{
    "count": 307,
    "controls": [
        {
            "control": "AC-1",
            "title": "Policy and Procedures",
            "rules_mapped": 0
        },
        {
            "control": "AC-10",
            "title": "Concurrent Session Control",
            "rules_mapped": 2
        },
        {
            "control": "AC-11",
            "title": "Device Lock",
            "rules_mapped": 23
        },
        {
            "control": "AC-12",
            "title": "Session Termination",
            "rules_mapped": 4
        },
        {
            "control": "AC-14",
            "title": "Permitted Actions Without Identification or Authentication",
            "rules_mapped": 0
        },
        {
            "control": "AC-16",
            "title": "Security and Privacy Attributes",
            "rules_mapped": 5
        },
        {
            "control": "AC-17",
            "title": "Remote Access",
            "rules_mapped": 55
        },
        {
            "control": "AC-18",
            "title": "Wireless Access",
            "rules_mapped": 4
        },
        {
            "control": "AC-19",
            "title": "Access Control for Mobile Devices",
            "rules_mapped": 0
        },
        {
            "control": "AC-2",
            "title": "Account Management",
            "rules_mapped": 31
        },
        {
            "control": "AC-20",
            "title": "Use of External Systems",
            "rules_mapped": 0
        },
        {
            "control": "AC-21",
            "title": "Information Sharing",
            "rules_mapped": 0
        },
        {
            "control": "AC-22",
            "title": "Publicly Accessible Content",
            "rules_mapped": 0
        },
        {
            "control": "AC-23",
            "title": "Data Mining Protection",
            "rules_mapped": 0
        },
        {
            "control": "AC-24",
            "title": "Access Control Decisions",
            "rules_mapped": 0
        },
        {
            "control": "AC-25",
            "title": "Reference Monitor",
            "rules_mapped": 0
        },
        {
            "control": "AC-3",
            "title": "Access Enforcement",
            "rules_mapped": 92
        },
        {
            "control": "AC-4",
            "title": "Information Flow Enforcement",
            "rules_mapped": 3
        },
        {
            "control": "AC-5",
            "title": "Separation of Duties",
            "rules_mapped": 0
        },
        {
            "control": "AC-6",
            "title": "Least Privilege",
            "rules_mapped": 184
        },
        {
            "control": "AC-7",
            "title": "Unsuccessful Logon Attempts",
            "rules_mapped": 40
        },
        {
            "control": "AC-8",
            "title": "System Use Notification",
            "rules_mapped": 17
        },
        {
            "control": "AC-9",
            "title": "Previous Logon Notification",
            "rules_mapped": 2
        },
        {
            "control": "AT-1",
            "title": "Policy and Procedures",
            "rules_mapped": 0
        },
        {
            "control": "AT-2",
            "title": "Literacy Training and Awareness",
            "rules_mapped": 0
        },
        {
            "control": "AT-3",
            "title": "Role-based Training",
            "rules_mapped": 0
        },
        {
            "control": "AT-4",
            "title": "Training Records",
            "rules_mapped": 0
        },
        {
            "control": "AT-6",
            "title": "Training Feedback",
            "rules_mapped": 0
        },
        {
            "control": "AU-1",
            "title": "Policy and Procedures",
            "rules_mapped": 0
        },
        {
            "control": "AU-10",
            "title": "Non-repudiation",
            "rules_mapped": 2
        },
        {
            "control": "AU-11",
            "title": "Audit Record Retention",
            "rules_mapped": 0
        },
        {
            "control": "AU-12",
            "title": "Audit Record Generation",
            "rules_mapped": 270
        },
        {
            "control": "AU-13",
            "title": "Monitoring for Information Disclosure",
            "rules_mapped": 0
        },
        {
            "control": "AU-14",
            "title": "Session Audit",
            "rules_mapped": 5
        },
        {
            "control": "AU-15",
            "title": "Alternate Audit Logging Capability",
            "rules_mapped": 0
        },
        {
            "control": "AU-16",
            "title": "Cross-organizational Audit Logging",
            "rules_mapped": 0
        },
        {
            "control": "AU-2",
            "title": "Event Logging",
            "rules_mapped": 0
        },
        {
            "control": "AU-3",
            "title": "Content of Audit Records",
