmf"/>
<view name="CM_7-2_3_rmf"/>
</collection>
<collection label="CM-7(3) - Least Functionality | Registration Compliance">
<view name="CM_7-3_1_rmf"/>
<view name="CM_7-3_2_rmf"/>
</collection>
<collection label="CM-7(4) - Least Functionality | Unauthorized Software ? Deny-by-exception">
<view name="CM_7-4_1_rmf"/>
<view name="CM_7-4_2_rmf"/>
<view name="CM_7-4_3_rmf"/>
<view name="CM_7-4_4_rmf"/>
<view name="CM_7-4_5_rmf"/>
</collection>
<collection label="CM-7(5) - Least Functionality | Authorized Software ? Allow-by-exception">
<view name="CM_7-5_1_rmf"/>
<view name="CM_7-5_2_rmf"/>
<view name="CM_7-5_3_rmf"/>
<view name="CM_7-5_4_rmf"/>
<view name="CM_7-5_5_rmf"/>
</collection>
</collection>
<collection label="CM-8 - System Component Inventory">
<collection label="CM-8 - System Component Inventory">
<view name="CM_8_1_rmf"/>
<view name="CM_8_2_rmf"/>
<view name="CM_8_3_rmf"/>
<view name="CM_8_4_rmf"/>
<view name="CM_8_5_rmf"/>
<view name="CM_8_6_rmf"/>
<view name="CM_8_7_rmf"/>
</collection>
<collection label="CM-8(1) - System Component Inventory | Updates During Installation and Removal">
<view name="CM_8-1_1_rmf"/>
<view name="CM_8-1_2_rmf"/>
<view name="CM_8-1_3_rmf"/>
</collection>
<collection label="CM-8(2) - System Component Inventory | Automated Maintenance">
<view name="CM_8-2_1_rmf"/>
<view name="CM_8-2_2_rmf"/>
<view name="CM_8-2_3_rmf"/>
<view name="CM_8-2_4_rmf"/>
</collection>
<collection label="CM-8(3) - System Component Inventory | Automated Unauthorized Component Detection">
<view name="CM_8-3_1_rmf"/>
<view name="CM_8-3_2_rmf"/>
<view name="CM_8-3_3_rmf"/>
<view name="CM_8-3_4_rmf"/>
</collection>
<collection label="CM-8(4) - System Component Inventory | Accountability Information">
<view name="CM_8-4_1_rmf"/>
</collection>
<collection label="CM-8(5) - System Component Inventory | No Duplicate Accounting of Components">
<view name="CM_8-5_1_rmf"/>
</collection>
<collection label="CM-8(6) - System Component Inventory | Assessed Configurations and Approved Deviations">
<view name="CM_8-6_1_rmf"/>
</collection>
<collection label="CM-8(7) - System Component Inventory | Centralized Repository">
<view name="CM_8-7_1_rmf"/>
</collection>
<collection label="CM-8(8) - System Component Inventory | Automated Location Tracking">
<view name="CM_8-8_1_rmf"/>
</collection>
<collection label="CM-8(9) - System Component Inventory | Assignment of Components to Systems">
<view name="CM_8-9_1_rmf"/>
<view name="CM_8-9_2_rmf"/>
<view name="CM_8-9_3_rmf"/>
</collection>
</collection>
<collection label="CM-9 - Configuration Management Plan">
<collection label="CM-9 - Configuration Management Plan">
<view name="CM_9_1_rmf"/>
<view name="CM_9_2_rmf"/>
<view name="CM_9_3_rmf"/>
<view name="CM_9_4_rmf"/>
<view name="CM_9_5_rmf"/>
<view name="CM_9_6_rmf"/>
<view name="CM_9_7_rmf"/>
<view name="CM_9_8_rmf"/>
<view name="CM_9_9_rmf"/>
<view name="CM_9_10_rmf"/>
<view name="CM_9_11_rmf"/>
<view name="CM_9_12_rmf"/>
</collection>
<collection label="CM-9(1) - Configuration Management Plan | Assignment of Responsibility">
<view name="CM_9-1_1_rmf"/>
</collection>
<collection label="CM-10(1) - Software Usage Restrictions | Open-source Software">
<view name="CM_10-1_1_rmf"/>
<view name="CM_10-1_2_rmf"/>
</collection>
</collection>
<collection label="CM-10 - Software Usage Restrictions">
<collection label="CM-10 - Software Usage Restrictions">
<view name="CM_10_1_rmf"/>
<view name="CM_10_2_rmf"/>
<view name="CM_10_3_rmf"/>
<view name="CM_10_4_rmf"/>
<view name="CM_10_5_rmf"/>
<view name="CM_10_6_rmf"/>
<view name="CM_10_7_rmf"/>
<view name="CM_10_8_rmf"/>
<view name="CM_10_9_rmf"/>
<view name="CM_10_10_rmf"/>
</collection>
<collection label="CM-11(1) - User-installed Software | Alerts for Unauthorized Installations">
<view name="CM_11-1_1_rmf"/>
<view name="CM_11-1_2_rmf"/>
</collection>
<collection label="CM-11(2) - User-installed Software | Software Installation with Privileged Status">
<view name="CM_11-2_1_rmf"/>
</collection>
</collection>
<collection label="CM-11 - User-installed Software">
<collection label="CM-11 - User-installed Software">
<view name="CM_11_1_rmf"/>
<view name="CM_11_2_rmf"/>
<view name="CM_11_3_rmf"/>
<view name="CM_11_4_rmf"/>
<view name="CM_11_5_rmf"/>
<view name="CM_11_6_rmf"/>
</collection>
</collection>
</collection>
<collection label="Contingency Planning">
<collection label="CP-1 - Policy and Procedures">
<collection label="CP-1 - Policy and Procedures">
<view name="CP_1_1_rmf"/>
<view name="CP_1_2_rmf"/>
<view name="CP_1_3_rmf"/>
<view name="CP_1_4_rmf"/>
<view name="CP_1_5_rmf"/>
<view name="CP_1_6_rmf"/>
<view name="CP_1_7_rmf"/>
<view name="CP_1_8_rmf"/>
<view name="CP_1_9_rmf"/>
<view name="CP_1_10_rmf"/>
</collection>
</collection>
<collection label="CP-2 - Contingency Plan">
<collection label="CP-2 - Contingency Plan">
<view name="CP_2_1_rmf"/>
<view name="CP_2_2_rmf"/>
<view name="CP_2_3_rmf"/>
<view name="CP_2_4_rmf"/>
<view name="CP_2_5_rmf"/>
<view name="CP_2_6_rmf"/>
<view name="CP_2_7_rmf"/>
<view name="CP_2_8_rmf"/>
<view name="CP_2_9_rmf"/>
<view name="CP_2_10_rmf"/>
<view name="CP_2_11_rmf"/>
<view name="CP_2_12_rmf"/>
<view name="CP_2_13_rmf"/>
<view name="CP_2_14_rmf"/>
<view name="CP_2_15_rmf"/>
<view name="CP_2_16_rmf"/>
<view name="CP_2_17_rmf"/>
<view name="CP_2_18_rmf"/>
<view name="CP_2_19_rmf"/>
<view name="CP_2_20_rmf"/>
<view name="CP_2_21_rmf"/>
<view name="CP_2_22_rmf"/>
<view name="CP_2_23_rmf"/>
<view name="CP_2_24_rmf"/>
<view name="CP_2_25_rmf"/>
<view name="CP_2_26_rmf"/>
<view name="CP_2_27_rmf"/>
<view name="CP_2_28_rmf"/>
</collection>
<collection label="CP-2(1) - Contingency Plan | Coordinate with Related Plans">
<view name="CP_2-1_1_rmf"/>
</collection>
<collection label="CP-2(2) - Contingency Plan | Capacity Planning">
<view name="CP_2-2_1_rmf"/>
<view name="CP_2-2_2_rmf"/>
<view name="CP_2-2_3_rmf"/>
</collection>
<collection label="CP-2(3) - Contingency Plan | Resume Mission and Business Functions">
<view name="CP_2-3_1_rmf"/>
<view name="CP_2-3_2_rmf"/>
<view name="CP_2-3_3_rmf"/>
<view name="CP_2-3_4_rmf"/>
</collection>
<collection label="CP-2(4) - Contingency Plan | Resume All Mission and Business Functions">
<view name="CP_2-4_1_rmf"/>
<view name="CP_2-4_2_rmf"/>
<view name="CP_2-4_3_rmf"/>
<view name="CP_2-4_4_rmf"/>
</collection>
<collection label="CP-2(5) - Contingency Plan | Continue Mission and Business Functions">
<view name="CP_2-5_1_rmf"/>
<view name="CP_2-5_2_rmf"/>
<view name="CP_2-5_3_rmf"/>
<view name="CP_2-5_4_rmf"/>
</collection>
<collection label="CP-2(6) - Contingency Plan | Alternate Processing and Storage Sites">
<view name="CP_2-6_1_rmf"/>
<view name="CP_2-6_2_rmf"/>
<view name="CP_2-6_3_rmf"/>
<view name="CP_2-6_4_rmf"/>
</collection>
<collection label="CP-2(7) - Contingency Plan | Coordinate with External Service Providers">
<view name="CP_2-7_1_rmf"/>
</collection>
<collection label="CP-2(8) - Contingency Plan | Identify Critical Assets">
<view name="CP_2-8_1_rmf"/>
<view name="CP_2-8_2_rmf"/>
</collection>
</collection>
<collection label="CP-3 - Contingency Training">
<collection label="CP-3 - Contingency Training">
<view name="CP_3_1_rmf"/>
<view name="CP_3_2_rmf"/>
<view name="CP_3_3_rmf"/>
<view name="CP_3_4_rmf"/>
<view name="CP_3_5_rmf"/>
</collection>
<collection label="CP-3(1) - Contingency Training | Simulated Events">
<view name="CP_3-1_1_rmf"/>
</collection>
<collection label="CP-3(2) - Contingency Training | Mechanisms Used in Training Environments">
<view name="CP_3-2_1_rmf"/>
</collection>
</collection>
<collection label="CP-4 - Contingency Plan Testing">
<collection label="CP-4 - Contingency Plan Testing">
<view name="CP_4_1_rmf"/>
<view name="CP_4_2_rmf"/>
<view name="CP_4_3_rmf"/>
<view name="CP_4_4_rmf"/>
<view name="CP_4_5_rmf"/>
</collection>
<collection label="CP-4(1) - Contingency Plan Testing | Coordinate with Related Plans">
<view name="CP_4-1_1_rmf"/>
</collection>
<collection label="CP-4(2) - Contingency Plan Testing | Alternate Processing Site">
<view name="CP_4-2_1_rmf"/>
<view name="CP_4-2_2_rmf"/>
</collection>
<collection label="CP-4(3) - Contingency Plan Testing | Automated Testing">
<view name="CP_4-3_1_rmf"/>
</collection>
<collection label="CP-4(4) - Contingency Plan Testing | Full Recovery and Reconstitution">
<view name="CP_4-4_1_rmf"/>
</collection>
</collection>
<collection label="CP-6 - Alternate Storage Site">
<collection label="CP-6 - Alternate Storage Site">
<view name="CP_6_1_rmf"/>
<view name="CP_6_2_rmf"/>
</collection>
<collection label="CP-6(1) - Alternate Storage Site | Separation from Primary Site">
<view name="CP_6-1_1_rmf"/>
</collection>
<collection label="CP-6(2) - Alternate Storage Site | Recovery Time and Recovery Point Objectives">
<view name="CP_6-2_1_rmf"/>
</collection>
<collection label="CP-6(3) - Alternate Storage Site | Accessibility">
<view name="CP_6-3_1_rmf"/>
<view name="CP_6-3_2_rmf"/>
</collection>
</collection>
<collection label="CP-7 - Alternate Processing Site">
<collection label="CP-7 - Alternate Processing Site">
<view name="CP_7_1_rmf"/>
<view name="CP_7_2_rmf"/>
<view name="CP_7_3_rmf"/>
<view name="CP_7_4_rmf"/>
<view name="CP_7_5_rmf"/>
<view name="CP_7_6_rmf"/>
</collection>
<collection label="CP-7(1) - Alternate Processing Site | Separation from Primary Site">
<view name="CP_7-1_1_rmf"/>
</collection>
<collection label="CP-7(2) - Alternate Processing Site | Accessibility">
<view name="CP_7-2_1_rmf"/>
<view name="CP_7-2_2_rmf"/>
</collection>
<collection label="CP-7(3) - Alternate Processing Site | Priority of Service">
<view name="CP_7-3_1_rmf"/>
</collection>
<collection label="CP-7(4) - Alternate Processing Site | Preparation for Use">
<view name="CP_7-4_1_rmf"/>
<view name="CP_7-4_2_rmf"/>
</collection>
<collection label="CP-7(6) - Alternate Processing Site | Inability to Return to Primary Site">
<view name="CP_7-6_1_rmf"/>
<view name="CP_7-6_2_rmf"/>
</collection>
</collection>
<collection label="CP-8 - Telecommunications Services">
<collection label="CP-8 - Telecommunications Services">
<view name="CP_8_1_rmf"/>
<view name="CP_8_2_rmf"/>
<view name="CP_8_3_rmf"/>
<view name="CP_8_4_rmf"/>
<view name="CP_8_5_rmf"/>
<view name="CP_8_6_rmf"/>
</collection>
<collection label="CP-8(1) - Telecommunications Services | Priority of Service Provisions">
<view name="CP_8-1_1_rmf"/>
<view name="CP_8-1_2_rmf"/>
<view name="CP_8-1_3_rmf"/>
<view name="CP_8-1_4_rmf"/>
</collection>
<collection label="CP-8(2) - Telecommunications Services | Single Points of Failure">
<view name="CP_8-2_1_rmf"/>
</collection>
<collection label="CP-8(3) - Telecommunications Services | Separation of Primary and Alternate Providers">
<view name="CP_8-3_1_rmf"/>
</collection>
<collection label="CP-8(4) - Telecommunications Services | Provider Contingency Plan">
<view name="CP_8-4_1_rmf"/>
<view name="CP_8-4_2_rmf"/>
<view name="CP_8-4_3_rmf"/>
<view name="CP_8-4_4_rmf"/>
<view name="CP_8-4_5_rmf"/>
<view name="CP_8-4_6_rmf"/>
<view name="CP_8-4_7_rmf"/>
</collection>
<collection label="CP-8(5) - Telecommunications Services | Alternate Telecommunication Service Testing">
<view name="CP_8-5_1_rmf"/>
<view name="CP_8-5_2_rmf"/>
</collection>
</collection>
<collection label="CP-9 - System Backup">
<collection label="CP-9 - System Backup">
<view name="CP_9_1_rmf"/>
<view name="CP_9_2_rmf"/>
<view name="CP_9_3_rmf"/>
<view name="CP_9_4_rmf"/>
<view name="CP_9_5_rmf"/>
<view name="CP_9_6_rmf"/>
<view name="CP_9_7_rmf"/>
</collection>
<collection label="CP-9(1) - System Backup | Testing for Reliability and Integrity">
<view name="CP_9-1_1_rmf"/>
<view name="CP_9-1_2_rmf"/>
</collection>
<collection label="CP-9(2) - System Backup | Test Restoration Using Sampling">
<view name="CP_9-2_1_rmf"/>
</collection>
<collection label="CP-9(3) - System Backup | Separate Storage for Critical Information">
<view name="CP_9-3_1_rmf"/>
<view name="CP_9-3_2_rmf"/>
</collection>
<collection label="CP-9(5) - System Backup | Transfer to Alternate Storage Site">
<view name="CP_9-5_1_rmf"/>
<view name="CP_9-5_2_rmf"/>
</collection>
<collection label="CP-9(6) - System Backup | Redundant Secondary System">
<view name="CP_9-6_1_rmf"/>
<view name="CP_9-6_2_rmf"/>
</collection>
<collection label="CP-9(7) - System Backup | Dual Authorization for Deletion or Destruction">
<view name="CP_9-7_1_rmf"/>
<view name="CP_9-7_2_rmf"/>
</collection>
<collection label="CP-10(2) - System Recovery and Reconstitution | Transaction Recovery">
<view name="CP_10-2_1_rmf"/>
</collection>
<collection label="CP-10(4) - System Recovery and Reconstitution | Restore Within Time Period">
<view name="CP_10-4_1_rmf"/>
<view name="CP_10-4_2_rmf"/>
</collection>
<collection label="CP-10(6) - System Recovery and Reconstitution | Component Protection">
<view name="CP_10-6_1_rmf"/>
<view name="CP_10-6_2_rmf"/>
<view name="CP_10-6_3_rmf"/>
</collection>
</collection>
<collection label="CP-10 - System Recovery and Reconstitution">
<collection label="CP-10 - System Recovery and Reconstitution">
<view name="CP_10_1_rmf"/>
<view name="CP_10_2_rmf"/>
<view name="CP_10_3_rmf"/>
</collection>
</collection>
<collection label="CP-11 - Alternate Communications Protocols">
<collection label="CP-11 - Alternate Communications Protocols">
<view name="CP_11_1_rmf"/>
<view name="CP_11_2_rmf"/>
</collection>
</collection>
<collection label="CP-12 - Safe Mode">
<collection label="CP-12 - Safe Mode">
<view name="CP_12_1_rmf"/>
<view name="CP_12_2_rmf"/>
<view name="CP_12_3_rmf"/>
</collection>
</collection>
<collection label="CP-13 - Alternative Security Mechanisms">
<collection label="CP-13 - Alternative Security Mechanisms">
<view name="CP_13_1_rmf"/>
<view name="CP_13_2_rmf"/>
<view name="CP_13_3_rmf"/>
</collection>
</collection>
</collection>
<collection label="Identification and Authentication">
<collection label="IA-1 - Policy and Procedures">
<collection label="IA-1 - Policy and Procedures">
<view name="IA_1_1_rmf"/>
<view name="IA_1_2_rmf"/>
<view name="IA_1_3_rmf"/>
<view name="IA_1_4_rmf"/>
<view name="IA_1_5_rmf"/>
<view name="IA_1_6_rmf"/>
<view name="IA_1_7_rmf"/>
<view name="IA_1_8_rmf"/>
<view name="IA_1_9_rmf"/>
</collection>
</collection>
<collection label="IA-2 - Identification and Authentication (Organizational Users)">
<collection label="IA-2 - Identification and Authentication (Organizational Users)">
<view name="IA_2_1_rmf"/>
</collection>
<collection label="IA-2(1) - Identification and Authentication (Organizational Users) | Multi-factor Authentication to Privileged Accounts">
<view name="IA_2-1_1_rmf"/>
</collection>
<collection label="IA-2(10) - Identification and Authentication (Organizational Users) | Single Sign-on">
<view name="IA_2-10_1_rmf"/>
<view name="IA_2-10_2_rmf"/>
<view name="IA_2-10_3_rmf"/>
<view name="IA_2-10_4_rmf"/>
</collection>
<collection label="IA-2(11) - Identification and Authentication (Organizational Users) | Remote Access ? Separate Device">
<view name="IA_2-11_1_rmf"/>
<view name="IA_2-11_2_rmf"/>
<view name="IA_2-11_3_rmf"/>
<view name="IA_2-11_4_rmf"/>
<view name="IA_2-11_5_rmf"/>
<view name="IA_2-11_6_rmf"/>
</collection>
<collection label="IA-2(12) - Identification and Authentication (Organizational Users) | Acceptance of PIV Credentials">
<view name="IA_2-12_1_rmf"/>
<view name="IA_2-12_2_rmf"/>
</collection>
<collection label="IA-2(13) - Identification and Authentication (Organizational Users) | Out-of-band Authentication">
<view name="IA_2-13_1_rmf"/>
<view name="IA_2-13_2_rmf"/>
<view name="IA_2-13_3_rmf"/>
</collection>
<collection label="IA-2(2) - Identification and Authentication (Organizational Users) | Multi-factor Authentication to Non-privileged Accounts">
<view name="IA_2-2_1_rmf"/>
</collection>
