| Administrative | Physical | Technical |
|---|---|---|
| Security responsibility | Facility Access Control | Access Control |
| Risk Assessment / Risk Assessment | Guidelines on Workstation use and Security | Audit Control |
| Sanction Policy | Media Controls | Controls to Authenticate Data |
| Information System Review | Entity Authentication | |
| Employee access planning | Transport-layer Security Mechanism | |
| Contingency Planning |