            "rules_mapped": 76
        },
        {
            "control": "AU-4",
            "title": "Audit Log Storage Capacity",
            "rules_mapped": 34
        },
        {
            "control": "AU-5",
            "title": "Response to Audit Logging Process Failures",
            "rules_mapped": 17
        },
        {
            "control": "AU-6",
            "title": "Audit Record Review, Analysis, and Reporting",
            "rules_mapped": 4
        },
        {
            "control": "AU-7",
            "title": "Audit Record Reduction and Report Generation",
            "rules_mapped": 2
        },
        {
            "control": "AU-8",
            "title": "Time Stamps",
            "rules_mapped": 9
        },
        {
            "control": "AU-9",
            "title": "Protection of Audit Information",
            "rules_mapped": 41
        },
        {
            "control": "CA-1",
            "title": "Policy and Procedures",
            "rules_mapped": 0
        },
        {
            "control": "CA-2",
            "title": "Control Assessments",
            "rules_mapped": 0
        },
        {
            "control": "CA-3",
            "title": "Information Exchange",
            "rules_mapped": 2
        },
        {
            "control": "CA-5",
            "title": "Plan of Action and Milestones",
            "rules_mapped": 0
        },
        {
            "control": "CA-6",
            "title": "Authorization",
            "rules_mapped": 0
        },
        {
            "control": "CA-7",
            "title": "Continuous Monitoring",
            "rules_mapped": 0
        },
        {
            "control": "CA-8",
            "title": "Penetration Testing",
            "rules_mapped": 0
        },
        {
            "control": "CA-9",
            "title": "Internal System Connections",
            "rules_mapped": 0
        },
        {
            "control": "CM-1",
            "title": "Policy and Procedures",
            "rules_mapped": 0
        },
        {
            "control": "CM-10",
            "title": "Software Usage Restrictions",
            "rules_mapped": 0
        },
        {
            "control": "CM-11",
            "title": "User-installed Software",
            "rules_mapped": 8
        },
        {
            "control": "CM-12",
            "title": "Information Location",
            "rules_mapped": 0
        },
        {
            "control": "CM-13",
            "title": "Data Action Mapping",
            "rules_mapped": 0
        },
        {
            "control": "CM-14",
            "title": "Signed Components",
            "rules_mapped": 0
        },
        {
            "control": "CM-2",
            "title": "Baseline Configuration",
            "rules_mapped": 0
        },
        {
            "control": "CM-3",
            "title": "Configuration Change Control",
            "rules_mapped": 7
        },
        {
            "control": "CM-4",
            "title": "Impact Analyses",
            "rules_mapped": 0
        },
        {
            "control": "CM-5",
            "title": "Access Restrictions for Change",
            "rules_mapped": 41
        },
        {
            "control": "CM-6",
            "title": "Configuration Settings",
            "rules_mapped": 525
        },
        {
            "control": "CM-7",
            "title": "Least Functionality",
            "rules_mapped": 231
        },
        {
            "control": "CM-8",
            "title": "System Component Inventory",
            "rules_mapped": 0
        },
        {
            "control": "CM-9",
            "title": "Configuration Management Plan",
            "rules_mapped": 0
        },
        {
            "control": "CP-1",
            "title": "Policy and Procedures",
            "rules_mapped": 0
        },
        {
            "control": "CP-10",
            "title": "System Recovery and Reconstitution",
            "rules_mapped": 0
        },
        {
            "control": "CP-11",
            "title": "Alternate Communications Protocols",
            "rules_mapped": 0
        },
        {
            "control": "CP-12",
            "title": "Safe Mode",
            "rules_mapped": 0
        },
        {
            "control": "CP-13",
            "title": "Alternative Security Mechanisms",
            "rules_mapped": 0
        },
        {
            "control": "CP-2",
            "title": "Contingency Plan",
            "rules_mapped": 0
        },
        {
            "control": "CP-3",
            "title": "Contingency Training",
            "rules_mapped": 0
        },
        {
            "control": "CP-4",
            "title": "Contingency Plan Testing",
            "rules_mapped": 0
        },
        {
            "control": "CP-6",
            "title": "Alternate Storage Site",
            "rules_mapped": 0
        },
        {
            "control": "CP-7",