<collection label="IA-2(3) - Identification and Authentication (Organizational Users) | Local Access to Privileged Accounts">
<view name="IA_2-3_1_rmf"/>
</collection>
<collection label="IA-2(4) - Identification and Authentication (Organizational Users) | Local Access to Non-privileged Accounts">
<view name="IA_2-4_1_rmf"/>
</collection>
<collection label="IA-2(5) - Identification and Authentication (Organizational Users) | Individual Authentication with Group Authentication">
<view name="IA_2-5_1_rmf"/>
</collection>
<collection label="IA-2(6) - Identification and Authentication (Organizational Users) | Access to Accounts ?separate Device">
<view name="IA_2-6_1_rmf"/>
<view name="IA_2-6_2_rmf"/>
<view name="IA_2-6_3_rmf"/>
</collection>
<collection label="IA-2(7) - Identification and Authentication (Organizational Users) | Network Access to Non-privileged Accounts ? Separate Device">
<view name="IA_2-7_1_rmf"/>
<view name="IA_2-7_2_rmf"/>
<view name="IA_2-7_3_rmf"/>
</collection>
<collection label="IA-2(8) - Identification and Authentication (Organizational Users) | Access to Accounts ? Replay Resistant">
<view name="IA_2-8_1_rmf"/>
</collection>
<collection label="IA-2(9) - Identification and Authentication (Organizational Users) | Network Access to Non-privileged Accounts ? Replay Resistant">
<view name="IA_2-9_1_rmf"/>
</collection>
</collection>
<collection label="IA-3 - Device Identification and Authentication">
<collection label="IA-3 - Device Identification and Authentication">
<view name="IA_3_1_rmf"/>
<view name="IA_3_2_rmf"/>
<view name="IA_3_3_rmf"/>
</collection>
<collection label="IA-3(1) - Device Identification and Authentication | Cryptographic Bidirectional Authentication">
<view name="IA_3-1_1_rmf"/>
<view name="IA_3-1_2_rmf"/>
</collection>
<collection label="IA-3(3) - Device Identification and Authentication | Dynamic Address Allocation">
<view name="IA_3-3_1_rmf"/>
<view name="IA_3-3_2_rmf"/>
<view name="IA_3-3_3_rmf"/>
<view name="IA_3-3_4_rmf"/>
<view name="IA_3-3_5_rmf"/>
</collection>
<collection label="IA-3(4) - Device Identification and Authentication | Device Attestation">
<view name="IA_3-4_1_rmf"/>
<view name="IA_3-4_2_rmf"/>
<view name="IA_3-4_3_rmf"/>
<view name="IA_3-4_4_rmf"/>
</collection>
</collection>
<collection label="IA-4 - Identifier Management">
<collection label="IA-4 - Identifier Management">
<view name="IA_4_1_rmf"/>
<view name="IA_4_2_rmf"/>
<view name="IA_4_3_rmf"/>
<view name="IA_4_4_rmf"/>
<view name="IA_4_5_rmf"/>
<view name="IA_4_6_rmf"/>
<view name="IA_4_7_rmf"/>
<view name="IA_4_8_rmf"/>
</collection>
<collection label="IA-4(1) - Identifier Management | Prohibit Account Identifiers as Public Identifiers">
<view name="IA_4-1_1_rmf"/>
</collection>
<collection label="IA-4(2) - Identifier Management | Supervisor Authorization">
<view name="IA_4-2_1_rmf"/>
</collection>
<collection label="IA-4(3) - Identifier Management | Multiple Forms of Certification">
<view name="IA_4-3_1_rmf"/>
</collection>
<collection label="IA-4(4) - Identifier Management | Identify User Status">
<view name="IA_4-4_1_rmf"/>
<view name="IA_4-4_2_rmf"/>
</collection>
<collection label="IA-4(5) - Identifier Management | Dynamic Management">
<view name="IA_4-5_1_rmf"/>
</collection>
<collection label="IA-4(6) - Identifier Management | Cross-organization Management">
<view name="IA_4-6_1_rmf"/>
<view name="IA_4-6_2_rmf"/>
</collection>
<collection label="IA-4(7) - Identifier Management | In-person Registration">
<view name="IA_4-7_1_rmf"/>
</collection>
</collection>
<collection label="IA-5 - Authenticator Management">
<collection label="IA-5 - Authenticator Management">
<view name="IA_5_1_rmf"/>
<view name="IA_5_2_rmf"/>
<view name="IA_5_3_rmf"/>
<view name="IA_5_4_rmf"/>
<view name="IA_5_5_rmf"/>
<view name="IA_5_6_rmf"/>
<view name="IA_5_7_rmf"/>
<view name="IA_5_8_rmf"/>
<view name="IA_5_9_rmf"/>
<view name="IA_5_10_rmf"/>
<view name="IA_5_11_rmf"/>
<view name="IA_5_12_rmf"/>
<view name="IA_5_13_rmf"/>
<view name="IA_5_14_rmf"/>
<view name="IA_5_15_rmf"/>
<view name="IA_5_16_rmf"/>
<view name="IA_5_17_rmf"/>
<view name="IA_5_18_rmf"/>
<view name="IA_5_19_rmf"/>
<view name="IA_5_20_rmf"/>
<view name="IA_5_21_rmf"/>
<view name="IA_5_22_rmf"/>
</collection>
<collection label="IA-5(1) - Authenticator Management | Password-based Authentication">
<view name="IA_5-1_1_rmf"/>
<view name="IA_5-1_2_rmf"/>
<view name="IA_5-1_3_rmf"/>
<view name="IA_5-1_4_rmf"/>
<view name="IA_5-1_5_rmf"/>
<view name="IA_5-1_6_rmf"/>
<view name="IA_5-1_7_rmf"/>
<view name="IA_5-1_8_rmf"/>
<view name="IA_5-1_9_rmf"/>
</collection>
<collection label="IA-5(10) - Authenticator Management | Dynamic Credential Binding">
<view name="IA_5-10_1_rmf"/>
</collection>
<collection label="IA-5(11) - Authenticator Management | Hardware Token-based Authentication">
<view name="IA_5-11_1_rmf"/>
<view name="IA_5-11_2_rmf"/>
</collection>
<collection label="IA-5(12) - Authenticator Management | Biometric Authentication Performance">
<view name="IA_5-12_1_rmf"/>
<view name="IA_5-12_2_rmf"/>
</collection>
<collection label="IA-5(13) - Authenticator Management | Expiration of Cached Authenticators">
<view name="IA_5-13_1_rmf"/>
<view name="IA_5-13_2_rmf"/>
</collection>
<collection label="IA-5(14) - Authenticator Management | Managing Content of PKI Trust Stores">
<view name="IA_5-14_1_rmf"/>
</collection>
<collection label="IA-5(15) - Authenticator Management | Gsa-approved Products and Services">
<view name="IA_5-15_1_rmf"/>
</collection>
<collection label="IA-5(2) - Authenticator Management | Public Key-based Authentication">
<view name="IA_5-2_1_rmf"/>
<view name="IA_5-2_2_rmf"/>
<view name="IA_5-2_3_rmf"/>
<view name="IA_5-2_4_rmf"/>
</collection>
<collection label="IA-5(3) - Authenticator Management | In-person or Trusted External Party Registration">
<view name="IA_5-3_1_rmf"/>
<view name="IA_5-3_2_rmf"/>
<view name="IA_5-3_3_rmf"/>
<view name="IA_5-3_4_rmf"/>
</collection>
<collection label="IA-5(4) - Authenticator Management | Automated Support for Password Strength Determination">
<view name="IA_5-4_1_rmf"/>
<view name="IA_5-4_2_rmf"/>
</collection>
<collection label="IA-5(5) - Authenticator Management | Change Authenticators Prior to Delivery">
<view name="IA_5-5_1_rmf"/>
</collection>
<collection label="IA-5(6) - Authenticator Management | Protection of Authenticators">
<view name="IA_5-6_1_rmf"/>
</collection>
<collection label="IA-5(7) - Authenticator Management | No Embedded Unencrypted Static Authenticators">
<view name="IA_5-7_1_rmf"/>
<view name="IA_5-7_2_rmf"/>
<view name="IA_5-7_3_rmf"/>
</collection>
<collection label="IA-5(8) - Authenticator Management | Multiple System Accounts">
<view name="IA_5-8_1_rmf"/>
<view name="IA_5-8_2_rmf"/>
</collection>
<collection label="IA-5(9) - Authenticator Management | Federated Credential Management">
<view name="IA_5-9_1_rmf"/>
<view name="IA_5-9_2_rmf"/>
<view name="IA_5-1_10_rmf"/>
<view name="IA_5-1_11_rmf"/>
<view name="IA_5-1_12_rmf"/>
<view name="IA_5-1_13_rmf"/>
<view name="IA_5-1_14_rmf"/>
<view name="IA_5-1_15_rmf"/>
<view name="IA_5-1_16_rmf"/>
<view name="IA_5-1_17_rmf"/>
<view name="IA_5-1_18_rmf"/>
<view name="IA_5-1_19_rmf"/>
<view name="IA_5-1_20_rmf"/>
</collection>
</collection>
<collection label="IA-6 - Authentication Feedback">
<collection label="IA-6 - Authentication Feedback">
<view name="IA_6_1_rmf"/>
</collection>
</collection>
<collection label="IA-7 - Cryptographic Module Authentication">
<collection label="IA-7 - Cryptographic Module Authentication">
<view name="IA_7_1_rmf"/>
</collection>
</collection>
<collection label="IA-8 - Identification and Authentication (Non-organizational Users)">
<collection label="IA-8 - Identification and Authentication (Non-organizational Users)">
<view name="IA_8_1_rmf"/>
</collection>
<collection label="IA-8(1) - Identification and Authentication (Non-organizational Users) | Acceptance of PIV Credentials from Other Agencies">
<view name="IA_8-1_1_rmf"/>
<view name="IA_8-1_2_rmf"/>
</collection>
<collection label="IA-8(2) - Identification and Authentication (Non-organizational Users) | Acceptance of External Authenticators">
<view name="IA_8-2_1_rmf"/>
</collection>
<collection label="IA-8(3) - Identification and Authentication (Non-organizational Users) | Use of Ficam-approved Products">
<view name="IA_8-3_1_rmf"/>
<view name="IA_8-3_2_rmf"/>
</collection>
<collection label="IA-8(4) - Identification and Authentication (Non-organizational Users) | Use of Defined Profiles">
<view name="IA_8-4_1_rmf"/>
</collection>
<collection label="IA-8(5) - Identification and Authentication (Non-organizational Users) | Acceptance of PIV-I Credentials">
<view name="IA_8-5_1_rmf"/>
<view name="IA_8-5_2_rmf"/>
</collection>
</collection>
<collection label="IA-9 - Service Identification and Authentication">
<collection label="IA-9 - Service Identification and Authentication">
<view name="IA_9_1_rmf"/>
<view name="IA_9_2_rmf"/>
<view name="IA_9_3_rmf"/>
<view name="IA_9_4_rmf"/>
<view name="IA_9_5_rmf"/>
<view name="IA_9_6_rmf"/>
</collection>
<collection label="IA-9(1) - Service Identification and Authentication | Information Exchange">
<view name="IA_9-1_1_rmf"/>
<view name="IA_9-1_2_rmf"/>
<view name="IA_9-1_3_rmf"/>
<view name="IA_9-1_4_rmf"/>
<view name="IA_9-1_5_rmf"/>
<view name="IA_9-1_6_rmf"/>
</collection>
<collection label="IA-9(2) - Service Identification and Authentication | Transmission of Decisions">
<view name="IA_9-2_1_rmf"/>
<view name="IA_9-2_2_rmf"/>
<view name="IA_9-2_3_rmf"/>
<view name="IA_9-2_4_rmf"/>
</collection>
</collection>
<collection label="IA-10 - Adaptive Authentication">
<collection label="IA-10 - Adaptive Authentication">
<view name="IA_10_1_rmf"/>
<view name="IA_10_2_rmf"/>
<view name="IA_10_3_rmf"/>
</collection>
</collection>
<collection label="IA-11 - Re-authentication">
<collection label="IA-11 - Re-authentication">
<view name="IA_11_1_rmf"/>
<view name="IA_11_2_rmf"/>
<view name="IA_11_3_rmf"/>
<view name="IA_11_4_rmf"/>
</collection>
</collection>
</collection>
<collection label="Incident Response">
<collection label="IR-1 - Policy and Procedures">
<collection label="IR-1 - Policy and Procedures">
<view name="IR_1_1_rmf"/>
<view name="IR_1_2_rmf"/>
<view name="IR_1_3_rmf"/>
<view name="IR_1_4_rmf"/>
<view name="IR_1_5_rmf"/>
<view name="IR_1_6_rmf"/>
<view name="IR_1_7_rmf"/>
<view name="IR_1_8_rmf"/>
<view name="IR_1_9_rmf"/>
<view name="IR_1_10_rmf"/>
</collection>
</collection>
<collection label="IR-2 - Incident Response Training">
<collection label="IR-2 - Incident Response Training">
<view name="IR_2_1_rmf"/>
<view name="IR_2_2_rmf"/>
<view name="IR_2_3_rmf"/>
<view name="IR_2_4_rmf"/>
<view name="IR_2_5_rmf"/>
</collection>
<collection label="IR-2(1) - Incident Response Training | Simulated Events">
<view name="IR_2-1_1_rmf"/>
</collection>
<collection label="IR-2(2) - Incident Response Training | Automated Training Environments">
<view name="IR_2-2_1_rmf"/>
</collection>
</collection>
<collection label="IR-3 - Incident Response Testing">
<collection label="IR-3 - Incident Response Testing">
<view name="IR_3_1_rmf"/>
<view name="IR_3_2_rmf"/>
<view name="IR_3_3_rmf"/>
<view name="IR_3_4_rmf"/>
</collection>
<collection label="IR-3(1) - Incident Response Testing | Automated Testing">
<view name="IR_3-1_1_rmf"/>
</collection>
<collection label="IR-3(2) - Incident Response Testing | Coordination with Related Plans">
<view name="IR_3-2_1_rmf"/>
</collection>
</collection>
<collection label="IR-4 - Incident Handling">
<collection label="IR-4 - Incident Handling">
<view name="IR_4_1_rmf"/>
<view name="IR_4_2_rmf"/>
<view name="IR_4_3_rmf"/>
<view name="IR_4_4_rmf"/>
</collection>
<collection label="IR-4(1) - Incident Handling | Automated Incident Handling Processes">
<view name="IR_4-1_1_rmf"/>
</collection>
<collection label="IR-4(10) - Incident Handling | Supply Chain Coordination">
<view name="IR_4-10_1_rmf"/>
</collection>
<collection label="IR-4(2) - Incident Handling | Dynamic Reconfiguration">
<view name="IR_4-2_1_rmf"/>
<view name="IR_4-2_2_rmf"/>
</collection>
<collection label="IR-4(3) - Incident Handling | Continuity of Operations">
<view name="IR_4-3_1_rmf"/>
<view name="IR_4-3_2_rmf"/>
</collection>
<collection label="IR-4(4) - Incident Handling | Information Correlation">
<view name="IR_4-4_1_rmf"/>
</collection>
<collection label="IR-4(5) - Incident Handling | Automatic Disabling of System">
<view name="IR_4-5_1_rmf"/>
<view name="IR_4-5_2_rmf"/>
</collection>
<collection label="IR-4(6) - Incident Handling | Insider Threats">
<view name="IR_4-6_1_rmf"/>
</collection>
<collection label="IR-4(7) - Incident Handling | Insider Threats ? Intra-organization Coordination">
<view name="IR_4-7_1_rmf"/>
<view name="IR_4-7_2_rmf"/>
</collection>
<collection label="IR-4(8) - Incident Handling | Correlation with External Organizations">
<view name="IR_4-8_1_rmf"/>
<view name="IR_4-8_2_rmf"/>
<view name="IR_4-8_3_rmf"/>
</collection>
<collection label="IR-4(9) - Incident Handling | Dynamic Response Capability">
<view name="IR_4-9_1_rmf"/>
<view name="IR_4-9_2_rmf"/>
</collection>
</collection>
<collection label="IR-5 - Incident Monitoring">
<collection label="IR-5 - Incident Monitoring">
<view name="IR_5_1_rmf"/>
</collection>
<collection label="IR-5(1) - Incident Monitoring | Automated Tracking, Data Collection, and Analysis">
<view name="IR_5-1_1_rmf"/>
<view name="IR_5-1_2_rmf"/>
<view name="IR_5-1_3_rmf"/>
</collection>
</collection>
<collection label="IR-6 - Incident Reporting">
<collection label="IR-6 - Incident Reporting">
<view name="IR_6_1_rmf"/>
<view name="IR_6_2_rmf"/>
<view name="IR_6_3_rmf"/>
<view name="IR_6_4_rmf"/>
</collection>
<collection label="IR-6(1) - Incident Reporting | Automated Reporting">
<view name="IR_6-1_1_rmf"/>
</collection>
<collection label="IR-6(2) - Incident Reporting | Vulnerabilities Related to Incidents">
<view name="IR_6-2_1_rmf"/>
<view name="IR_6-2_2_rmf"/>
</collection>
<collection label="IR-6(3) - Incident Reporting | Supply Chain Coordination">
<view name="IR_6-3_1_rmf"/>
</collection>
</collection>
<collection label="IR-7 - Incident Response Assistance">
<collection label="IR-7 - Incident Response Assistance">
<view name="IR_7_1_rmf"/>
</collection>
<collection label="IR-7(1) - Incident Response Assistance | Automation Support for Availability of Information and Support">
<view name="IR_7-1_1_rmf"/>
</collection>
<collection label="IR-7(2) - Incident Response Assistance | Coordination with External Providers">
<view name="IR_7-2_1_rmf"/>
<view name="IR_7-2_2_rmf"/>
</collection>
</collection>
<collection label="IR-8 - Incident Response Plan">
<collection label="IR-8 - Incident Response Plan">
<view name="IR_8_1_rmf"/>
<view name="IR_8_2_rmf"/>
<view name="IR_8_3_rmf"/>
<view name="IR_8_4_rmf"/>
<view name="IR_8_5_rmf"/>
<view name="IR_8_6_rmf"/>
<view name="IR_8_7_rmf"/>
<view name="IR_8_8_rmf"/>
<view name="IR_8_9_rmf"/>
<view name="IR_8_10_rmf"/>
<view name="IR_8_11_rmf"/>
<view name="IR_8_12_rmf"/>
<view name="IR_8_13_rmf"/>
<view name="IR_8_14_rmf"/>
<view name="IR_8_15_rmf"/>
<view name="IR_8_16_rmf"/>
<view name="IR_8_17_rmf"/>
<view name="IR_8_18_rmf"/>
</collection>
</collection>
<collection label="IR-9 - Information Spillage Response">
<collection label="IR-9 - Information Spillage Response">
<view name="IR_9_1_rmf"/>
<view name="IR_9_2_rmf"/>
<view name="IR_9_3_rmf"/>
<view name="IR_9_4_rmf"/>
<view name="IR_9_5_rmf"/>
<view name="IR_9_6_rmf"/>
<view name="IR_9_7_rmf"/>
<view name="IR_9_8_rmf"/>
</collection>
<collection label="IR-9(1) - Information Spillage Response | Responsible Personnel">
<view name="IR_9-1_1_rmf"/>
<view name="IR_9-1_2_rmf"/>
</collection>