            "title": "Alternate Processing Site",
            "rules_mapped": 0
        },
        {
            "control": "CP-8",
            "title": "Telecommunications Services",
            "rules_mapped": 0
        },
        {
            "control": "CP-9",
            "title": "System Backup",
            "rules_mapped": 0
        },
        {
            "control": "IA-1",
            "title": "Policy and Procedures",
            "rules_mapped": 0
        },
        {
            "control": "IA-10",
            "title": "Adaptive Authentication",
            "rules_mapped": 0
        },
        {
            "control": "IA-11",
            "title": "Re-authentication",
            "rules_mapped": 37
        },
        {
            "control": "IA-12",
            "title": "Identity Proofing",
            "rules_mapped": 0
        },
        {
            "control": "IA-13",
            "title": "Identity Providers and Authorization Servers",
            "rules_mapped": 0
        },
        {
            "control": "IA-2",
            "title": "Identification and Authentication (Organizational Users)",
            "rules_mapped": 39
        },
        {
            "control": "IA-3",
            "title": "Device Identification and Authentication",
            "rules_mapped": 19
        },
        {
            "control": "IA-4",
            "title": "Identifier Management",
            "rules_mapped": 6
        },
        {
            "control": "IA-5",
            "title": "Authenticator Management",
            "rules_mapped": 108
        },
        {
            "control": "IA-6",
            "title": "Authentication Feedback",
            "rules_mapped": 0
        },
        {
            "control": "IA-7",
            "title": "Cryptographic Module Authentication",
            "rules_mapped": 17
        },
        {
            "control": "IA-8",
            "title": "Identification and Authentication (Non-organizational Users)",
            "rules_mapped": 6
        },
        {
            "control": "IA-9",
            "title": "Service Identification and Authentication",
            "rules_mapped": 0
        },
        {
            "control": "IR-1",
            "title": "Policy and Procedures",
            "rules_mapped": 0
        },
        {
            "control": "IR-10",
            "title": "Integrated Information Security Analysis Team",
            "rules_mapped": 0
        },
        {
            "control": "IR-2",
            "title": "Incident Response Training",
            "rules_mapped": 0
        },
        {
            "control": "IR-3",
            "title": "Incident Response Testing",
            "rules_mapped": 0
        },
        {
            "control": "IR-4",
            "title": "Incident Handling",
            "rules_mapped": 0
        },
        {
            "control": "IR-5",
            "title": "Incident Monitoring",
            "rules_mapped": 0
        },
        {
            "control": "IR-6",
            "title": "Incident Reporting",
            "rules_mapped": 0
        },
        {
            "control": "IR-7",
            "title": "Incident Response Assistance",
            "rules_mapped": 0
        },
        {
            "control": "IR-8",
            "title": "Incident Response Plan",
            "rules_mapped": 0
        },
        {
            "control": "IR-9",
            "title": "Information Spillage Response",
            "rules_mapped": 0
        },
        {
            "control": "MA-1",
            "title": "Policy and Procedures",
            "rules_mapped": 0
        },
        {
            "control": "MA-2",
            "title": "Controlled Maintenance",
            "rules_mapped": 0
        },
        {
            "control": "MA-3",
            "title": "Maintenance Tools",
            "rules_mapped": 0
        },
        {
            "control": "MA-4",
            "title": "Nonlocal Maintenance",
            "rules_mapped": 76
        },
        {
            "control": "MA-5",
            "title": "Maintenance Personnel",
            "rules_mapped": 0
        },
        {
            "control": "MA-6",
            "title": "Timely Maintenance",
            "rules_mapped": 0
        },
        {
            "control": "MA-7",
            "title": "Field Maintenance",
            "rules_mapped": 0
        },
        {
            "control": "MP-1",
            "title": "Policy and Procedures",
            "rules_mapped": 0
        },
        {
            "control": "MP-2",
            "title": "Media Access",
            "rules_mapped": 0
        },
        {
            "control": "MP-3",
            "title": "Media Marking",
            "rules_mapped": 0
        },
        {
            "control": "MP-4",
            "title": "Media Storage",
            "rules_mapped": 0
        },
        {
            "control": "MP-5",
            "title": "Media Transport",
            "rules_mapped": 0
        },