<collection label="IR-9(2) - Information Spillage Response | Training">
<view name="IR_9-2_1_rmf"/>
<view name="IR_9-2_2_rmf"/>
</collection>
<collection label="IR-9(3) - Information Spillage Response | Post-spill Operations">
<view name="IR_9-3_1_rmf"/>
<view name="IR_9-3_2_rmf"/>
</collection>
<collection label="IR-9(4) - Information Spillage Response | Exposure to Unauthorized Personnel">
<view name="IR_9-4_1_rmf"/>
<view name="IR_9-4_2_rmf"/>
</collection>
</collection>
<collection label="IR-10 - Integrated Information Security Analysis Team">
<collection label="IR-10 - Integrated Information Security Analysis Team">
<view name="IR_10_1_rmf"/>
</collection>
</collection>
</collection>
<collection label="Maintenance">
<collection label="MA-1 - Policy and Procedures">
<collection label="MA-1 - Policy and Procedures">
<view name="MA_1_1_rmf"/>
<view name="MA_1_2_rmf"/>
<view name="MA_1_3_rmf"/>
<view name="MA_1_4_rmf"/>
<view name="MA_1_5_rmf"/>
<view name="MA_1_6_rmf"/>
<view name="MA_1_7_rmf"/>
<view name="MA_1_8_rmf"/>
<view name="MA_1_9_rmf"/>
<view name="MA_1_10_rmf"/>
</collection>
</collection>
<collection label="MA-2 - Controlled Maintenance">
<collection label="MA-2 - Controlled Maintenance">
<view name="MA_2_1_rmf"/>
<view name="MA_2_2_rmf"/>
<view name="MA_2_3_rmf"/>
<view name="MA_2_4_rmf"/>
<view name="MA_2_5_rmf"/>
<view name="MA_2_6_rmf"/>
<view name="MA_2_7_rmf"/>
<view name="MA_2_8_rmf"/>
<view name="MA_2_9_rmf"/>
<view name="MA_2_10_rmf"/>
<view name="MA_2_11_rmf"/>
<view name="MA_2_12_rmf"/>
<view name="MA_2_13_rmf"/>
<view name="MA_2_14_rmf"/>
<view name="MA_2_15_rmf"/>
</collection>
<collection label="MA-2(2) - Controlled Maintenance | Automated Maintenance Activities">
<view name="MA_2-2_1_rmf"/>
<view name="MA_2-2_2_rmf"/>
<view name="MA_2-2_3_rmf"/>
<view name="MA_2-2_4_rmf"/>
</collection>
</collection>
<collection label="MA-3 - Maintenance Tools">
<collection label="MA-3 - Maintenance Tools">
<view name="MA_3_1_rmf"/>
<view name="MA_3_2_rmf"/>
<view name="MA_3_3_rmf"/>
</collection>
<collection label="MA-3(1) - Maintenance Tools | Inspect Tools">
<view name="MA_3-1_1_rmf"/>
</collection>
<collection label="MA-3(2) - Maintenance Tools | Inspect Media">
<view name="MA_3-2_1_rmf"/>
</collection>
<collection label="MA-3(3) - Maintenance Tools | Prevent Unauthorized Removal">
<view name="MA_3-3_1_rmf"/>
<view name="MA_3-3_2_rmf"/>
</collection>
<collection label="MA-3(4) - Maintenance Tools | Restricted Tool Use">
<view name="MA_3-4_1_rmf"/>
</collection>
</collection>
<collection label="MA-4 - Nonlocal Maintenance">
<collection label="MA-4 - Nonlocal Maintenance">
<view name="MA_4_1_rmf"/>
<view name="MA_4_2_rmf"/>
<view name="MA_4_3_rmf"/>
<view name="MA_4_4_rmf"/>
<view name="MA_4_5_rmf"/>
<view name="MA_4_6_rmf"/>
</collection>
<collection label="MA-4(1) - Nonlocal Maintenance | Logging and Review">
<view name="MA_4-1_1_rmf"/>
<view name="MA_4-1_2_rmf"/>
<view name="MA_4-1_3_rmf"/>
</collection>
<collection label="MA-4(2) - Nonlocal Maintenance | Document Nonlocal Maintenance">
<view name="MA_4-2_1_rmf"/>
</collection>
<collection label="MA-4(3) - Nonlocal Maintenance | Comparable Security and Sanitization">
<view name="MA_4-3_1_rmf"/>
<view name="MA_4-3_2_rmf"/>
<view name="MA_4-3_3_rmf"/>
</collection>
<collection label="MA-4(4) - Nonlocal Maintenance | Authentication and Separation of Maintenance Sessions">
<view name="MA_4-4_1_rmf"/>
<view name="MA_4-4_2_rmf"/>
<view name="MA_4-4_3_rmf"/>
</collection>
<collection label="MA-4(5) - Nonlocal Maintenance | Approvals and Notifications">
<view name="MA_4-5_1_rmf"/>
<view name="MA_4-5_3_rmf"/>
<view name="MA_4-5_4_rmf"/>
</collection>
<collection label="MA-4(6) - Nonlocal Maintenance | Cryptographic Protection">
<view name="MA_4-6_1_rmf"/>
<view name="MA_4-6_2_rmf"/>
</collection>
<collection label="MA-4(7) - Nonlocal Maintenance | Disconnect Verification">
<view name="MA_4-7_1_rmf"/>
</collection>
</collection>
<collection label="MA-5 - Maintenance Personnel">
<collection label="MA-5 - Maintenance Personnel">
<view name="MA_5_1_rmf"/>
<view name="MA_5_2_rmf"/>
<view name="MA_5_3_rmf"/>
<view name="MA_5_4_rmf"/>
</collection>
<collection label="MA-5(1) - Maintenance Personnel | Individuals Without Appropriate Access">
<view name="MA_5-1_1_rmf"/>
<view name="MA_5-1_2_rmf"/>
<view name="MA_5-1_3_rmf"/>
<view name="MA_5-1_4_rmf"/>
</collection>
<collection label="MA-5(2) - Maintenance Personnel | Security Clearances for Classified Systems">
<view name="MA_5-2_1_rmf"/>
</collection>
<collection label="MA-5(3) - Maintenance Personnel | Citizenship Requirements for Classified Systems">
<view name="MA_5-3_1_rmf"/>
</collection>
<collection label="MA-5(4) - Maintenance Personnel | Foreign Nationals">
<view name="MA_5-4_1_rmf"/>
<view name="MA_5-4_2_rmf"/>
</collection>
<collection label="MA-5(5) - Maintenance Personnel | Non-system Maintenance">
<view name="MA_5-5_1_rmf"/>
</collection>
</collection>
<collection label="MA-6 - Timely Maintenance">
<collection label="MA-6 - Timely Maintenance">
<view name="MA_6_1_rmf"/>
<view name="MA_6_2_rmf"/>
<view name="MA_6_3_rmf"/>
</collection>
<collection label="MA-6(1) - Timely Maintenance | Preventive Maintenance">
<view name="MA_6-1_1_rmf"/>
<view name="MA_6-1_2_rmf"/>
<view name="MA_6-1_3_rmf"/>
</collection>
<collection label="MA-6(2) - Timely Maintenance | Predictive Maintenance">
<view name="MA_6-2_1_rmf"/>
<view name="MA_6-2_2_rmf"/>
<view name="MA_6-2_3_rmf"/>
</collection>
<collection label="MA-6(3) - Timely Maintenance | Automated Support for Predictive Maintenance">
<view name="MA_6-3_1_rmf"/>
</collection>
</collection>
</collection>
<collection label="Media Protection">
<collection label="MP-1 - Policy and Procedures">
<collection label="MP-1 - Policy and Procedures">
<view name="MP_1_1_rmf"/>
<view name="MP_1_2_rmf"/>
<view name="MP_1_3_rmf"/>
<view name="MP_1_4_rmf"/>
<view name="MP_1_5_rmf"/>
<view name="MP_1_6_rmf"/>
<view name="MP_1_7_rmf"/>
<view name="MP_1_8_rmf"/>
<view name="MP_1_9_rmf"/>
</collection>
</collection>
<collection label="MP-2 - Media Access">
<collection label="MP-2 - Media Access">
<view name="MP_2_1_rmf"/>
<view name="MP_2_2_rmf"/>
<view name="MP_2_3_rmf"/>
</collection>
</collection>
<collection label="MP-3 - Media Marking">
<collection label="MP-3 - Media Marking">
<view name="MP_3_1_rmf"/>
<view name="MP_3_2_rmf"/>
<view name="MP_3_3_rmf"/>
<view name="MP_3_4_rmf"/>
</collection>
</collection>
<collection label="MP-4 - Media Storage">
<collection label="MP-4 - Media Storage">
<view name="MP_4_1_rmf"/>
<view name="MP_4_2_rmf"/>
<view name="MP_4_3_rmf"/>
<view name="MP_4_4_rmf"/>
</collection>
<collection label="MP-4(2) - Media Storage | Automated Restricted Access">
<view name="MP_4-2_1_rmf"/>
<view name="MP_4-2_2_rmf"/>
</collection>
</collection>
<collection label="MP-5 - Media Transport">
<collection label="MP-5 - Media Transport">
<view name="MP_5_1_rmf"/>
<view name="MP_5_2_rmf"/>
<view name="MP_5_3_rmf"/>
<view name="MP_5_4_rmf"/>
<view name="MP_5_5_rmf"/>
<view name="MP_5_6_rmf"/>
</collection>
<collection label="MP-5(3) - Media Transport | Custodians">
<view name="MP_5-3_1_rmf"/>
</collection>
<collection label="MP-5(4) - Media Transport | Cryptographic Protection">
<view name="MP_5-4_1_rmf"/>
</collection>
</collection>
<collection label="MP-6 - Media Sanitization">
<collection label="MP-6 - Media Sanitization">
<view name="MP_6_1_rmf"/>
<view name="MP_6_2_rmf"/>
<view name="MP_6_3_rmf"/>
<view name="MP_6_4_rmf"/>
</collection>
<collection label="MP-6(1) - Media Sanitization | Review, Approve, Track, Document, and Verify">
<view name="MP_6-1_1_rmf"/>
<view name="MP_6-1_2_rmf"/>
<view name="MP_6-1_3_rmf"/>
<view name="MP_6-1_4_rmf"/>
<view name="MP_6-1_5_rmf"/>
<view name="MP_6-1_6_rmf"/>
</collection>
<collection label="MP-6(2) - Media Sanitization | Equipment Testing">
<view name="MP_6-2_1_rmf"/>
<view name="MP_6-2_2_rmf"/>
</collection>
<collection label="MP-6(3) - Media Sanitization | Nondestructive Techniques">
<view name="MP_6-3_1_rmf"/>
<view name="MP_6-3_2_rmf"/>
</collection>
<collection label="MP-6(7) - Media Sanitization | Dual Authorization">
<view name="MP_6-7_1_rmf"/>
<view name="MP_6-7_2_rmf"/>
</collection>
<collection label="MP-6(8) - Media Sanitization | Remote Purging or Wiping of Information">
<view name="MP_6-8_1_rmf"/>
<view name="MP_6-8_2_rmf"/>
<view name="MP_6-8_3_rmf"/>
</collection>
</collection>
<collection label="MP-7 - Media Use">
<collection label="MP-7 - Media Use">
<view name="MP_7_1_rmf"/>
<view name="MP_7_2_rmf"/>
<view name="MP_7_3_rmf"/>
<view name="MP_7_4_rmf"/>
</collection>
<collection label="MP-7(1) - Media Use | Prohibit Use Without Owner">
<view name="MP_7-1_1_rmf"/>
</collection>
<collection label="MP-7(2) - Media Use | Prohibit Use of Sanitization-resistant Media">
<view name="MP_7-2_1_rmf"/>
</collection>
</collection>
<collection label="MP-8 - Media Downgrading">
<collection label="MP-8 - Media Downgrading">
<view name="MP_8_1_rmf"/>
<view name="MP_8_2_rmf"/>
<view name="MP_8_3_rmf"/>
<view name="MP_8_4_rmf"/>
<view name="MP_8_5_rmf"/>
</collection>
<collection label="MP-8(1) - Media Downgrading | Documentation of Process">
<view name="MP_8-1_1_rmf"/>
</collection>
<collection label="MP-8(2) - Media Downgrading | Equipment Testing">
<view name="MP_8-2_1_rmf"/>
<view name="MP_8-2_2_rmf"/>
<view name="MP_8-2_3_rmf"/>
<view name="MP_8-2_4_rmf"/>
</collection>
<collection label="MP-8(3) - Media Downgrading | Controlled Unclassified Information">
<view name="MP_8-3_1_rmf"/>
<view name="MP_8-3_2_rmf"/>
</collection>
<collection label="MP-8(4) - Media Downgrading | Classified Information">
<view name="MP_8-4_1_rmf"/>
</collection>
</collection>
</collection>
<collection label="Personnel Security">
<collection label="PS-1 - Policy and Procedures">
<collection label="PS-1 - Policy and Procedures">
<view name="PS_1_1_rmf"/>
<view name="PS_1_2_rmf"/>
<view name="PS_1_3_rmf"/>
<view name="PS_1_4_rmf"/>
<view name="PS_1_5_rmf"/>
<view name="PS_1_6_rmf"/>
<view name="PS_1_7_rmf"/>
<view name="PS_1_8_rmf"/>
<view name="PS_1_9_rmf"/>
<view name="PS_1_10_rmf"/>
</collection>
</collection>
<collection label="PS-2 - Position Risk Designation">
<collection label="PS-2 - Position Risk Designation">
<view name="PS_2_1_rmf"/>
<view name="PS_2_2_rmf"/>
<view name="PS_2_3_rmf"/>
<view name="PS_2_4_rmf"/>
</collection>
</collection>
<collection label="PS-3 - Personnel Screening">
<collection label="PS-3 - Personnel Screening">
<view name="PS_3_1_rmf"/>
<view name="PS_3_2_rmf"/>
<view name="PS_3_3_rmf"/>
<view name="PS_3_4_rmf"/>
</collection>
<collection label="PS-3(1) - Personnel Screening | Classified Information">
<view name="PS_3-1_1_rmf"/>
</collection>
<collection label="PS-3(2) - Personnel Screening | Formal Indoctrination">
<view name="PS_3-2_1_rmf"/>
</collection>
<collection label="PS-3(3) - Personnel Screening | Information Requiring Special Protective Measures">
<view name="PS_3-3_1_rmf"/>
<view name="PS_3-3_2_rmf"/>
<view name="PS_3-3_3_rmf"/>
</collection>
</collection>
<collection label="PS-4 - Personnel Termination">
<collection label="PS-4 - Personnel Termination">
<view name="PS_4_1_rmf"/>
<view name="PS_4_2_rmf"/>
<view name="PS_4_3_rmf"/>
<view name="PS_4_4_rmf"/>
<view name="PS_4_5_rmf"/>
<view name="PS_4_6_rmf"/>
<view name="PS_4_7_rmf"/>
<view name="PS_4_8_rmf"/>
<view name="PS_4_9_rmf"/>
<view name="PS_4_10_rmf"/>
<view name="PS_4_11_rmf"/>
</collection>
<collection label="PS-4(1) - Personnel Termination | Post-employment Requirements">
<view name="PS_4-1_1_rmf"/>
<view name="PS_4-1_2_rmf"/>
</collection>
<collection label="PS-4(2) - Personnel Termination | Automated Actions">
<view name="PS_4-2_1_rmf"/>
<view name="PS_4-2_2_rmf"/>
</collection>
</collection>
<collection label="PS-5 - Personnel Transfer">
<collection label="PS-5 - Personnel Transfer">
<view name="PS_5_1_rmf"/>
<view name="PS_5_2_rmf"/>
<view name="PS_5_3_rmf"/>
<view name="PS_5_4_rmf"/>
<view name="PS_5_5_rmf"/>
<view name="PS_5_6_rmf"/>
<view name="PS_5_7_rmf"/>
<view name="PS_5_8_rmf"/>
</collection>
</collection>
<collection label="PS-6 - Access Agreements">
<collection label="PS-6 - Access Agreements">
<view name="PS_6_1_rmf"/>
<view name="PS_6_2_rmf"/>
<view name="PS_6_3_rmf"/>
<view name="PS_6_4_rmf"/>
<view name="PS_6_5_rmf"/>
<view name="PS_6_6_rmf"/>
</collection>
<collection label="PS-6(2) - Access Agreements | Classified Information Requiring Special Protection">
<view name="PS_6-2_1_rmf"/>
<view name="PS_6-2_2_rmf"/>
<view name="PS_6-2_3_rmf"/>
</collection>
<collection label="PS-6(3) - Access Agreements | Post-employment Requirements">
<view name="PS_6-3_1_rmf"/>
<view name="PS_6-3_2_rmf"/>
</collection>
</collection>
<collection label="PS-7 - External Personnel Security">
<collection label="PS-7 - External Personnel Security">
<view name="PS_7_1_rmf"/>
<view name="PS_7_2_rmf"/>
<view name="PS_7_3_rmf"/>
<view name="PS_7_4_rmf"/>
<view name="PS_7_5_rmf"/>
<view name="PS_7_6_rmf"/>
<view name="PS_7_7_rmf"/>
</collection>
</collection>
<collection label="PS-8 - Personnel Sanctions">
<collection label="PS-8 - Personnel Sanctions">
<view name="PS_8_1_rmf"/>
<view name="PS_8_2_rmf"/>
<view name="PS_8_3_rmf"/>
<view name="PS_8_4_rmf"/>
</collection>
</collection>
</collection>
<collection label="Physical and Environmental Protection">
<collection label="PE-1 - Policy and Procedures">
<collection label="PE-1 - Policy and Procedures">
<view name="PE_1_1_rmf"/>
<view name="PE_1_2_rmf"/>
<view name="PE_1_3_rmf"/>
<view name="PE_1_4_rmf"/>
<view name="PE_1_5_rmf"/>
<view name="PE_1_6_rmf"/>
<view name="PE_1_7_rmf"/>
<view name="PE_1_8_rmf"/>
<view name="PE_1_9_rmf"/>
<view name="PE_1_10_rmf"/>
</collection>
</collection>
<collection label="PE-2 - Physical Access Authorizations">
<collection label="PE-2 - Physical Access Authorizations">
<view name="PE_2_1_rmf"/>
<view name="PE_2_2_rmf"/>
<view name="PE_2_3_rmf"/>
<view name="PE_2_4_rmf"/>
<view name="PE_2_5_rmf"/>
<view name="PE_2_6_rmf"/>
<view name="PE_2_7_rmf"/>
</collection>
<collection label="PE-2(1) - Physical Access Authorizations | Access by Position or Role">
<view name="PE_2-1_1_rmf"/>
</collection>
<collection label="PE-2(2) - Physical Access Authorizations | Two Forms of Identification">
<view name="PE_2-2_1_rmf"/>
<view name="PE_2-2_2_rmf"/>
</collection>
<collection label="PE-2(3) - Physical Access Authorizations | Restrict Unescorted Access">
<view name="PE_2-3_1_rmf"/>
<view name="PE_2-3_2_rmf"/>
</collection>
</collection>
<collection label="PE-3 - Physical Access Control">
<collection label="PE-3 - Physical Access Control">
<view name="PE_3_1_rmf"/>
<view name="PE_3_2_rmf"/>
<view name="PE_3_3_rmf"/>
<view name="PE_3_4_rmf"/>
<view name="PE_3_5_rmf"/>
<view name="PE_3_6_rmf"/>
<view name="PE_3_7_rmf"/>
<view name="PE_3_8_rmf"/>
<view name="PE_3_9_rmf"/>
<view name="PE_3_10_rmf"/>
<view name="PE_3_11_rmf"/>
<view name="PE_3_12_rmf"/>
<view name="PE_3_13_rmf"/>
<view name="PE_3_14_rmf"/>
<view name="PE_3_15_rmf"/>
<view name="PE_3_16_rmf"/>
<view name="PE_3_17_rmf"/>
<view name="PE_3_18_rmf"/>
<view name="PE_3_19_rmf"/>
</collection>
<collection label="PE-3(1) - Physical Access Control | System Access">
<view name="PE_3-1_1_rmf"/>
<view name="PE_3-1_2_rmf"/>
</collection>
<collection label="PE-3(2) - Physical Access Control | Facility and Systems">
<view name="PE_3-2_1_rmf"/>
<view name="PE_3-2_2_rmf"/>
</collection>
<collection label="PE-3(3) - Physical Access Control | Continuous Guards">
<view name="PE_3-3_1_rmf"/>
</collection>
<collection label="PE-3(4) - Physical Access Control | Lockable Casings">
<view name="PE_3-4_1_rmf"/>
<view name="PE_3-4_2_rmf"/>
</collection>
<collection label="PE-3(5) - Physical Access Control | Tamper Protection">