        {
            "control": "MP-6",
            "title": "Media Sanitization",
            "rules_mapped": 0
        },
        {
            "control": "MP-7",
            "title": "Media Use",
            "rules_mapped": 0
        },
        {
            "control": "MP-8",
            "title": "Media Downgrading",
            "rules_mapped": 0
        },
        {
            "control": "PE-1",
            "title": "Policy and Procedures",
            "rules_mapped": 0
        },
        {
            "control": "PE-10",
            "title": "Emergency Shutoff",
            "rules_mapped": 0
        },
        {
            "control": "PE-11",
            "title": "Emergency Power",
            "rules_mapped": 0
        },
        {
            "control": "PE-12",
            "title": "Emergency Lighting",
            "rules_mapped": 0
        },
        {
            "control": "PE-13",
            "title": "Fire Protection",
            "rules_mapped": 0
        },
        {
            "control": "PE-14",
            "title": "Environmental Controls",
            "rules_mapped": 0
        },
        {
            "control": "PE-15",
            "title": "Water Damage Protection",
            "rules_mapped": 0
        },
        {
            "control": "PE-16",
            "title": "Delivery and Removal",
            "rules_mapped": 0
        },
        {
            "control": "PE-17",
            "title": "Alternate Work Site",
            "rules_mapped": 0
        },
        {
            "control": "PE-18",
            "title": "Location of System Components",
            "rules_mapped": 0
        },
        {
            "control": "PE-19",
            "title": "Information Leakage",
            "rules_mapped": 0
        },
        {
            "control": "PE-2",
            "title": "Physical Access Authorizations",
            "rules_mapped": 0
        },
        {
            "control": "PE-20",
            "title": "Asset Monitoring and Tracking",
            "rules_mapped": 0
        },
        {
            "control": "PE-21",
            "title": "Electromagnetic Pulse Protection",
            "rules_mapped": 0
        },
        {
            "control": "PE-22",
            "title": "Component Marking",
            "rules_mapped": 0
        },
        {
            "control": "PE-23",
            "title": "Facility Location",
            "rules_mapped": 0
        },
        {
            "control": "PE-3",
            "title": "Physical Access Control",
            "rules_mapped": 0
        },
        {
            "control": "PE-4",
            "title": "Access Control for Transmission",
            "rules_mapped": 0
        },
        {
            "control": "PE-5",
            "title": "Access Control for Output Devices",
            "rules_mapped": 0
        },
        {
            "control": "PE-6",
            "title": "Monitoring Physical Access",
            "rules_mapped": 0
        },
        {
            "control": "PE-8",
            "title": "Visitor Access Records",
            "rules_mapped": 0
        },
        {
            "control": "PE-9",
            "title": "Power Equipment and Cabling",
            "rules_mapped": 0
        },
        {
            "control": "PL-1",
            "title": "Policy and Procedures",
            "rules_mapped": 0
        },
        {
            "control": "PL-10",
            "title": "Baseline Selection",
            "rules_mapped": 0
        },
        {
            "control": "PL-11",
            "title": "Baseline Tailoring",
            "rules_mapped": 0
        },
        {
            "control": "PL-2",
            "title": "System Security and Privacy Plans",
            "rules_mapped": 0
        },
        {
            "control": "PL-4",
            "title": "Rules of Behavior",
            "rules_mapped": 0
        },
        {
            "control": "PL-7",
            "title": "Concept of Operations",
            "rules_mapped": 0
        },
        {
            "control": "PL-8",
            "title": "Security and Privacy Architectures",
            "rules_mapped": 0
        },
        {
            "control": "PL-9",
            "title": "Central Management",
            "rules_mapped": 0
        },
        {
            "control": "PM-1",
            "title": "Information Security Program Plan",
            "rules_mapped": 0
        },
        {
            "control": "PM-10",
            "title": "Authorization Process",
            "rules_mapped": 0
        },
        {
            "control": "PM-11",
            "title": "Mission and Business Process Definition",
            "rules_mapped": 0
        },
        {
            "control": "PM-12",
            "title": "Insider Threat Program",
            "rules_mapped": 0
        },
        {
            "control": "PM-13",
            "title": "Security and Privacy Workforce",
            "rules_mapped": 0
        },
        {