<view name="PE_3-5_1_rmf"/>
<view name="PE_3-5_2_rmf"/>
<view name="PE_3-5_3_rmf"/>
</collection>
<collection label="PE-3(6) - Physical Access Control | Facility Penetration Testing">
<view name="PE_3-6_1_rmf"/>
<view name="PE_3-6_2_rmf"/>
</collection>
</collection>
<collection label="PE-4 - Access Control for Transmission">
<collection label="PE-4 - Access Control for Transmission">
<view name="PE_4_1_rmf"/>
<view name="PE_4_2_rmf"/>
<view name="PE_4_3_rmf"/>
</collection>
</collection>
<collection label="PE-5 - Access Control for Output Devices">
<collection label="PE-5 - Access Control for Output Devices">
<view name="PE_5_1_rmf"/>
</collection>
<collection label="PE-5(1) - Access Control for Output Devices | Access to Output by Authorized Individuals">
<view name="PE_5-1_1_rmf"/>
<view name="PE_5-1_2_rmf"/>
<view name="PE_5-1_3_rmf"/>
</collection>
<collection label="PE-5(2) - Access Control for Output Devices | Link to Individual Identity">
<view name="PE_5-2_1_rmf"/>
<view name="PE_5-2_2_rmf"/>
</collection>
<collection label="PE-5(3) - Access Control for Output Devices | Marking Output Devices">
<view name="PE_5-3_1_rmf"/>
<view name="PE_5-3_2_rmf"/>
</collection>
</collection>
<collection label="PE-6 - Monitoring Physical Access">
<collection label="PE-6 - Monitoring Physical Access">
<view name="PE_6_1_rmf"/>
<view name="PE_6_2_rmf"/>
<view name="PE_6_3_rmf"/>
<view name="PE_6_4_rmf"/>
<view name="PE_6_5_rmf"/>
<view name="PE_6_6_rmf"/>
</collection>
<collection label="PE-6(1) - Monitoring Physical Access | Intrusion Alarms and Surveillance Equipment">
<view name="PE_6-1_1_rmf"/>
</collection>
<collection label="PE-6(2) - Monitoring Physical Access | Automated Intrusion Recognition and Responses">
<view name="PE_6-2_1_rmf"/>
<view name="PE_6-2_2_rmf"/>
<view name="PE_6-2_3_rmf"/>
<view name="PE_6-2_4_rmf"/>
</collection>
<collection label="PE-6(3) - Monitoring Physical Access | Video Surveillance">
<view name="PE_6-3_1_rmf"/>
<view name="PE_6-3_2_rmf"/>
<view name="PE_6-3_3_rmf"/>
<view name="PE_6-3_4_rmf"/>
</collection>
<collection label="PE-6(4) - Monitoring Physical Access | Monitoring Physical Access to Systems">
<view name="PE_6-4_1_rmf"/>
<view name="PE_6-4_2_rmf"/>
</collection>
</collection>
<collection label="PE-8 - Visitor Access Records">
<collection label="PE-8 - Visitor Access Records">
<view name="PE_8_1_rmf"/>
<view name="PE_8_2_rmf"/>
<view name="PE_8_3_rmf"/>
<view name="PE_8_4_rmf"/>
</collection>
<collection label="PE-8(1) - Visitor Access Records | Automated Records Maintenance and Review">
<view name="PE_8-1_1_rmf"/>
</collection>
</collection>
<collection label="PE-9 - Power Equipment and Cabling">
<collection label="PE-9 - Power Equipment and Cabling">
<view name="PE_9_1_rmf"/>
</collection>
<collection label="PE-9(1) - Power Equipment and Cabling | Redundant Cabling">
<view name="PE_9-1_1_rmf"/>
<view name="PE_9-1_2_rmf"/>
</collection>
<collection label="PE-9(2) - Power Equipment and Cabling | Automatic Voltage Controls">
<view name="PE_9-2_1_rmf"/>
<view name="PE_9-2_2_rmf"/>
</collection>
</collection>
<collection label="PE-10 - Emergency Shutoff">
<collection label="PE-10 - Emergency Shutoff">
<view name="PE_10_1_rmf"/>
<view name="PE_10_2_rmf"/>
<view name="PE_10_3_rmf"/>
<view name="PE_10_4_rmf"/>
</collection>
<collection label="PE-11(1) - Emergency Power | Alternate Power Supply ? Minimal Operational Capability">
<view name="PE_11-1_1_rmf"/>
</collection>
<collection label="PE-11(2) - Emergency Power | Alternate Power Supply ? Self-contained">
<view name="PE_11-2_1_rmf"/>
<view name="PE_11-2_2_rmf"/>
<view name="PE_11-2_3_rmf"/>
</collection>
</collection>
<collection label="PE-11 - Emergency Power">
<collection label="PE-11 - Emergency Power">
<view name="PE_11_1_rmf"/>
</collection>
<collection label="PE-12(1) - Emergency Lighting | Essential Mission and Business Functions">
<view name="PE_12-1_1_rmf"/>
<view name="PE_12-1_2_rmf"/>
</collection>
</collection>
<collection label="PE-12 - Emergency Lighting">
<collection label="PE-12 - Emergency Lighting">
<view name="PE_12_1_rmf"/>
</collection>
<collection label="PE-13(1) - Fire Protection | Detection Systems ? Automatic Activation and Notification">
<view name="PE_13-1_1_rmf"/>
<view name="PE_13-1_2_rmf"/>
<view name="PE_13-1_3_rmf"/>
<view name="PE_13-1_4_rmf"/>
</collection>
<collection label="PE-13(2) - Fire Protection | Suppression Systems ? Automatic Activation and Notification">
<view name="PE_13-2_1_rmf"/>
<view name="PE_13-2_2_rmf"/>
<view name="PE_13-2_3_rmf"/>
</collection>
<collection label="PE-13(3) - Fire Protection | Automatic Fire Suppression">
<view name="PE_13-3_1_rmf"/>
</collection>
<collection label="PE-13(4) - Fire Protection | Inspections">
<view name="PE_13-4_1_rmf"/>
<view name="PE_13-4_2_rmf"/>
<view name="PE_13-4_3_rmf"/>
<view name="PE_13-4_4_rmf"/>
</collection>
</collection>
<collection label="PE-13 - Fire Protection">
<collection label="PE-13 - Fire Protection">
<view name="PE_13_1_rmf"/>
</collection>
<collection label="PE-14(1) - Environmental Controls | Automatic Controls">
<view name="PE_14-1_1_rmf"/>
</collection>
<collection label="PE-14(2) - Environmental Controls | Monitoring with Alarms and Notifications">
<view name="PE_14-2_1_rmf"/>
</collection>
</collection>
<collection label="PE-14 - Environmental Controls">
<collection label="PE-14 - Environmental Controls">
<view name="PE_14_1_rmf"/>
<view name="PE_14_2_rmf"/>
<view name="PE_14_3_rmf"/>
<view name="PE_14_4_rmf"/>
</collection>
<collection label="PE-15(1) - Water Damage Protection | Automation Support">
<view name="PE_15-1_1_rmf"/>
<view name="PE_15-1_2_rmf"/>
</collection>
</collection>
<collection label="PE-15 - Water Damage Protection">
<collection label="PE-15 - Water Damage Protection">
<view name="PE_15_1_rmf"/>
<view name="PE_15_2_rmf"/>
<view name="PE_15_3_rmf"/>
</collection>
</collection>
<collection label="PE-16 - Delivery and Removal">
<collection label="PE-16 - Delivery and Removal">
<view name="PE_16_1_rmf"/>
<view name="PE_16_2_rmf"/>
<view name="PE_16_3_rmf"/>
<view name="PE_16_4_rmf"/>
<view name="PE_16_5_rmf"/>
</collection>
</collection>
<collection label="PE-17 - Alternate Work Site">
<collection label="PE-17 - Alternate Work Site">
<view name="PE_17_1_rmf"/>
<view name="PE_17_2_rmf"/>
<view name="PE_17_3_rmf"/>
<view name="PE_17_4_rmf"/>
</collection>
<collection label="PE-18(1) - Location of System Components | Facility Site">
<view name="PE_18-1_1_rmf"/>
<view name="PE_18-1_2_rmf"/>
</collection>
</collection>
<collection label="PE-18 - Location of System Components">
<collection label="PE-18 - Location of System Components">
<view name="PE_18_1_rmf"/>
<view name="PE_18_2_rmf"/>
<view name="PE_18_3_rmf"/>
</collection>
<collection label="PE-19(1) - Information Leakage | National Emissions Policies and Procedures">
<view name="PE_19-1_1_rmf"/>
</collection>
</collection>
<collection label="PE-19 - Information Leakage">
<collection label="PE-19 - Information Leakage">
<view name="PE_19_1_rmf"/>
</collection>
</collection>
<collection label="PE-20 - Asset Monitoring and Tracking">
<collection label="PE-20 - Asset Monitoring and Tracking">
<view name="PE_20_1_rmf"/>
<view name="PE_20_2_rmf"/>
<view name="PE_20_3_rmf"/>
<view name="PE_20_4_rmf"/>
<view name="PE_20_5_rmf"/>
</collection>
</collection>
</collection>
<collection label="Planning">
<collection label="PL-1 - Policy and Procedures">
<collection label="PL-1 - Policy and Procedures">
<view name="PL_1_1_rmf"/>
<view name="PL_1_2_rmf"/>
<view name="PL_1_3_rmf"/>
<view name="PL_1_4_rmf"/>
<view name="PL_1_5_rmf"/>
<view name="PL_1_6_rmf"/>
<view name="PL_1_7_rmf"/>
<view name="PL_1_8_rmf"/>
<view name="PL_1_9_rmf"/>
<view name="PL_1_10_rmf"/>
</collection>
</collection>
<collection label="PL-2 - System Security and Privacy Plans">
<collection label="PL-2 - System Security and Privacy Plans">
<view name="PL_2_1_rmf"/>
<view name="PL_2_2_rmf"/>
<view name="PL_2_3_rmf"/>
<view name="PL_2_4_rmf"/>
<view name="PL_2_5_rmf"/>
<view name="PL_2_6_rmf"/>
<view name="PL_2_7_rmf"/>
<view name="PL_2_8_rmf"/>
<view name="PL_2_9_rmf"/>
<view name="PL_2_10_rmf"/>
<view name="PL_2_11_rmf"/>
<view name="PL_2_12_rmf"/>
<view name="PL_2_13_rmf"/>
<view name="PL_2_14_rmf"/>
<view name="PL_2_15_rmf"/>
<view name="PL_2_16_rmf"/>
<view name="PL_2_17_rmf"/>
<view name="PL_2_18_rmf"/>
<view name="PL_2_19_rmf"/>
</collection>
<collection label="PL-2(3) - System Security and Privacy Plans | Plan and Coordinate with Other Organizational Entities">
<view name="PL_2-3_1_rmf"/>
<view name="PL_2-3_2_rmf"/>
</collection>
</collection>
<collection label="PL-4 - Rules of Behavior">
<collection label="PL-4 - Rules of Behavior">
<view name="PL_4_1_rmf"/>
<view name="PL_4_2_rmf"/>
<view name="PL_4_3_rmf"/>
<view name="PL_4_4_rmf"/>
<view name="PL_4_5_rmf"/>
<view name="PL_4_6_rmf"/>
</collection>
<collection label="PL-4(1) - Rules of Behavior | Social Media and External Site/Application Usage Restrictions">
<view name="PL_4-1_1_rmf"/>
<view name="PL_4-1_2_rmf"/>
</collection>
</collection>
<collection label="PL-7 - Concept of Operations">
<collection label="PL-7 - Concept of Operations">
<view name="PL_7_1_rmf"/>
<view name="PL_7_2_rmf"/>
<view name="PL_7_3_rmf"/>
</collection>
</collection>
<collection label="PL-8 - Security and Privacy Architectures">
<collection label="PL-8 - Security and Privacy Architectures">
<view name="PL_8_1_rmf"/>
<view name="PL_8_2_rmf"/>
<view name="PL_8_3_rmf"/>
<view name="PL_8_4_rmf"/>
<view name="PL_8_5_rmf"/>
<view name="PL_8_6_rmf"/>
<view name="PL_8_7_rmf"/>
<view name="PL_8_8_rmf"/>
<view name="PL_8_9_rmf"/>
</collection>
<collection label="PL-8(1) - Security and Privacy Architectures | Defense in Depth">
<view name="PL_8-1_1_rmf"/>
<view name="PL_8-1_2_rmf"/>
<view name="PL_8-1_3_rmf"/>
<view name="PL_8-1_4_rmf"/>
<view name="PL_8-1_5_rmf"/>
<view name="PL_8-1_6_rmf"/>
<view name="PL_8-1_7_rmf"/>
</collection>
<collection label="PL-8(2) - Security and Privacy Architectures | Supplier Diversity">
<view name="PL_8-2_1_rmf"/>
</collection>
</collection>
<collection label="PL-9 - Central Management">
<collection label="PL-9 - Central Management">
<view name="PL_9_1_rmf"/>
<view name="PL_9_2_rmf"/>
</collection>
</collection>
</collection>
<collection label="Program Management">
<collection label="PM-1 - Information Security Program Plan">
<collection label="PM-1 - Information Security Program Plan">
<view name="PM_1_1_rmf"/>
<view name="PM_1_2_rmf"/>
<view name="PM_1_3_rmf"/>
<view name="PM_1_4_rmf"/>
<view name="PM_1_5_rmf"/>
<view name="PM_1_6_rmf"/>
<view name="PM_1_7_rmf"/>
<view name="PM_1_8_rmf"/>
<view name="PM_1_9_rmf"/>
<view name="PM_1_10_rmf"/>
<view name="PM_1_11_rmf"/>
<view name="PM_1_12_rmf"/>
<view name="PM_1_13_rmf"/>
</collection>
</collection>
<collection label="PM-2 - Information Security Program Leadership Role">
<collection label="PM-2 - Information Security Program Leadership Role">
<view name="PM_2_1_rmf"/>
</collection>
</collection>
<collection label="PM-3 - Information Security and Privacy Resources">
<collection label="PM-3 - Information Security and Privacy Resources">
<view name="PM_3_1_rmf"/>
<view name="PM_3_2_rmf"/>
<view name="PM_3_3_rmf"/>
</collection>
</collection>
<collection label="PM-4 - Plan of Action and Milestones Process">
<collection label="PM-4 - Plan of Action and Milestones Process">
<view name="PM_4_1_rmf"/>
<view name="PM_4_2_rmf"/>
<view name="PM_4_3_rmf"/>
<view name="PM_4_4_rmf"/>
<view name="PM_4_5_rmf"/>
</collection>
</collection>
<collection label="PM-5 - System Inventory">
<collection label="PM-5 - System Inventory">
<view name="PM_5_1_rmf"/>
</collection>
</collection>
<collection label="PM-6 - Measures of Performance">
<collection label="PM-6 - Measures of Performance">
<view name="PM_6_1_rmf"/>
<view name="PM_6_2_rmf"/>
<view name="PM_6_3_rmf"/>
</collection>
</collection>
<collection label="PM-7 - Enterprise Architecture">
<collection label="PM-7 - Enterprise Architecture">
<view name="PM_7_1_rmf"/>
</collection>
</collection>
<collection label="PM-8 - Critical Infrastructure Plan">
<collection label="PM-8 - Critical Infrastructure Plan">
<view name="PM_8_1_rmf"/>
<view name="PM_8_2_rmf"/>
</collection>
</collection>
<collection label="PM-9 - Risk Management Strategy">
<collection label="PM-9 - Risk Management Strategy">
<view name="PM_9_1_rmf"/>
<view name="PM_9_2_rmf"/>
<view name="PM_9_3_rmf"/>
<view name="PM_9_4_rmf"/>
</collection>
</collection>
<collection label="PM-10 - Authorization Process">
<collection label="PM-10 - Authorization Process">
<view name="PM_10_1_rmf"/>
<view name="PM_10_2_rmf"/>
<view name="PM_10_3_rmf"/>
<view name="PM_10_4_rmf"/>
<view name="PM_10_5_rmf"/>
</collection>
</collection>
<collection label="PM-11 - Mission and Business Process Definition">
<collection label="PM-11 - Mission and Business Process Definition">
<view name="PM_11_1_rmf"/>
<view name="PM_11_2_rmf"/>
</collection>
</collection>
<collection label="PM-12 - Insider Threat Program">
<collection label="PM-12 - Insider Threat Program">
<view name="PM_12_1_rmf"/>
</collection>
</collection>
<collection label="PM-13 - Security and Privacy Workforce">
<collection label="PM-13 - Security and Privacy Workforce">
<view name="PM_13_1_rmf"/>
</collection>
</collection>
<collection label="PM-14 - Testing, Training, and Monitoring">
<collection label="PM-14 - Testing, Training, and Monitoring">
<view name="PM_14_1_rmf"/>
<view name="PM_14_2_rmf"/>
<view name="PM_14_3_rmf"/>
<view name="PM_14_4_rmf"/>
<view name="PM_14_5_rmf"/>
<view name="PM_14_6_rmf"/>
<view name="PM_14_7_rmf"/>
<view name="PM_14_8_rmf"/>
<view name="PM_14_9_rmf"/>
<view name="PM_14_10_rmf"/>
<view name="PM_14_11_rmf"/>
<view name="PM_14_12_rmf"/>
</collection>
</collection>
<collection label="PM-15 - Security and Privacy Groups and Associations">
<collection label="PM-15 - Security and Privacy Groups and Associations">
<view name="PM_15_1_rmf"/>
<view name="PM_15_2_rmf"/>
<view name="PM_15_3_rmf"/>
</collection>
</collection>
<collection label="PM-16 - Threat Awareness Program">
<collection label="PM-16 - Threat Awareness Program">
<view name="PM_16_1_rmf"/>
</collection>
</collection>
</collection>
<collection label="Risk Assessment">
<collection label="RA-1 - Policy and Procedures">
<collection label="RA-1 - Policy and Procedures">
<view name="RA_1_1_rmf"/>
<view name="RA_1_2_rmf"/>
<view name="RA_1_3_rmf"/>
<view name="RA_1_4_rmf"/>
<view name="RA_1_5_rmf"/>
<view name="RA_1_6_rmf"/>
<view name="RA_1_7_rmf"/>
<view name="RA_1_8_rmf"/>
<view name="RA_1_9_rmf"/>
<view name="RA_1_10_rmf"/>
</collection>
</collection>
<collection label="RA-2 - Security Categorization">
<collection label="RA-2 - Security Categorization">
<view name="RA_2_1_rmf"/>
<view name="RA_2_2_rmf"/>
<view name="RA_2_3_rmf"/>
</collection>
</collection>
<collection label="RA-3 - Risk Assessment">
<collection label="RA-3 - Risk Assessment">
<view name="RA_3_1_rmf"/>
<view name="RA_3_2_rmf"/>
<view name="RA_3_3_rmf"/>
<view name="RA_3_4_rmf"/>
<view name="RA_3_5_rmf"/>
<view name="RA_3_6_rmf"/>
<view name="RA_3_7_rmf"/>
<view name="RA_3_8_rmf"/>
<view name="RA_3_9_rmf"/>
</collection>
</collection>
<collection label="RA-5 - Vulnerability Monitoring and Scanning">
<collection label="RA-5 - Vulnerability Monitoring and Scanning">
<view name="RA_5_1_rmf"/>
<view name="RA_5_2_rmf"/>
<view name="RA_5_3_rmf"/>
<view name="RA_5_4_rmf"/>
<view name="RA_5_5_rmf"/>
<view name="RA_5_6_rmf"/>
<view name="RA_5_7_rmf"/>
<view name="RA_5_8_rmf"/>
<view name="RA_5_9_rmf"/>
<view name="RA_5_10_rmf"/>
<view name="RA_5_11_rmf"/>
</collection>
<collection label="RA-5(1) - Vulnerability Monitoring and Scanning | Update Tool Capability">
<view name="RA_5-1_1_rmf"/>
</collection>
<collection label="RA-5(10) - Vulnerability Monitoring and Scanning | Correlate Scanning Information">
<view name="RA_5-10_1_rmf"/>
</collection>
<collection label="RA-5(2) - Vulnerability Monitoring and Scanning | Update Vulnerabilities to Be Scanned">
<view name="RA_5-2_1_rmf"/>
<view name="RA_5-2_2_rmf"/>
</collection>
<collection label="RA-5(3) - Vulnerability Monitoring and Scanning | Breadth and Depth of Coverage">
<view name="RA_5-3_1_rmf"/>
</collection>
<collection label="RA-5(4) - Vulnerability Monitoring and Scanning | Discoverable Information">
<view name="RA_5-4_1_rmf"/>
<view name="RA_5-4_2_rmf"/>
<view name="RA_5-4_3_rmf"/>
</collection>
<collection label="RA-5(5) - Vulnerability Monitoring and Scanning | Privileged Access">
<view name="RA_5-5_1_rmf"/>
<view name="RA_5-5_2_rmf"/>
<view name="RA_5-5_3_rmf"/>
</collection>
<collection label="RA-5(6) - Vulnerability Monitoring and Scanning | Automated Trend Analyses">
<view name="RA_5-6_1_rmf"/>
</collection>
<collection label="RA-5(8) - Vulnerability Monitoring and Scanning | Review Historic Audit Logs">
<view name="RA_5-8_1_rmf"/>
</collection>
</collection>
<collection label="RA-6 - Technical Surveillance Countermeasures Survey">
<collection label="RA-6 - Technical Surveillance Countermeasures Survey">
<view name="RA_6_1_rmf"/>
<view name="RA_6_2_rmf"/>
<view name="RA_6_3_rmf"/>
<view name="RA_6_4_rmf"/>
</collection>
</collection>
</collection>
<collection label="System And Services Acquisition">
<collection label="SA-1 - Policy and Procedures">
<collection label="SA-1 - Policy and Procedures">
<view name="SA_1_1_rmf"/>
<view name="SA_1_2_rmf"/>
<view name="SA_1_3_rmf"/>
<view name="SA_1_4_rmf"/>
<view name="SA_1_5_rmf"/>
<view name="SA_1_6_rmf"/>
<view name="SA_1_7_rmf"/>
<view name="SA_1_8_rmf"/>
<view name="SA_1_9_rmf"/>
<view name="SA_1_10_rmf"/>
</collection>
</collection>
<collection label="SA-2 - Allocation of Resources">
<collection label="SA-2 - Allocation of Resources">
<view name="SA_2_1_rmf"/>
<view name="SA_2_2_rmf"/>
<view name="SA_2_3_rmf"/>
<view name="SA_2_4_rmf"/>
<view name="SA_2_5_rmf"/>
<view name="SA_2_6_rmf"/>
</collection>
</collection>
<collection label="SA-3 - System Development Life Cycle">
<collection label="SA-3 - System Development Life Cycle">
<view name="SA_3_1_rmf"/>
<view name="SA_3_2_rmf"/>
<view name="SA_3_3_rmf"/>
<view name="SA_3_4_rmf"/>
<view name="SA_3_5_rmf"/>
</collection>
</collection>
<collection label="SA-4 - Acquisition Process">
<collection label="SA-4 - Acquisition Process">
<view name="SA_4_1_rmf"/>
<view name="SA_4_2_rmf"/>
<view name="SA_4_3_rmf"/>
<view name="SA_4_4_rmf"/>
<view name="SA_4_5_rmf"/>
<view name="SA_4_6_rmf"/>
<view name="SA_4_7_rmf"/>
</collection>
<collection label="SA-4(1) - Acquisition Process | Functional Properties of Controls">
<view name="SA_4-1_1_rmf"/>
</collection>
<collection label="SA-4(10) - Acquisition Process | Use of Approved PIV Products">
<view name="SA_4-10_1_rmf"/>
</collection>
<collection label="SA-4(2) - Acquisition Process | Design and Implementation Information for Controls">
<view name="SA_4-2_1_rmf"/>
<view name="SA_4-2_2_rmf"/>
<view name="SA_4-2_3_rmf"/>
<view name="SA_4-2_4_rmf"/>
<view name="SA_4-2_5_rmf"/>
<view name="SA_4-2_6_rmf"/>
</collection>
<collection label="SA-4(3) - Acquisition Process | Development Methods, Techniques, and Practices">
<view name="SA_4-3_1_rmf"/>
<view name="SA_4-3_2_rmf"/>
</collection>
<collection label="SA-4(5) - Acquisition Process | System, Component, and Service Configurations">
<view name="SA_4-5_1_rmf"/>
<view name="SA_4-5_2_rmf"/>
<view name="SA_4-5_3_rmf"/>
</collection>
<collection label="SA-4(6) - Acquisition Process | Use of Information Assurance Products">
<view name="SA_4-6_1_rmf"/>
<view name="SA_4-6_2_rmf"/>
</collection>
<collection label="SA-4(7) - Acquisition Process | Niap-approved Protection Profiles">
<view name="SA_4-7_1_rmf"/>
<view name="SA_4-7_2_rmf"/>
</collection>
<collection label="SA-4(8) - Acquisition Process | Continuous Monitoring Plan for Controls">
<view name="SA_4-8_1_rmf"/>
<view name="SA_4-8_2_rmf"/>
</collection>
<collection label="SA-4(9) - Acquisition Process | Functions, Ports, Protocols, and Services in Use">
<view name="SA_4-9_1_rmf"/>
</collection>
</collection>
<collection label="SA-5 - System Documentation">
<collection label="SA-5 - System Documentation">
<view name="SA_5_1_rmf"/>
<view name="SA_5_2_rmf"/>
<view name="SA_5_3_rmf"/>
<view name="SA_5_4_rmf"/>
<view name="SA_5_5_rmf"/>
<view name="SA_5_6_rmf"/>
<view name="SA_5_7_rmf"/>
<view name="SA_5_8_rmf"/>
<view name="SA_5_9_rmf"/>
<view name="SA_5_10_rmf"/>
<view name="SA_5_11_rmf"/>
<view name="SA_5_12_rmf"/>
<view name="SA_5_13_rmf"/>
<view name="SA_5_14_rmf"/>
</collection>
</collection>
<collection label="SA-8 - Security and Privacy Engineering Principles">
<collection label="SA-8 - Security and Privacy Engineering Principles">
<view name="SA_8_1_rmf"/>
<view name="SA_8_2_rmf"/>
<view name="SA_8_3_rmf"/>
<view name="SA_8_4_rmf"/>
<view name="SA_8_5_rmf"/>
</collection>
</collection>
<collection label="SA-9 - External System Services">
<collection label="SA-9 - External System Services">
<view name="SA_9_1_rmf"/>
<view name="SA_9_2_rmf"/>
<view name="SA_9_3_rmf"/>
<view name="SA_9_4_rmf"/>
<view name="SA_9_5_rmf"/>
<view name="SA_9_6_rmf"/>
<view name="SA_9_7_rmf"/>
<view name="SA_9_8_rmf"/>
<view name="SA_9_9_rmf"/>
</collection>
<collection label="SA-9(1) - External System Services | Risk Assessments and Organizational Approvals">
<view name="SA_9-1_1_rmf"/>
<view name="SA_9-1_2_rmf"/>
<view name="SA_9-1_3_rmf"/>
</collection>
<collection label="SA-9(2) - External System Services | Identification of Functions, Ports, Protocols, and Services">
<view name="SA_9-2_1_rmf"/>
<view name="SA_9-2_2_rmf"/>
</collection>
<collection label="SA-9(3) - External System Services | Establish and Maintain Trust Relationship with Providers">
<view name="SA_9-3_1_rmf"/>
<view name="SA_9-3_2_rmf"/>
<view name="SA_9-3_3_rmf"/>
<view name="SA_9-3_4_rmf"/>
</collection>
<collection label="SA-9(4) - External System Services | Consistent Interests of Consumers and Providers">
<view name="SA_9-4_1_rmf"/>
<view name="SA_9-4_2_rmf"/>
<view name="SA_9-4_3_rmf"/>
</collection>
<collection label="SA-9(5) - External System Services | Processing, Storage, and Service Location">
<view name="SA_9-5_1_rmf"/>
<view name="SA_9-5_2_rmf"/>
<view name="SA_9-5_3_rmf"/>
</collection>
<collection label="SA-10(1) - Developer Configuration Management | Software and Firmware Integrity Verification">
<view name="SA_10-1_1_rmf"/>
</collection>
<collection label="SA-10(2) - Developer Configuration Management | Alternative Configuration Management Processes">
<view name="SA_10-2_1_rmf"/>
</collection>
<collection label="SA-10(3) - Developer Configuration Management | Hardware Integrity Verification">
<view name="SA_10-3_1_rmf"/>
</collection>
<collection label="SA-10(4) - Developer Configuration Management | Trusted Generation">
<view name="SA_10-4_1_rmf"/>
<view name="SA_10-4_2_rmf"/>
<view name="SA_10-4_3_rmf"/>
</collection>
<collection label="SA-10(5) - Developer Configuration Management | Mapping Integrity for Version Control">
<view name="SA_10-5_1_rmf"/>
</collection>
<collection label="SA-10(6) - Developer Configuration Management | Trusted Distribution">
<view name="SA_10-6_1_rmf"/>
</collection>
</collection>
<collection label="SA-10 - Developer Configuration Management">
<collection label="SA-10 - Developer Configuration Management">
<view name="SA_10_1_rmf"/>
<view name="SA_10_2_rmf"/>
<view name="SA_10_3_rmf"/>
<view name="SA_10_4_rmf"/>
<view name="SA_10_5_rmf"/>
<view name="SA_10_6_rmf"/>
<view name="SA_10_7_rmf"/>
<view name="SA_10_8_rmf"/>
<view name="SA_10_9_rmf"/>
<view name="SA_10_10_rmf"/>
<view name="SA_10_11_rmf"/>
<view name="SA_10_12_rmf"/>
</collection>
<collection label="SA-11(1) - Developer Testing and Evaluation | Static Code Analysis">
<view name="SA_11-1_1_rmf"/>
<view name="SA_11-1_2_rmf"/>
</collection>
<collection label="SA-11(2) - Developer Testing and Evaluation | Threat Modeling and Vulnerability Analyses">
<view name="SA_11-2_1_rmf"/>
<view name="SA_11-2_2_rmf"/>
</collection>
<collection label="SA-11(3) - Developer Testing and Evaluation | Independent Verification of Assessment Plans and Evidence">
<view name="SA_11-3_1_rmf"/>
<view name="SA_11-3_2_rmf"/>
<view name="SA_11-3_3_rmf"/>
<view name="SA_11-3_4_rmf"/>
</collection>
<collection label="SA-11(4) - Developer Testing and Evaluation | Manual Code Reviews">
<view name="SA_11-4_1_rmf"/>
<view name="SA_11-4_2_rmf"/>
<view name="SA_11-4_3_rmf"/>
</collection>
<collection label="SA-11(5) - Developer Testing and Evaluation | Penetration Testing">
<view name="SA_11-5_1_rmf"/>
<view name="SA_11-5_2_rmf"/>
<view name="SA_11-5_3_rmf"/>
</collection>
<collection label="SA-11(6) - Developer Testing and Evaluation | Attack Surface Reviews">
<view name="SA_11-6_1_rmf"/>
</collection>
<collection label="SA-11(7) - Developer Testing and Evaluation | Verify Scope of Testing and Evaluation">
<view name="SA_11-7_1_rmf"/>
<view name="SA_11-7_2_rmf"/>
</collection>
<collection label="SA-11(8) - Developer Testing and Evaluation | Dynamic Code Analysis">
<view name="SA_11-8_1_rmf"/>
<view name="SA_11-8_2_rmf"/>
</collection>
</collection>
<collection label="SA-11 - Developer Testing and Evaluation">
<collection label="SA-11 - Developer Testing and Evaluation">
<view name="SA_11_1_rmf"/>
<view name="SA_11_2_rmf"/>
<view name="SA_11_3_rmf"/>
<view name="SA_11_4_rmf"/>
<view name="SA_11_5_rmf"/>
<view name="SA_11_6_rmf"/>
<view name="SA_11_7_rmf"/>
<view name="SA_11_8_rmf"/>
</collection>
<collection label="SA-12(1) - Supply Chain Protection | Acquisition Strategies / Tools / Methods">
<view name="SA_12-1_1_rmf"/>
<view name="SA_12-1_2_rmf"/>
</collection>
<collection label="SA-12(10) - Supply Chain Protection | Validate as Genuine and Not Altered">
<view name="SA_12-10_1_rmf"/>
<view name="SA_12-10_2_rmf"/>
</collection>
<collection label="SA-12(11) - Supply Chain Protection | Penetration Testing / Analysis of Elements, Processes, and Actors">
<view name="SA_12-11_1_rmf"/>
<view name="SA_12-11_2_rmf"/>
</collection>
<collection label="SA-12(12) - Supply Chain Protection | Inter-organizational Agreements">
<view name="SA_12-12_1_rmf"/>
<view name="SA_12-12_2_rmf"/>
</collection>
<collection label="SA-12(13) - Supply Chain Protection | Critical Information System Components">
<view name="SA_12-13_1_rmf"/>
<view name="SA_12-13_2_rmf"/>
<view name="SA_12-13_3_rmf"/>
</collection>
<collection label="SA-12(14) - Supply Chain Protection | Identity and Traceability">
<view name="SA_12-14_1_rmf"/>
<view name="SA_12-14_2_rmf"/>
<view name="SA_12-14_3_rmf"/>
</collection>
<collection label="SA-12(15) - Supply Chain Protection | Processes to Address Weaknesses or Deficiencies">
<view name="SA_12-15_1_rmf"/>
</collection>
<collection label="SA-12(2) - Supply Chain Protection | Supplier Reviews">
<view name="SA_12-2_1_rmf"/>
</collection>
<collection label="SA-12(5) - Supply Chain Protection | Limitation of Harm">
<view name="SA_12-5_1_rmf"/>
<view name="SA_12-5_2_rmf"/>
</collection>
<collection label="SA-12(7) - Supply Chain Protection | Assessments Prior to Selection / Acceptance / Update">
<view name="SA_12-7_1_rmf"/>
</collection>
<collection label="SA-12(8) - Supply Chain Protection | Use of All-source Intelligence">
<view name="SA_12-8_1_rmf"/>
</collection>
<collection label="SA-12(9) - Supply Chain Protection | Operations Security">
<view name="SA_12-9_1_rmf"/>
<view name="SA_12-9_2_rmf"/>
</collection>
</collection>
<collection label="SA-12 - Supply Chain Protection">
<collection label="SA-12 - Supply Chain Protection">
<view name="SA_12_1_rmf"/>
<view name="SA_12_2_rmf"/>
</collection>
</collection>
<collection label="SA-13 - Trustworthiness">
<collection label="SA-13 - Trustworthiness">
<view name="SA_13_1_rmf"/>
<view name="SA_13_2_rmf"/>
<view name="SA_13_3_rmf"/>
<view name="SA_13_4_rmf"/>
</collection>
</collection>
<collection label="SA-14 - Criticality Analysis">
<collection label="SA-14 - Criticality Analysis">
<view name="SA_14_1_rmf"/>
<view name="SA_14_2_rmf"/>
<view name="SA_14_3_rmf"/>
<view name="SA_14_4_rmf"/>
</collection>
<collection label="SA-15(1) - Development Process, Standards, and Tools | Quality Metrics">
<view name="SA_15-1_1_rmf"/>
<view name="SA_15-1_2_rmf"/>
<view name="SA_15-1_3_rmf"/>
<view name="SA_15-1_4_rmf"/>
</collection>
<collection label="SA-15(10) - Development Process, Standards, and Tools | Incident Response Plan">
<view name="SA_15-10_1_rmf"/>
</collection>
<collection label="SA-15(11) - Development Process, Standards, and Tools | Archive System or Component">
<view name="SA_15-11_1_rmf"/>
</collection>
<collection label="SA-15(2) - Development Process, Standards, and Tools | Security and Privacy Tracking Tools">
<view name="SA_15-2_1_rmf"/>
<view name="SA_15-2_2_rmf"/>
</collection>
<collection label="SA-15(3) - Development Process, Standards, and Tools | Criticality Analysis">
<view name="SA_15-3_1_rmf"/>
<view name="SA_15-3_2_rmf"/>
<view name="SA_15-3_3_rmf"/>
</collection>
<collection label="SA-15(4) - Development Process, Standards, and Tools | Threat Modeling and Vulnerability Analysis">
<view name="SA_15-4_1_rmf"/>
<view name="SA_15-4_2_rmf"/>
<view name="SA_15-4_3_rmf"/>
<view name="SA_15-4_4_rmf"/>
<view name="SA_15-4_5_rmf"/>
<view name="SA_15-4_6_rmf"/>
<view name="SA_15-4_7_rmf"/>
<view name="SA_15-4_8_rmf"/>
<view name="SA_15-4_9_rmf"/>
</collection>
<collection label="SA-15(5) - Development Process, Standards, and Tools | Attack Surface Reduction">
<view name="SA_15-5_1_rmf"/>
<view name="SA_15-5_2_rmf"/>
</collection>
<collection label="SA-15(6) - Development Process, Standards, and Tools | Continuous Improvement">
<view name="SA_15-6_1_rmf"/>
</collection>
<collection label="SA-15(7) - Development Process, Standards, and Tools | Automated Vulnerability Analysis">
<view name="SA_15-7_1_rmf"/>
<view name="SA_15-7_2_rmf"/>
<view name="SA_15-7_3_rmf"/>
<view name="SA_15-7_4_rmf"/>
<view name="SA_15-7_5_rmf"/>
<view name="SA_15-7_6_rmf"/>
</collection>
<collection label="SA-15(8) - Development Process, Standards, and Tools | Reuse of Threat and Vulnerability Information">
<view name="SA_15-8_1_rmf"/>
<view name="SA_15-8_2_rmf"/>
</collection>
<collection label="SA-15(9) - Development Process, Standards, and Tools | Use of Live Data">
<view name="SA_15-9_1_rmf"/>
<view name="SA_15-9_2_rmf"/>
<view name="SA_15-9_3_rmf"/>
<view name="SA_15-9_4_rmf"/>
<view name="SA_15-9_5_rmf"/>
<view name="SA_15-9_6_rmf"/>
</collection>
</collection>
<collection label="SA-15 - Development Process, Standards, and Tools">
<collection label="SA-15 - Development Process, Standards, and Tools">
<view name="SA_15_1_rmf"/>
<view name="SA_15_2_rmf"/>
<view name="SA_15_3_rmf"/>
<view name="SA_15_4_rmf"/>
<view name="SA_15_5_rmf"/>
<view name="SA_15_6_rmf"/>
<view name="SA_15_7_rmf"/>
<view name="SA_15_8_rmf"/>
<view name="SA_15_9_rmf"/>
<view name="SA_15-4_10_rmf"/>
<view name="SA_15-4_11_rmf"/>
<view name="SA_15-4_12_rmf"/>
<view name="SA_15-4_13_rmf"/>
<view name="SA_15-4_14_rmf"/>
<view name="SA_15-4_15_rmf"/>
<view name="SA_15-4_16_rmf"/>
<view name="SA_15_10_rmf"/>
<view name="SA_15_11_rmf"/>
<view name="SA_15_12_rmf"/>
<view name="SA_15_13_rmf"/>
<view name="SA_15_14_rmf"/>
</collection>
</collection>
<collection label="SA-16 - Developer-provided Training">
<collection label="SA-16 - Developer-provided Training">
<view name="SA_16_1_rmf"/>
<view name="SA_16_2_rmf"/>
</collection>