            "control": "PM-14",
            "title": "Testing, Training, and Monitoring",
            "rules_mapped": 0
        },
        {
            "control": "PM-15",
            "title": "Security and Privacy Groups and Associations",
            "rules_mapped": 0
        },
        {
            "control": "PM-16",
            "title": "Threat Awareness Program",
            "rules_mapped": 0
        },
        {
            "control": "PM-17",
            "title": "Protecting Controlled Unclassified Information on External Systems",
            "rules_mapped": 0
        },
        {
            "control": "PM-18",
            "title": "Privacy Program Plan",
            "rules_mapped": 0
        },
        {
            "control": "PM-19",
            "title": "Privacy Program Leadership Role",
            "rules_mapped": 0
        },
        {
            "control": "PM-2",
            "title": "Information Security Program Leadership Role",
            "rules_mapped": 0
        },
        {
            "control": "PM-20",
            "title": "Dissemination of Privacy Program Information",
            "rules_mapped": 0
        },
        {
            "control": "PM-21",
            "title": "Accounting of Disclosures",
            "rules_mapped": 0
        },
        {
            "control": "PM-22",
            "title": "Personally Identifiable Information Quality Management",
            "rules_mapped": 0
        },
        {
            "control": "PM-23",
            "title": "Data Governance Body",
            "rules_mapped": 0
        },
        {
            "control": "PM-24",
            "title": "Data Integrity Board",
            "rules_mapped": 0
        },
        {
            "control": "PM-25",
            "title": "Minimization of Personally Identifiable Information Used in Testing, Training, and Research",
            "rules_mapped": 0
        },
        {
            "control": "PM-26",
            "title": "Complaint Management",
            "rules_mapped": 0
        },
        {
            "control": "PM-27",
            "title": "Privacy Reporting",
            "rules_mapped": 0
        },
        {
            "control": "PM-28",
            "title": "Risk Framing",
            "rules_mapped": 0
        },
        {
            "control": "PM-29",
            "title": "Risk Management Program Leadership Roles",
            "rules_mapped": 0
        },
        {
            "control": "PM-3",
            "title": "Information Security and Privacy Resources",
            "rules_mapped": 0
        },
        {
            "control": "PM-30",
            "title": "Supply Chain Risk Management Strategy",
            "rules_mapped": 0
        },
        {
            "control": "PM-31",
            "title": "Continuous Monitoring Strategy",
            "rules_mapped": 0
        },
        {
            "control": "PM-32",
            "title": "Purposing",
            "rules_mapped": 0
        },
        {
            "control": "PM-4",
            "title": "Plan of Action and Milestones Process",
            "rules_mapped": 0
        },
        {
            "control": "PM-5",
            "title": "System Inventory",
            "rules_mapped": 0
        },
        {
            "control": "PM-6",
            "title": "Measures of Performance",
            "rules_mapped": 0
        },
        {
            "control": "PM-7",
            "title": "Enterprise Architecture",
            "rules_mapped": 0
        },
        {
            "control": "PM-8",
            "title": "Critical Infrastructure Plan",
            "rules_mapped": 0
        },
        {
            "control": "PM-9",
            "title": "Risk Management Strategy",
            "rules_mapped": 0
        },
        {
            "control": "PS-1",
            "title": "Policy and Procedures",
            "rules_mapped": 0
        },
        {
            "control": "PS-2",
            "title": "Position Risk Designation",
            "rules_mapped": 0
        },
        {
            "control": "PS-3",
            "title": "Personnel Screening",
            "rules_mapped": 0
        },
        {
            "control": "PS-4",
            "title": "Personnel Termination",
            "rules_mapped": 0
        },
        {
            "control": "PS-5",
            "title": "Personnel Transfer",
            "rules_mapped": 0
        },
        {
            "control": "PS-6",
            "title": "Access Agreements",
            "rules_mapped": 0
        },
        {
            "control": "PS-7",
            "title": "External Personnel Security",
            "rules_mapped": 0
        },
        {
            "control": "PS-8",
            "title": "Personnel Sanctions",
            "rules_mapped": 0
        },
        {
            "control": "PS-9",
            "title": "Position Descriptions",
            "rules_mapped": 0
        },
        {
            "control": "PT-1",