<collection label="SA-17(1) - Developer Security and Privacy Architecture and Design | Formal Policy Model">
<view name="SA_17-1_1_rmf"/>
<view name="SA_17-1_2_rmf"/>
<view name="SA_17-1_3_rmf"/>
</collection>
<collection label="SA-17(2) - Developer Security and Privacy Architecture and Design | Security-relevant Components">
<view name="SA_17-2_1_rmf"/>
<view name="SA_17-2_2_rmf"/>
<view name="SA_17-2_3_rmf"/>
<view name="SA_17-2_4_rmf"/>
<view name="SA_17-2_5_rmf"/>
<view name="SA_17-2_6_rmf"/>
</collection>
<collection label="SA-17(3) - Developer Security and Privacy Architecture and Design | Formal Correspondence">
<view name="SA_17-3_1_rmf"/>
<view name="SA_17-3_2_rmf"/>
<view name="SA_17-3_3_rmf"/>
<view name="SA_17-3_4_rmf"/>
<view name="SA_17-3_5_rmf"/>
<view name="SA_17-3_6_rmf"/>
<view name="SA_17-3_7_rmf"/>
<view name="SA_17-3_8_rmf"/>
<view name="SA_17-3_9_rmf"/>
</collection>
<collection label="SA-17(4) - Developer Security and Privacy Architecture and Design | Informal Correspondence">
<view name="SA_17-4_1_rmf"/>
<view name="SA_17-4_2_rmf"/>
<view name="SA_17-4_3_rmf"/>
<view name="SA_17-4_4_rmf"/>
<view name="SA_17-4_5_rmf"/>
<view name="SA_17-4_6_rmf"/>
<view name="SA_17-4_7_rmf"/>
<view name="SA_17-4_8_rmf"/>
<view name="SA_17-4_9_rmf"/>
</collection>
<collection label="SA-17(5) - Developer Security and Privacy Architecture and Design | Conceptually Simple Design">
<view name="SA_17-5_1_rmf"/>
<view name="SA_17-5_2_rmf"/>
<view name="SA_17-5_3_rmf"/>
<view name="SA_17-5_4_rmf"/>
<view name="SA_17-5_5_rmf"/>
<view name="SA_17-5_6_rmf"/>
</collection>
<collection label="SA-17(6) - Developer Security and Privacy Architecture and Design | Structure for Testing">
<view name="SA_17-6_1_rmf"/>
<view name="SA_17-6_2_rmf"/>
<view name="SA_17-6_3_rmf"/>
</collection>
<collection label="SA-17(7) - Developer Security and Privacy Architecture and Design | Structure for Least Privilege">
<view name="SA_17-7_1_rmf"/>
<view name="SA_17-7_2_rmf"/>
<view name="SA_17-7_3_rmf"/>
</collection>
</collection>
<collection label="SA-17 - Developer Security and Privacy Architecture and Design">
<collection label="SA-17 - Developer Security and Privacy Architecture and Design">
<view name="SA_17_1_rmf"/>
<view name="SA_17_2_rmf"/>
<view name="SA_17_3_rmf"/>
<view name="SA_17_4_rmf"/>
<view name="SA_17_5_rmf"/>
<view name="SA_17-3_10_rmf"/>
<view name="SA_17-3_11_rmf"/>
<view name="SA_17-3_12_rmf"/>
<view name="SA_17-3_13_rmf"/>
<view name="SA_17-4_10_rmf"/>
<view name="SA_17-4_11_rmf"/>
<view name="SA_17-4_12_rmf"/>
<view name="SA_17-4_13_rmf"/>
</collection>
<collection label="SA-18(1) - Tamper Resistance and Detection | Multiple Phases of System Development Life Cycle">
<view name="SA_18-1_1_rmf"/>
<view name="SA_18-1_2_rmf"/>
<view name="SA_18-1_3_rmf"/>
<view name="SA_18-1_4_rmf"/>
<view name="SA_18-1_5_rmf"/>
</collection>
<collection label="SA-18(2) - Tamper Resistance and Detection | Inspection of Systems or Components">
<view name="SA_18-2_1_rmf"/>
<view name="SA_18-2_2_rmf"/>
<view name="SA_18-2_3_rmf"/>
<view name="SA_18-2_4_rmf"/>
</collection>
</collection>
<collection label="SA-18 - Tamper Resistance and Detection">
<collection label="SA-18 - Tamper Resistance and Detection">
<view name="SA_18_1_rmf"/>
</collection>
<collection label="SA-19(1) - Component Authenticity | Anti-counterfeit Training">
<view name="SA_19-1_1_rmf"/>
<view name="SA_19-1_2_rmf"/>
</collection>
<collection label="SA-19(2) - Component Authenticity | Configuration Control for Component Service and Repair">
<view name="SA_19-2_1_rmf"/>
<view name="SA_19-2_2_rmf"/>
<view name="SA_19-2_3_rmf"/>
</collection>
<collection label="SA-19(3) - Component Authenticity | Component Disposal">
<view name="SA_19-3_1_rmf"/>
<view name="SA_19-3_2_rmf"/>
</collection>
<collection label="SA-19(4) - Component Authenticity | Anti-counterfeit Scanning">
<view name="SA_19-4_1_rmf"/>
<view name="SA_19-4_2_rmf"/>
</collection>
</collection>
<collection label="SA-19 - Component Authenticity">
<collection label="SA-19 - Component Authenticity">
<view name="SA_19_1_rmf"/>
<view name="SA_19_2_rmf"/>
<view name="SA_19_3_rmf"/>
<view name="SA_19_4_rmf"/>
<view name="SA_19_5_rmf"/>
<view name="SA_19_6_rmf"/>
<view name="SA_19_7_rmf"/>
<view name="SA_19_8_rmf"/>
<view name="SA_19_9_rmf"/>
<view name="SA_19_10_rmf"/>
<view name="SA_19_11_rmf"/>
</collection>
</collection>
<collection label="SA-20 - Customized Development of Critical Components">
<collection label="SA-20 - Customized Development of Critical Components">
<view name="SA_20_1_rmf"/>
<view name="SA_20_2_rmf"/>
</collection>
<collection label="SA-21(1) - Developer Screening | Validation of Screening">
<view name="SA_21-1_1_rmf"/>
<view name="SA_21-1_2_rmf"/>
<view name="SA_21-1_3_rmf"/>
<view name="SA_21-1_4_rmf"/>
</collection>
</collection>
<collection label="SA-21 - Developer Screening">
<collection label="SA-21 - Developer Screening">
<view name="SA_21_1_rmf"/>
<view name="SA_21_2_rmf"/>
<view name="SA_21_3_rmf"/>
<view name="SA_21_4_rmf"/>
<view name="SA_21_5_rmf"/>
</collection>
<collection label="SA-22(1) - Unsupported System Components | Alternative Sources for Continued Support">
<view name="SA_22-1_1_rmf"/>
<view name="SA_22-1_2_rmf"/>
</collection>
</collection>
<collection label="SA-22 - Unsupported System Components">
<collection label="SA-22 - Unsupported System Components">
<view name="SA_22_1_rmf"/>
<view name="SA_22_2_rmf"/>
<view name="SA_22_3_rmf"/>
</collection>
</collection>
</collection>
<collection label="System and Communications Protection">
<collection label="SC-1 - Policy and Procedures">
<collection label="SC-1 - Policy and Procedures">
<view name="SC_1_1_rmf"/>
<view name="SC_1_2_rmf"/>
<view name="SC_1_3_rmf"/>
<view name="SC_1_4_rmf"/>
<view name="SC_1_5_rmf"/>
<view name="SC_1_6_rmf"/>
<view name="SC_1_7_rmf"/>
<view name="SC_1_8_rmf"/>
<view name="SC_1_9_rmf"/>
<view name="SC_1_10_rmf"/>
</collection>
</collection>
<collection label="SC-2 - Separation of System and User Functionality">
<collection label="SC-2 - Separation of System and User Functionality">
<view name="SC_2_1_rmf"/>
</collection>
<collection label="SC-2(1) - Separation of System and User Functionality | Interfaces for Non-privileged Users">
<view name="SC_2-1_1_rmf"/>
</collection>
</collection>
<collection label="SC-3 - Security Function Isolation">
<collection label="SC-3 - Security Function Isolation">
<view name="SC_3_1_rmf"/>
</collection>
<collection label="SC-3(1) - Security Function Isolation | Hardware Separation">
<view name="SC_3-1_1_rmf"/>
</collection>
<collection label="SC-3(2) - Security Function Isolation | Access and Flow Control Functions">
<view name="SC_3-2_1_rmf"/>
</collection>
<collection label="SC-3(3) - Security Function Isolation | Minimize Nonsecurity Functionality">
<view name="SC_3-3_1_rmf"/>
</collection>
<collection label="SC-3(4) - Security Function Isolation | Module Coupling and Cohesiveness">
<view name="SC_3-4_1_rmf"/>
</collection>
<collection label="SC-3(5) - Security Function Isolation | Layered Structures">
<view name="SC_3-5_1_rmf"/>
</collection>
</collection>
<collection label="SC-4 - Information in Shared System Resources">
<collection label="SC-4 - Information in Shared System Resources">
<view name="SC_4_1_rmf"/>
</collection>
<collection label="SC-4(2) - Information in Shared System Resources | Multilevel or Periods Processing">
<view name="SC_4-2_1_rmf"/>
<view name="SC_4-2_2_rmf"/>
</collection>
</collection>
<collection label="SC-5 - Denial-of-service Protection">
<collection label="SC-5 - Denial-of-service Protection">
<view name="SC_5_1_rmf"/>
<view name="SC_5_2_rmf"/>
<view name="SC_5_3_rmf"/>
</collection>
<collection label="SC-5(1) - Denial-of-service Protection | Restrict Ability to Attack Other Systems">
<view name="SC_5-1_1_rmf"/>
<view name="SC_5-1_2_rmf"/>
</collection>
<collection label="SC-5(2) - Denial-of-service Protection | Capacity, Bandwidth, and Redundancy">
<view name="SC_5-2_1_rmf"/>
</collection>
<collection label="SC-5(3) - Denial-of-service Protection | Detection and Monitoring">
<view name="SC_5-3_1_rmf"/>
<view name="SC_5-3_2_rmf"/>
<view name="SC_5-3_3_rmf"/>
<view name="SC_5-3_4_rmf"/>
</collection>
</collection>
<collection label="SC-6 - Resource Availability">
<collection label="SC-6 - Resource Availability">
<view name="SC_6_1_rmf"/>
<view name="SC_6_2_rmf"/>
<view name="SC_6_3_rmf"/>
</collection>
</collection>
<collection label="SC-7 - Boundary Protection">
<collection label="SC-7 - Boundary Protection">
<view name="SC_7_1_rmf"/>
<view name="SC_7_2_rmf"/>
<view name="SC_7_3_rmf"/>
</collection>
<collection label="SC-7(10) - Boundary Protection | Prevent Exfiltration">
<view name="SC_7-10_1_rmf"/>
</collection>
<collection label="SC-7(11) - Boundary Protection | Restrict Incoming Communications Traffic">
<view name="SC_7-11_1_rmf"/>
<view name="SC_7-11_2_rmf"/>
<view name="SC_7-11_3_rmf"/>
</collection>
<collection label="SC-7(12) - Boundary Protection | Host-based Protection">
<view name="SC_7-12_1_rmf"/>
<view name="SC_7-12_2_rmf"/>
<view name="SC_7-12_3_rmf"/>
</collection>
<collection label="SC-7(13) - Boundary Protection | Isolation of Security Tools, Mechanisms, and Support Components">
<view name="SC_7-13_1_rmf"/>
<view name="SC_7-13_2_rmf"/>
</collection>
<collection label="SC-7(14) - Boundary Protection | Protect Against Unauthorized Physical Connections">
<view name="SC_7-14_1_rmf"/>
<view name="SC_7-14_2_rmf"/>
<view name="SC_7-14_3_rmf"/>
</collection>
<collection label="SC-7(15) - Boundary Protection | Networked Privileged Accesses">
<view name="SC_7-15_1_rmf"/>
</collection>
<collection label="SC-7(16) - Boundary Protection | Prevent Discovery of System Components">
<view name="SC_7-16_1_rmf"/>
</collection>
<collection label="SC-7(17) - Boundary Protection | Automated Enforcement of Protocol Formats">
<view name="SC_7-17_1_rmf"/>
</collection>
<collection label="SC-7(18) - Boundary Protection | Fail Secure">
<view name="SC_7-18_1_rmf"/>
</collection>
<collection label="SC-7(19) - Boundary Protection | Block Communication from Non-organizationally Configured Hosts">
<view name="SC_7-19_1_rmf"/>
<view name="SC_7-19_2_rmf"/>
</collection>
<collection label="SC-7(20) - Boundary Protection | Dynamic Isolation and Segregation">
<view name="SC_7-20_1_rmf"/>
<view name="SC_7-20_2_rmf"/>
</collection>
<collection label="SC-7(21) - Boundary Protection | Isolation of System Components">
<view name="SC_7-21_1_rmf"/>
<view name="SC_7-21_2_rmf"/>
<view name="SC_7-21_3_rmf"/>
</collection>
<collection label="SC-7(22) - Boundary Protection | Separate Subnets for Connecting to Different Security Domains">
<view name="SC_7-22_1_rmf"/>
</collection>
<collection label="SC-7(23) - Boundary Protection | Disable Sender Feedback on Protocol Validation Failure">
<view name="SC_7-23_1_rmf"/>
</collection>
<collection label="SC-7(3) - Boundary Protection | Access Points">
<view name="SC_7-3_1_rmf"/>
</collection>
<collection label="SC-7(4) - Boundary Protection | External Telecommunications Services">
<view name="SC_7-4_1_rmf"/>
<view name="SC_7-4_2_rmf"/>
<view name="SC_7-4_3_rmf"/>
<view name="SC_7-4_4_rmf"/>
<view name="SC_7-4_5_rmf"/>
<view name="SC_7-4_6_rmf"/>
<view name="SC_7-4_7_rmf"/>
</collection>
<collection label="SC-7(5) - Boundary Protection | Deny by Default ? Allow by Exception">
<view name="SC_7-5_1_rmf"/>
</collection>
<collection label="SC-7(7) - Boundary Protection | Split Tunneling for Remote Devices">
<view name="SC_7-7_1_rmf"/>
</collection>
<collection label="SC-7(8) - Boundary Protection | Route Traffic to Authenticated Proxy Servers">
<view name="SC_7-8_1_rmf"/>
<view name="SC_7-8_2_rmf"/>
<view name="SC_7-8_3_rmf"/>
</collection>
<collection label="SC-7(9) - Boundary Protection | Restrict Threatening Outgoing Communications Traffic">
<view name="SC_7-9_1_rmf"/>
<view name="SC_7-9_2_rmf"/>
<view name="SC_7-9_3_rmf"/>
</collection>
</collection>
<collection label="SC-8 - Transmission Confidentiality and Integrity">
<collection label="SC-8 - Transmission Confidentiality and Integrity">
<view name="SC_8_1_rmf"/>
</collection>
<collection label="SC-8(1) - Transmission Confidentiality and Integrity | Cryptographic Protection">
<view name="SC_8-1_1_rmf"/>
<view name="SC_8-1_2_rmf"/>
</collection>
<collection label="SC-8(2) - Transmission Confidentiality and Integrity | Pre- and Post-transmission Handling">
<view name="SC_8-2_1_rmf"/>
<view name="SC_8-2_2_rmf"/>
</collection>
<collection label="SC-8(3) - Transmission Confidentiality and Integrity | Cryptographic Protection for Message Externals">
<view name="SC_8-3_1_rmf"/>
<view name="SC_8-3_2_rmf"/>
</collection>
<collection label="SC-8(4) - Transmission Confidentiality and Integrity | Conceal or Randomize Communications">
<view name="SC_8-4_1_rmf"/>
<view name="SC_8-4_2_rmf"/>
</collection>
</collection>
<collection label="SC-10 - Network Disconnect">
<collection label="SC-10 - Network Disconnect">
<view name="SC_10_1_rmf"/>
<view name="SC_10_2_rmf"/>
</collection>
<collection label="SC-11(1) - Trusted Path | Irrefutable Communications Path">
<view name="SC_11-1_1_rmf"/>
</collection>
</collection>
<collection label="SC-11 - Trusted Path">
<collection label="SC-11 - Trusted Path">
<view name="SC_11_1_rmf"/>
<view name="SC_11_2_rmf"/>
</collection>
<collection label="SC-12(1) - Cryptographic Key Establishment and Management | Availability">
<view name="SC_12-1_1_rmf"/>
</collection>
<collection label="SC-12(2) - Cryptographic Key Establishment and Management | Symmetric Keys">
<view name="SC_12-2_1_rmf"/>
<view name="SC_12-2_2_rmf"/>
<view name="SC_12-2_3_rmf"/>
</collection>
<collection label="SC-12(3) - Cryptographic Key Establishment and Management | Asymmetric Keys">
<view name="SC_12-3_1_rmf"/>
<view name="SC_12-3_2_rmf"/>
<view name="SC_12-3_3_rmf"/>
</collection>
</collection>
<collection label="SC-12 - Cryptographic Key Establishment and Management">
<collection label="SC-12 - Cryptographic Key Establishment and Management">
<view name="SC_12_1_rmf"/>
<view name="SC_12_2_rmf"/>
<view name="SC_12_3_rmf"/>
<view name="SC_12_4_rmf"/>
<view name="SC_12_5_rmf"/>
<view name="SC_12_6_rmf"/>
<view name="SC_12_7_rmf"/>
<view name="SC_12_8_rmf"/>
<view name="SC_12_9_rmf"/>
<view name="SC_12_10_rmf"/>
<view name="SC_12_11_rmf"/>
<view name="SC_12_12_rmf"/>
<view name="SC_12_13_rmf"/>
<view name="SC_12_14_rmf"/>
<view name="SC_12_15_rmf"/>
</collection>
</collection>
<collection label="SC-13 - Cryptographic Protection">
<collection label="SC-13 - Cryptographic Protection">
<view name="SC_13_1_rmf"/>
<view name="SC_13_2_rmf"/>
</collection>
<collection label="SC-15(1) - Collaborative Computing Devices and Applications | Physical or Logical Disconnect">
<view name="SC_15-1_1_rmf"/>
</collection>
<collection label="SC-15(3) - Collaborative Computing Devices and Applications | Disabling and Removal in Secure Work Areas">
<view name="SC_15-3_1_rmf"/>
<view name="SC_15-3_2_rmf"/>
<view name="SC_15-3_3_rmf"/>
</collection>
<collection label="SC-15(4) - Collaborative Computing Devices and Applications | Explicitly Indicate Current Participants">
<view name="SC_15-4_1_rmf"/>
<view name="SC_15-4_2_rmf"/>
</collection>
</collection>
<collection label="SC-15 - Collaborative Computing Devices and Applications">
<collection label="SC-15 - Collaborative Computing Devices and Applications">
<view name="SC_15_1_rmf"/>
<view name="SC_15_2_rmf"/>
<view name="SC_15_3_rmf"/>
</collection>
<collection label="SC-16(1) - Transmission of Security and Privacy Attributes | Integrity Verification">
<view name="SC_16-1_1_rmf"/>
</collection>
</collection>
<collection label="SC-16 - Transmission of Security and Privacy Attributes">
<collection label="SC-16 - Transmission of Security and Privacy Attributes">
<view name="SC_16_1_rmf"/>
<view name="SC_16_2_rmf"/>
<view name="SC_16_3_rmf"/>
</collection>
</collection>
<collection label="SC-17 - Public Key Infrastructure Certificates">
<collection label="SC-17 - Public Key Infrastructure Certificates">
<view name="SC_17_1_rmf"/>
<view name="SC_17_2_rmf"/>
</collection>
<collection label="SC-18(1) - Mobile Code | Identify Unacceptable Code and Take Corrective Actions">
<view name="SC_18-1_1_rmf"/>
<view name="SC_18-1_2_rmf"/>
<view name="SC_18-1_3_rmf"/>
<view name="SC_18-1_4_rmf"/>
</collection>
<collection label="SC-18(2) - Mobile Code | Acquisition, Development, and Use">
<view name="SC_18-2_1_rmf"/>
<view name="SC_18-2_2_rmf"/>
<view name="SC_18-2_3_rmf"/>
<view name="SC_18-2_4_rmf"/>
</collection>
<collection label="SC-18(3) - Mobile Code | Prevent Downloading and Execution">
<view name="SC_18-3_1_rmf"/>
<view name="SC_18-3_2_rmf"/>
<view name="SC_18-3_3_rmf"/>
</collection>
<collection label="SC-18(4) - Mobile Code | Prevent Automatic Execution">
<view name="SC_18-4_1_rmf"/>
<view name="SC_18-4_2_rmf"/>
<view name="SC_18-4_3_rmf"/>
<view name="SC_18-4_4_rmf"/>
</collection>
<collection label="SC-18(5) - Mobile Code | Allow Execution Only in Confined Environments">
<view name="SC_18-5_1_rmf"/>
</collection>
</collection>
<collection label="SC-18 - Mobile Code">
<collection label="SC-18 - Mobile Code">
<view name="SC_18_1_rmf"/>
<view name="SC_18_2_rmf"/>
<view name="SC_18_3_rmf"/>
<view name="SC_18_4_rmf"/>
<view name="SC_18_5_rmf"/>
<view name="SC_18_6_rmf"/>
</collection>
</collection>
<collection label="SC-19 - Voice Over Internet Protocol">
<collection label="SC-19 - Voice Over Internet Protocol">
<view name="SC_19_1_rmf"/>
<view name="SC_19_2_rmf"/>
<view name="SC_19_3_rmf"/>
<view name="SC_19_4_rmf"/>
<view name="SC_19_5_rmf"/>
</collection>
<collection label="SC-20(2) - Secure Name/Address Resolution Service (Authoritative Source) | Data Origin and Integrity">
<view name="SC_20-2_1_rmf"/>
<view name="SC_20-2_2_rmf"/>
</collection>
</collection>
<collection label="SC-20 - Secure Name/Address Resolution Service (Authoritative Source)">
<collection label="SC-20 - Secure Name/Address Resolution Service (Authoritative Source)">
<view name="SC_20_1_rmf"/>
<view name="SC_20_2_rmf"/>
<view name="SC_20_3_rmf"/>
<view name="SC_20_4_rmf"/>
</collection>
</collection>
<collection label="SC-21 - Secure Name/Address Resolution Service (Recursive or Caching Resolver)">
<collection label="SC-21 - Secure Name/Address Resolution Service (Recursive or Caching Resolver)">
<view name="SC_21_1_rmf"/>
<view name="SC_21_2_rmf"/>
<view name="SC_21_3_rmf"/>
<view name="SC_21_4_rmf"/>
</collection>
</collection>
<collection label="SC-22 - Architecture and Provisioning for Name/Address Resolution Service">
<collection label="SC-22 - Architecture and Provisioning for Name/Address Resolution Service">
<view name="SC_22_1_rmf"/>
<view name="SC_22_2_rmf"/>
</collection>
<collection label="SC-23(1) - Session Authenticity | Invalidate Session Identifiers at Logout">
<view name="SC_23-1_1_rmf"/>
</collection>
<collection label="SC-23(3) - Session Authenticity | Unique System-generated Session Identifiers">
<view name="SC_23-3_1_rmf"/>
<view name="SC_23-3_2_rmf"/>
<view name="SC_23-3_3_rmf"/>
</collection>
<collection label="SC-23(5) - Session Authenticity | Allowed Certificate Authorities">
<view name="SC_23-5_1_rmf"/>
<view name="SC_23-5_2_rmf"/>
</collection>
</collection>
<collection label="SC-23 - Session Authenticity">
<collection label="SC-23 - Session Authenticity">
<view name="SC_23_1_rmf"/>
</collection>
</collection>
<collection label="SC-24 - Fail in Known State">
<collection label="SC-24 - Fail in Known State">
<view name="SC_24_1_rmf"/>
<view name="SC_24_2_rmf"/>
<view name="SC_24_3_rmf"/>
<view name="SC_24_4_rmf"/>
<view name="SC_24_5_rmf"/>
</collection>
</collection>
<collection label="SC-25 - Thin Nodes">
<collection label="SC-25 - Thin Nodes">
<view name="SC_25_1_rmf"/>
<view name="SC_25_2_rmf"/>
</collection>
</collection>
<collection label="SC-26 - Decoys">
<collection label="SC-26 - Decoys">
<view name="SC_26_1_rmf"/>
</collection>
</collection>
<collection label="SC-27 - Platform-independent Applications">
<collection label="SC-27 - Platform-independent Applications">
<view name="SC_27_1_rmf"/>
<view name="SC_27_2_rmf"/>
</collection>
<collection label="SC-28(1) - Protection of Information at Rest | Cryptographic Protection">
<view name="SC_28-1_1_rmf"/>
<view name="SC_28-1_2_rmf"/>
<view name="SC_28-1_3_rmf"/>
<view name="SC_28-1_4_rmf"/>
</collection>
<collection label="SC-28(2) - Protection of Information at Rest | Offline Storage">
<view name="SC_28-2_1_rmf"/>
<view name="SC_28-2_2_rmf"/>
<view name="SC_28-2_3_rmf"/>
</collection>
</collection>
<collection label="SC-28 - Protection of Information at Rest">
<collection label="SC-28 - Protection of Information at Rest">
<view name="SC_28_1_rmf"/>
<view name="SC_28_2_rmf"/>
</collection>
<collection label="SC-29(1) - Heterogeneity | Virtualization Techniques">
<view name="SC_29-1_1_rmf"/>
<view name="SC_29-1_2_rmf"/>
<view name="SC_29-1_3_rmf"/>
</collection>
</collection>
<collection label="SC-29 - Heterogeneity">
<collection label="SC-29 - Heterogeneity">
<view name="SC_29_1_rmf"/>
<view name="SC_29_2_rmf"/>
</collection>
<collection label="SC-30(2) - Concealment and Misdirection | Randomness">
<view name="SC_30-2_1_rmf"/>
<view name="SC_30-2_2_rmf"/>
<view name="SC_30-2_3_rmf"/>
</collection>
<collection label="SC-30(3) - Concealment and Misdirection | Change Processing and Storage Locations">
<view name="SC_30-3_1_rmf"/>
<view name="SC_30-3_2_rmf"/>
<view name="SC_30-3_3_rmf"/>
</collection>
<collection label="SC-30(4) - Concealment and Misdirection | Misleading Information">
<view name="SC_30-4_1_rmf"/>
<view name="SC_30-4_2_rmf"/>
</collection>
<collection label="SC-30(5) - Concealment and Misdirection | Concealment of System Components">
<view name="SC_30-5_1_rmf"/>
<view name="SC_30-5_2_rmf"/>
<view name="SC_30-5_3_rmf"/>
</collection>
</collection>
<collection label="SC-30 - Concealment and Misdirection">
<collection label="SC-30 - Concealment and Misdirection">
<view name="SC_30_1_rmf"/>
<view name="SC_30_2_rmf"/>
<view name="SC_30_3_rmf"/>
<view name="SC_30_4_rmf"/>
</collection>
<collection label="SC-31(1) - Covert Channel Analysis | Test Covert Channels for Exploitability">
<view name="SC_31-1_1_rmf"/>
</collection>
<collection label="SC-31(2) - Covert Channel Analysis | Maximum Bandwidth">
<view name="SC_31-2_1_rmf"/>
<view name="SC_31-2_2_rmf"/>
</collection>
<collection label="SC-31(3) - Covert Channel Analysis | Measure Bandwidth in Operational Environments">
<view name="SC_31-3_1_rmf"/>
<view name="SC_31-3_2_rmf"/>
</collection>
</collection>
<collection label="SC-31 - Covert Channel Analysis">
<collection label="SC-31 - Covert Channel Analysis">
<view name="SC_31_1_rmf"/>
<view name="SC_31_2_rmf"/>
</collection>
</collection>
<collection label="SC-32 - System Partitioning">
<collection label="SC-32 - System Partitioning">
<view name="SC_32_1_rmf"/>
<view name="SC_32_2_rmf"/>
<view name="SC_32_3_rmf"/>
</collection>
<collection label="SC-34(1) - Non-modifiable Executable Programs | No Writable Storage">
<view name="SC_34-1_1_rmf"/>
<view name="SC_34-1_2_rmf"/>
</collection>
<collection label="SC-34(2) - Non-modifiable Executable Programs | Integrity Protection on Read-only Media">
<view name="SC_34-2_1_rmf"/>
<view name="SC_34-2_2_rmf"/>
</collection>
<collection label="SC-34(3) - Non-modifiable Executable Programs | Hardware-based Protection">
<view name="SC_34-3_1_rmf"/>
<view name="SC_34-3_2_rmf"/>
<view name="SC_34-3_3_rmf"/>
<view name="SC_34-3_4_rmf"/>
<view name="SC_34-3_5_rmf"/>
</collection>
</collection>
<collection label="SC-34 - Non-modifiable Executable Programs">
<collection label="SC-34 - Non-modifiable Executable Programs">
<view name="SC_34_1_rmf"/>
<view name="SC_34_2_rmf"/>
<view name="SC_34_3_rmf"/>
<view name="SC_34_4_rmf"/>
</collection>
</collection>
<collection label="SC-35 - External Malicious Code Identification">
<collection label="SC-35 - External Malicious Code Identification">
<view name="SC_35_1_rmf"/>
</collection>
<collection label="SC-36(1) - Distributed Processing and Storage | Polling Techniques">
<view name="SC_36-1_1_rmf"/>
<view name="SC_36-1_2_rmf"/>
<view name="SC_36-1_3_rmf"/>
<view name="SC_36-1_4_rmf"/>
</collection>
</collection>
<collection label="SC-36 - Distributed Processing and Storage">
<collection label="SC-36 - Distributed Processing and Storage">
<view name="SC_36_1_rmf"/>
<view name="SC_36_2_rmf"/>
<view name="SC_36_3_rmf"/>
<view name="SC_36_4_rmf"/>
</collection>
<collection label="SC-37(1) - Out-of-band Channels | Ensure Delivery and Transmission">
<view name="SC_37-1_1_rmf"/>
<view name="SC_37-1_2_rmf"/>
<view name="SC_37-1_3_rmf"/>
<view name="SC_37-1_4_rmf"/>
</collection>
</collection>
<collection label="SC-37 - Out-of-band Channels">
<collection label="SC-37 - Out-of-band Channels">
<view name="SC_37_1_rmf"/>
<view name="SC_37_2_rmf"/>
<view name="SC_37_4_rmf"/>
</collection>
</collection>
<collection label="SC-38 - Operations Security">
<collection label="SC-38 - Operations Security">
<view name="SC_38_1_rmf"/>
<view name="SC_38_2_rmf"/>
</collection>
<collection label="SC-39(1) - Process Isolation | Hardware Separation">
<view name="SC_39-1_1_rmf"/>
</collection>
<collection label="SC-39(2) - Process Isolation | Separate Execution Domain Per Thread">
<view name="SC_39-2_1_rmf"/>
<view name="SC_39-2_2_rmf"/>
</collection>
</collection>
<collection label="SC-39 - Process Isolation">
<collection label="SC-39 - Process Isolation">
<view name="SC_39_1_rmf"/>
</collection>
<collection label="SC-40(1) - Wireless Link Protection | Electromagnetic Interference">
<view name="SC_40-1_1_rmf"/>
<view name="SC_40-1_2_rmf"/>
</collection>
<collection label="SC-40(2) - Wireless Link Protection | Reduce Detection Potential">
<view name="SC_40-2_1_rmf"/>
<view name="SC_40-2_2_rmf"/>
</collection>
<collection label="SC-40(3) - Wireless Link Protection | Imitative or Manipulative Communications Deception">
<view name="SC_40-3_1_rmf"/>
</collection>
<collection label="SC-40(4) - Wireless Link Protection | Signal Parameter Identification">
<view name="SC_40-4_1_rmf"/>
<view name="SC_40-4_2_rmf"/>
</collection>
</collection>
<collection label="SC-40 - Wireless Link Protection">
<collection label="SC-40 - Wireless Link Protection">
<view name="SC_40_1_rmf"/>
<view name="SC_40_2_rmf"/>
<view name="SC_40_3_rmf"/>
</collection>
</collection>
<collection label="SC-41 - Port and I/O Device Access">
<collection label="SC-41 - Port and I/O Device Access">
<view name="SC_41_1_rmf"/>
<view name="SC_41_2_rmf"/>
<view name="SC_41_3_rmf"/>
</collection>
<collection label="SC-42(1) - Sensor Capability and Data | Reporting to Authorized Individuals or Roles">
<view name="SC_42-1_1_rmf"/>
<view name="SC_42-1_2_rmf"/>
</collection>
<collection label="SC-42(2) - Sensor Capability and Data | Authorized Use">
<view name="SC_42-2_1_rmf"/>
<view name="SC_42-2_2_rmf"/>
<view name="SC_42-2_3_rmf"/>
</collection>
<collection label="SC-42(3) - Sensor Capability and Data | Prohibit Use of Devices">
<view name="SC_42-3_1_rmf"/>
<view name="SC_42-3_2_rmf"/>
<view name="SC_42-3_3_rmf"/>
</collection>
</collection>
<collection label="SC-42 - Sensor Capability and Data">
<collection label="SC-42 - Sensor Capability and Data">
<view name="SC_42_1_rmf"/>
<view name="SC_42_2_rmf"/>
<view name="SC_42_3_rmf"/>
<view name="SC_42_4_rmf"/>
</collection>
</collection>
<collection label="SC-43 - Usage Restrictions">
<collection label="SC-43 - Usage Restrictions">
<view name="SC_43_1_rmf"/>
<view name="SC_43_2_rmf"/>
<view name="SC_43_3_rmf"/>
<view name="SC_43_4_rmf"/>
<view name="SC_43_5_rmf"/>
</collection>
</collection>
<collection label="SC-44 - Detonation Chambers">
<collection label="SC-44 - Detonation Chambers">
<view name="SC_44_1_rmf"/>
<view name="SC_44_2_rmf"/>
</collection>
</collection>
</collection>
<collection label="System and Informational Integrity">
<collection label="SI-1 - Policy and Procedures">
<collection label="SI-1 - Policy and Procedures">
<view name="SI_1_1_rmf"/>
<view name="SI_1_2_rmf"/>
<view name="SI_1_3_rmf"/>
<view name="SI_1_4_rmf"/>
<view name="SI_1_5_rmf"/>
<view name="SI_1_6_rmf"/>
<view name="SI_1_7_rmf"/>
<view name="SI_1_8_rmf"/>
<view name="SI_1_9_rmf"/>
</collection>
</collection>
<collection label="SI-2 - Flaw Remediation">
<collection label="SI-2 - Flaw Remediation">
<view name="SI_2_1_rmf"/>
<view name="SI_2_2_rmf"/>
<view name="SI_2_3_rmf"/>
<view name="SI_2_4_rmf"/>
<view name="SI_2_5_rmf"/>
<view name="SI_2_6_rmf"/>
<view name="SI_2_7_rmf"/>
<view name="SI_2_8_rmf"/>
<view name="SI_2_9_rmf"/>
<view name="SI_2_10_rmf"/>
<view name="SI_2_11_rmf"/>
<view name="SI_2_12_rmf"/>
</collection>
<collection label="SI-2(1) - Flaw Remediation | Central Management">
<view name="SI_2-1_1_rmf"/>
</collection>
<collection label="SI-2(2) - Flaw Remediation | Automated Flaw Remediation Status">
<view name="SI_2-2_1_rmf"/>
<view name="SI_2-2_2_rmf"/>
</collection>
<collection label="SI-2(3) - Flaw Remediation | Time to Remediate Flaws and Benchmarks for Corrective Actions">
<view name="SI_2-3_1_rmf"/>
<view name="SI_2-3_2_rmf"/>
<view name="SI_2-3_3_rmf"/>
</collection>
<collection label="SI-2(5) - Flaw Remediation | Automatic Software and Firmware Updates">
<view name="SI_2-5_1_rmf"/>
<view name="SI_2-5_2_rmf"/>
<view name="SI_2-5_3_rmf"/>
<view name="SI_2-5_4_rmf"/>
<view name="SI_2-5_5_rmf"/>
<view name="SI_2-5_6_rmf"/>
</collection>
<collection label="SI-2(6) - Flaw Remediation | Removal of Previous Versions of Software and Firmware">
<view name="SI_2-6_1_rmf"/>
<view name="SI_2-6_2_rmf"/>
<view name="SI_2-6_3_rmf"/>
<view name="SI_2-6_4_rmf"/>
</collection>
</collection>
<collection label="SI-3 - Malicious Code Protection">
<collection label="SI-3 - Malicious Code Protection">
<view name="SI_3_1_rmf"/>
<view name="SI_3_2_rmf"/>
<view name="SI_3_3_rmf"/>
<view name="SI_3_4_rmf"/>
<view name="SI_3_5_rmf"/>
<view name="SI_3_6_rmf"/>
<view name="SI_3_7_rmf"/>
<view name="SI_3_8_rmf"/>
<view name="SI_3_9_rmf"/>
<view name="SI_3_10_rmf"/>
<view name="SI_3_11_rmf"/>
<view name="SI_3_12_rmf"/>
</collection>
<collection label="SI-3(1) - Malicious Code Protection | Central Management">
<view name="SI_3-1_1_rmf"/>
</collection>
<collection label="SI-3(10) - Malicious Code Protection | Malicious Code Analysis">
<view name="SI_3-10_1_rmf"/>
<view name="SI_3-10_2_rmf"/>
<view name="SI_3-10_3_rmf"/>
<view name="SI_3-10_4_rmf"/>
<view name="SI_3-10_5_rmf"/>
<view name="SI_3-10_6_rmf"/>
</collection>
<collection label="SI-3(2) - Malicious Code Protection | Automatic Updates">
<view name="SI_3-2_1_rmf"/>
</collection>
<collection label="SI-3(4) - Malicious Code Protection | Updates Only by Privileged Users">
<view name="SI_3-4_1_rmf"/>
</collection>
<collection label="SI-3(6) - Malicious Code Protection | Testing and Verification">
<view name="SI_3-6_1_rmf"/>
<view name="SI_3-6_2_rmf"/>
<view name="SI_3-6_3_rmf"/>
<view name="SI_3-6_4_rmf"/>
</collection>
<collection label="SI-3(7) - Malicious Code Protection | Nonsignature-based Detection">
<view name="SI_3-7_1_rmf"/>
</collection>
<collection label="SI-3(8) - Malicious Code Protection | Detect Unauthorized Commands">
<view name="SI_3-8_1_rmf"/>
<view name="SI_3-8_2_rmf"/>
<view name="SI_3-8_3_rmf"/>
<view name="SI_3-8_4_rmf"/>
</collection>
<collection label="SI-3(9) - Malicious Code Protection | Authenticate Remote Commands">
<view name="SI_3-9_1_rmf"/>
<view name="SI_3-9_2_rmf"/>
<view name="SI_3-9_3_rmf"/>
</collection>
</collection>
<collection label="SI-4 - System Monitoring">
<collection label="SI-4 - System Monitoring">
<view name="SI_4_1_rmf"/>
<view name="SI_4_2_rmf"/>
<view name="SI_4_3_rmf"/>
<view name="SI_4_4_rmf"/>
<view name="SI_4_5_rmf"/>
<view name="SI_4_6_rmf"/>
<view name="SI_4_7_rmf"/>
<view name="SI_4_8_rmf"/>
<view name="SI_4_9_rmf"/>
<view name="SI_4_10_rmf"/>
<view name="SI_4_11_rmf"/>
<view name="SI_4_12_rmf"/>
<view name="SI_4_13_rmf"/>
<view name="SI_4_14_rmf"/>
<view name="SI_4_15_rmf"/>
<view name="SI_4_16_rmf"/>
<view name="SI_4_17_rmf"/>
<view name="SI_4_18_rmf"/>
</collection>
<collection label="SI-4(1) - System Monitoring | System-wide Intrusion Detection System">
<view name="SI_4-1_1_rmf"/>
<view name="SI_4-1_2_rmf"/>
</collection>
<collection label="SI-4(10) - System Monitoring | Visibility of Encrypted Communications">
<view name="SI_4-10_1_rmf"/>
<view name="SI_4-10_2_rmf"/>
<view name="SI_4-10_3_rmf"/>
</collection>
<collection label="SI-4(11) - System Monitoring | Analyze Communications Traffic Anomalies">
<view name="SI_4-11_1_rmf"/>
<view name="SI_4-11_2_rmf"/>
<view name="SI_4-11_3_rmf"/>
</collection>
<collection label="SI-4(12) - System Monitoring | Automated Organization-generated Alerts">
<view name="SI_4-12_1_rmf"/>
<view name="SI_4-12_2_rmf"/>
</collection>
<collection label="SI-4(13) - System Monitoring | Analyze Traffic and Event Patterns">
<view name="SI_4-13_1_rmf"/>
<view name="SI_4-13_2_rmf"/>
<view name="SI_4-13_3_rmf"/>
</collection>
<collection label="SI-4(14) - System Monitoring | Wireless Intrusion Detection">
<view name="SI_4-14_1_rmf"/>
</collection>
<collection label="SI-4(15) - System Monitoring | Wireless to Wireline Communications">
<view name="SI_4-15_1_rmf"/>
</collection>
<collection label="SI-4(16) - System Monitoring | Correlate Monitoring Information">
<view name="SI_4-16_1_rmf"/>
</collection>
<collection label="SI-4(17) - System Monitoring | Integrated Situational Awareness">
<view name="SI_4-17_1_rmf"/>
</collection>
<collection label="SI-4(18) - System Monitoring | Analyze Traffic and Covert Exfiltration">
<view name="SI_4-18_1_rmf"/>
<view name="SI_4-18_2_rmf"/>
<view name="SI_4-18_3_rmf"/>
</collection>
<collection label="SI-4(19) - System Monitoring | Risk for Individuals">
<view name="SI_4-19_1_rmf"/>
<view name="SI_4-19_2_rmf"/>
<view name="SI_4-19_3_rmf"/>
</collection>
<collection label="SI-4(2) - System Monitoring | Automated Tools and Mechanisms for Real-time Analysis">
<view name="SI_4-2_1_rmf"/>
</collection>
<collection label="SI-4(20) - System Monitoring | Privileged Users">
<view name="SI_4-20_1_rmf"/>
<view name="SI_4-20_2_rmf"/>
</collection>
<collection label="SI-4(21) - System Monitoring | Probationary Periods">
<view name="SI_4-21_1_rmf"/>
<view name="SI_4-21_2_rmf"/>
<view name="SI_4-21_3_rmf"/>
</collection>
<collection label="SI-4(22) - System Monitoring | Unauthorized Network Services">
<view name="SI_4-22_1_rmf"/>
<view name="SI_4-22_2_rmf"/>
<view name="SI_4-22_3_rmf"/>
<view name="SI_4-22_4_rmf"/>
</collection>
<collection label="SI-4(23) - System Monitoring | Host-based Devices">
<view name="SI_4-23_1_rmf"/>
<view name="SI_4-23_2_rmf"/>
<view name="SI_4-23_3_rmf"/>
</collection>
<collection label="SI-4(24) - System Monitoring | Indicators of Compromise">
<view name="SI_4-24_1_rmf"/>
<view name="SI_4-24_2_rmf"/>
<view name="SI_4-24_3_rmf"/>
<view name="SI_4-24_4_rmf"/>
</collection>
<collection label="SI-4(3) - System Monitoring | Automated Tool and Mechanism Integration">
<view name="SI_4-3_1_rmf"/>
<view name="SI_4-3_2_rmf"/>
</collection>
<collection label="SI-4(4) - System Monitoring | Inbound and Outbound Communications Traffic">
<view name="SI_4-4_1_rmf"/>
<view name="SI_4-4_2_rmf"/>
<view name="SI_4-4_3_rmf"/>
<view name="SI_4-4_4_rmf"/>
</collection>
<collection label="SI-4(5) - System Monitoring | System-generated Alerts">
<view name="SI_4-5_1_rmf"/>
<view name="SI_4-5_2_rmf"/>
<view name="SI_4-5_3_rmf"/>
</collection>
<collection label="SI-4(7) - System Monitoring | Automated Response to Suspicious Events">
<view name="SI_4-7_1_rmf"/>
<view name="SI_4-7_2_rmf"/>
<view name="SI_4-7_3_rmf"/>
<view name="SI_4-7_4_rmf"/>
</collection>
<collection label="SI-4(9) - System Monitoring | Testing of Monitoring Tools and Mechanisms">
<view name="SI_4-9_1_rmf"/>
<view name="SI_4-9_2_rmf"/>
</collection>
</collection>
<collection label="SI-5 - Security Alerts, Advisories, and Directives">
<collection label="SI-5 - Security Alerts, Advisories, and Directives">
<view name="SI_5_1_rmf"/>
<view name="SI_5_2_rmf"/>
<view name="SI_5_3_rmf"/>
<view name="SI_5_4_rmf"/>
<view name="SI_5_5_rmf"/>
<view name="SI_5_6_rmf"/>
<view name="SI_5_7_rmf"/>
<view name="SI_5_8_rmf"/>
</collection>
<collection label="SI-5(1) - Security Alerts, Advisories, and Directives | Automated Alerts and Advisories">
<view name="SI_5-1_1_rmf"/>
</collection>
</collection>
<collection label="SI-6 - Security and Privacy Function Verification">
<collection label="SI-6 - Security and Privacy Function Verification">
<view name="SI_6_1_rmf"/>
<view name="SI_6_2_rmf"/>
<view name="SI_6_3_rmf"/>
<view name="SI_6_4_rmf"/>
<view name="SI_6_5_rmf"/>
<view name="SI_6_6_rmf"/>
<view name="SI_6_7_rmf"/>
<view name="SI_6_8_rmf"/>
<view name="SI_6_9_rmf"/>
</collection>
<collection label="SI-6(2) - Security and Privacy Function Verification | Automation Support for Distributed Testing">
<view name="SI_6-2_1_rmf"/>
</collection>
<collection label="SI-6(3) - Security and Privacy Function Verification | Report Verification Results">
<view name="SI_6-3_1_rmf"/>
<view name="SI_6-3_2_rmf"/>
</collection>
</collection>
<collection label="SI-7 - Software, Firmware, and Information Integrity">
<collection label="SI-7 - Software, Firmware, and Information Integrity">
<view name="SI_7_1_rmf"/>
<view name="SI_7_2_rmf"/>
</collection>
<collection label="SI-7(1) - Software, Firmware, and Information Integrity | Integrity Checks">
<view name="SI_7-1_1_rmf"/>
<view name="SI_7-1_2_rmf"/>
<view name="SI_7-1_3_rmf"/>
<view name="SI_7-1_4_rmf"/>
<view name="SI_7-1_5_rmf"/>
<view name="SI_7-1_6_rmf"/>
<view name="SI_7-1_7_rmf"/>
<view name="SI_7-1_8_rmf"/>
</collection>
<collection label="SI-7(10) - Software, Firmware, and Information Integrity | Protection of Boot Firmware">
<view name="SI_7-10_1_rmf"/>
<view name="SI_7-10_2_rmf"/>
<view name="SI_7-10_3_rmf"/>
</collection>
<collection label="SI-7(11) - Software, Firmware, and Information Integrity | Confined Environments with Limited Privileges">
<view name="SI_7-11_1_rmf"/>
<view name="SI_7-11_2_rmf"/>
</collection>
<collection label="SI-7(12) - Software, Firmware, and Information Integrity | Integrity Verification">
<view name="SI_7-12_1_rmf"/>
<view name="SI_7-12_2_rmf"/>
</collection>
<collection label="SI-7(13) - Software, Firmware, and Information Integrity | Code Execution in Protected Environments">
<view name="SI_7-13_1_rmf"/>
<view name="SI_7-13_2_rmf"/>
<view name="SI_7-13_3_rmf"/>
</collection>
<collection label="SI-7(14) - Software, Firmware, and Information Integrity | Binary or Machine Executable Code">
<view name="SI_7-14_1_rmf"/>
<view name="SI_7-14_2_rmf"/>
</collection>
<collection label="SI-7(15) - Software, Firmware, and Information Integrity | Code Authentication">
<view name="SI_7-15_1_rmf"/>
<view name="SI_7-15_2_rmf"/>
</collection>
<collection label="SI-7(16) - Software, Firmware, and Information Integrity | Time Limit on Process Execution Without Supervision">
<view name="SI_7-16_1_rmf"/>
<view name="SI_7-16_2_rmf"/>
</collection>
<collection label="SI-7(2) - Software, Firmware, and Information Integrity | Automated Notifications of Integrity Violations">
<view name="SI_7-2_1_rmf"/>
<view name="SI_7-2_2_rmf"/>
</collection>
<collection label="SI-7(3) - Software, Firmware, and Information Integrity | Centrally Managed Integrity Tools">
<view name="SI_7-3_1_rmf"/>
</collection>
<collection label="SI-7(5) - Software, Firmware, and Information Integrity | Automated Response to Integrity Violations">
<view name="SI_7-5_1_rmf"/>
<view name="SI_7-5_2_rmf"/>
</collection>
<collection label="SI-7(6) - Software, Firmware, and Information Integrity | Cryptographic Protection">
<view name="SI_7-6_1_rmf"/>
<view name="SI_7-6_2_rmf"/>
<view name="SI_7-6_3_rmf"/>
</collection>
<collection label="SI-7(7) - Software, Firmware, and Information Integrity | Integration of Detection and Response">
<view name="SI_7-7_1_rmf"/>
<view name="SI_7-7_2_rmf"/>
</collection>
<collection label="SI-7(8) - Software, Firmware, and Information Integrity | Auditing Capability for Significant Events">
<view name="SI_7-8_1_rmf"/>
<view name="SI_7-8_2_rmf"/>
<view name="SI_7-8_3_rmf"/>
<view name="SI_7-8_4_rmf"/>
</collection>
<collection label="SI-7(9) - Software, Firmware, and Information Integrity | Verify Boot Process">
<view name="SI_7-9_1_rmf"/>
<view name="SI_7-9_2_rmf"/>
</collection>
</collection>
<collection label="SI-8 - Spam Protection">
<collection label="SI-8 - Spam Protection">
<view name="SI_8_1_rmf"/>
<view name="SI_8_2_rmf"/>
<view name="SI_8_3_rmf"/>
</collection>
<collection label="SI-8(1) - Spam Protection | Central Management">
<view name="SI_8-1_1_rmf"/>
</collection>
<collection label="SI-8(2) - Spam Protection | Automatic Updates">
<view name="SI_8-2_1_rmf"/>
</collection>
<collection label="SI-8(3) - Spam Protection | Continuous Learning Capability">
<view name="SI_8-3_1_rmf"/>
</collection>
<collection label="SI-10(1) - Information Input Validation | Manual Override Capability">
<view name="SI_10-1_1_rmf"/>
<view name="SI_10-1_2_rmf"/>
<view name="SI_10-1_3_rmf"/>
<view name="SI_10-1_4_rmf"/>
<view name="SI_10-1_5_rmf"/>
</collection>
<collection label="SI-10(2) - Information Input Validation | Review and Resolve Errors">
<view name="SI_10-2_1_rmf"/>
<view name="SI_10-2_2_rmf"/>
<view name="SI_10-2_3_rmf"/>
<view name="SI_10-2_4_rmf"/>
</collection>
<collection label="SI-10(3) - Information Input Validation | Predictable Behavior">
<view name="SI_10-3_1_rmf"/>
</collection>
<collection label="SI-10(4) - Information Input Validation | Timing Interactions">
<view name="SI_10-4_1_rmf"/>
</collection>
<collection label="SI-10(5) - Information Input Validation | Restrict Inputs to Trusted Sources and Approved Formats">
<view name="SI_10-5_1_rmf"/>
<view name="SI_10-5_2_rmf"/>
<view name="SI_10-5_3_rmf"/>
</collection>
</collection>
<collection label="SI-10 - Information Input Validation">
<collection label="SI-10 - Information Input Validation">
<view name="SI_10_1_rmf"/>
<view name="SI_10_2_rmf"/>
</collection>
</collection>
<collection label="SI-11 - Error Handling">
<collection label="SI-11 - Error Handling">
<view name="SI_11_1_rmf"/>
<view name="SI_11_2_rmf"/>
<view name="SI_11_3_rmf"/>
</collection>
</collection>
<collection label="SI-12 - Information Management and Retention">
<collection label="SI-12 - Information Management and Retention">
<view name="SI_12_1_rmf"/>
<view name="SI_12_2_rmf"/>
</collection>
<collection label="SI-13(1) - Predictable Failure Prevention | Transferring Component Responsibilities">
<view name="SI_13-1_1_rmf"/>
<view name="SI_13-1_2_rmf"/>
</collection>
<collection label="SI-13(3) - Predictable Failure Prevention | Manual Transfer Between Components">
<view name="SI_13-3_2_rmf"/>
<view name="SI_13-3_3_rmf"/>
</collection>
<collection label="SI-13(4) - Predictable Failure Prevention | Standby Component Installation and Notification">
<view name="SI_13-4_1_rmf"/>
<view name="SI_13-4_2_rmf"/>
<view name="SI_13-4_3_rmf"/>
<view name="SI_13-4_4_rmf"/>
</collection>
<collection label="SI-13(5) - Predictable Failure Prevention | Failover Capability">
<view name="SI_13-5_1_rmf"/>
<view name="SI_13-5_2_rmf"/>
</collection>
</collection>
<collection label="SI-13 - Predictable Failure Prevention">
<collection label="SI-13 - Predictable Failure Prevention">
<view name="SI_13_1_rmf"/>
<view name="SI_13_2_rmf"/>
<view name="SI_13_3_rmf"/>
<view name="SI_13_4_rmf"/>
<view name="SI_13_5_rmf"/>
</collection>
<collection label="SI-14(1) - Non-persistence | Refresh from Trusted Sources">
<view name="SI_14-1_1_rmf"/>
<view name="SI_14-1_2_rmf"/>
</collection>
</collection>
<collection label="SI-14 - Non-persistence">
<collection label="SI-14 - Non-persistence">
<view name="SI_14_1_rmf"/>
<view name="SI_14_2_rmf"/>
<view name="SI_14_3_rmf"/>
<view name="SI_14_4_rmf"/>
</collection>
</collection>
<collection label="SI-15 - Information Output Filtering">
<collection label="SI-15 - Information Output Filtering">
<view name="SI_15_1_rmf"/>
<view name="SI_15_2_rmf"/>
</collection>
</collection>
<collection label="SI-16 - Memory Protection">
<collection label="SI-16 - Memory Protection">
<view name="SI_16_1_rmf"/>
<view name="SI_16_2_rmf"/>
</collection>
</collection>
<collection label="SI-17 - Fail-safe Procedures">
<collection label="SI-17 - Fail-safe Procedures">
<view name="SI_17_1_rmf"/>
<view name="SI_17_2_rmf"/>
<view name="SI_17_3_rmf"/>
</collection>
</collection>
</collection>
</collection>
<view name="executive_overview" default="true"/>
<view name="practice_setup"/>
<view name="custom_content"/>
<view name="system_overview"/>
<collection label="Other Menus">
<view name="compliance_essentials_health"/>
<view name="audit_workflow"/>
<view name="access_overview"/>
<view name="dashboards"/>
<view name="search"/>
<view name="reports" />
</collection>
<a href="https://splunk.github.io/Compliance_Essentials/" target="_blank">Docs</a>
</nav>

Ended: Troubleshooting

Release Notes

Compliance Essentials 2.1.1

April 17, 2024

• Bug Fixes
• User permission not saving after creating a system in System Overview
• Mismatched ID's in OMB lookup causing incorrect data requirements to appear on some dashboards
• OMB data requirement entry being displayed throughout multiple dashboards
• User and role names consisting of only numbers were not properly supported under the permissions configuration for a system

Compliance Essentials 2.1.0

November 10, 2023

• Added four new frameworks:
• Australian Information Security Manual (ISM)
  • 800+ ISM Control dashboards
  • ISM Assessment Overview
• Essential 8 (E8)
  • 130+ Essential Eight Control dashboards
  • Essential Eight Assessment Overview
• Australian Energy Sector Cyber Security Framework (AES-CSF)
  • AES-CSF Control dashboards.
• NCSC Cyber Assessment Framework (CAF)
  • 39 CAF Control dashboards
  • CAF IGP Requirements Overview
• Added ability to add multiple panels to a dashboard at once
• Added System Health Dashboard
• Fixed OMB Overview Drilldown bug
• Updated 'Reviewer Activity' visualization to Timeline in the Executive Overview dashboard
• Added 50+ new custom content panels

Compliance Essentials 2.0.1

June 20, 2023

• Supports Multi-system
  • Systems can be split by hosts, index, source, or sourcetype
  • System permissions can be set by user and/or role
  • Practices are hidden/displayed on Practice Overview by System
  • Dashboards can be filtered by systems
• Split 'OMB Data Inventory' Data Sets into individual Data Models (Deprecated 'OMB Data Inventory' Data Model)
• Added drilldowns to Practice Dashboards from Executive - Overview and OMB Data Requirements Overview
• "No Status/Not Yet Reviewed" added on Overview Dashboards
• Default lookback for Data Models added
• Documentation Updates

Compliance Essentials 1.1.0

February 17, 2023

• Supports multiple frameworks
• 'OMB Data Inventory' Data Model added for Data Introspection panel searches (application no longer dependent on SSE)
• Data Tracking Requirements capability and Overview Page added for OMB
• Expanded Guidance now supports Markdown
• Search Head Cluster Environments now supported