            "title": "Policy and Procedures",
            "rules_mapped": 0
        },
        {
            "control": "PT-2",
            "title": "Authority to Process Personally Identifiable Information",
            "rules_mapped": 0
        },
        {
            "control": "PT-3",
            "title": "Personally Identifiable Information Processing Purposes",
            "rules_mapped": 0
        },
        {
            "control": "PT-4",
            "title": "Consent",
            "rules_mapped": 0
        },
        {
            "control": "PT-5",
            "title": "Privacy Notice",
            "rules_mapped": 0
        },
        {
            "control": "PT-6",
            "title": "System of Records Notice",
            "rules_mapped": 0
        },
        {
            "control": "PT-7",
            "title": "Specific Categories of Personally Identifiable Information",
            "rules_mapped": 0
        },
        {
            "control": "PT-8",
            "title": "Computer Matching Requirements",
            "rules_mapped": 0
        },
        {
            "control": "RA-1",
            "title": "Policy and Procedures",
            "rules_mapped": 0
        },
        {
            "control": "RA-10",
            "title": "Threat Hunting",
            "rules_mapped": 0
        },
        {
            "control": "RA-2",
            "title": "Security Categorization",
            "rules_mapped": 0
        },
        {
            "control": "RA-3",
            "title": "Risk Assessment",
            "rules_mapped": 0
        },
        {
            "control": "RA-5",
            "title": "Vulnerability Monitoring and Scanning",
            "rules_mapped": 0
        },
        {
            "control": "RA-6",
            "title": "Technical Surveillance Countermeasures Survey",
            "rules_mapped": 0
        },
        {
            "control": "RA-7",
            "title": "Risk Response",
            "rules_mapped": 0
        },
        {
            "control": "RA-8",
            "title": "Privacy Impact Assessments",
            "rules_mapped": 0
        },
        {
            "control": "RA-9",
            "title": "Criticality Analysis",
            "rules_mapped": 0
        },
        {
            "control": "SA-1",
            "title": "Policy and Procedures",
            "rules_mapped": 0
        },
        {
            "control": "SA-10",
            "title": "Developer Configuration Management",
            "rules_mapped": 0
        },
        {
            "control": "SA-11",
            "title": "Developer Testing and Evaluation",
            "rules_mapped": 0
        },
        {
            "control": "SA-12",
            "title": "Supply Chain Protection",
            "rules_mapped": 0
        },
        {
            "control": "SA-13",
            "title": "Trustworthiness",
            "rules_mapped": 0
        },
        {
            "control": "SA-14",
            "title": "Criticality Analysis",
            "rules_mapped": 0
        },
        {
            "control": "SA-15",
            "title": "Development Process, Standards, and Tools",
            "rules_mapped": 0
        },
        {
            "control": "SA-16",
            "title": "Developer-provided Training",
            "rules_mapped": 0
        },
        {
            "control": "SA-17",
            "title": "Developer Security and Privacy Architecture and Design",
            "rules_mapped": 0
        },
        {
            "control": "SA-18",
            "title": "Tamper Resistance and Detection",
            "rules_mapped": 0
        },
        {
            "control": "SA-19",
            "title": "Component Authenticity",
            "rules_mapped": 0
        },
        {
            "control": "SA-2",
            "title": "Allocation of Resources",
            "rules_mapped": 0
        },
        {
            "control": "SA-20",
            "title": "Customized Development of Critical Components",
            "rules_mapped": 0
        },
        {
            "control": "SA-21",
            "title": "Developer Screening",
            "rules_mapped": 0
        },
        {
            "control": "SA-22",
            "title": "Unsupported System Components",
            "rules_mapped": 0
        },
        {
            "control": "SA-23",
            "title": "Specialization",
            "rules_mapped": 0
        },
        {
            "control": "SA-3",
            "title": "System Development Life Cycle",
            "rules_mapped": 0
        },
        {
            "control": "SA-4",
            "title": "Acquisition Process",
            "rules_mapped": 0
        },
        {
            "control": "SA-5",
            "title": "System Documentation",
            "rules_mapped": 0
        },
        {
            "control": "SA-8",
            "title": "Security and Privacy Engineering Principles",
            "rules_mapped": 0
        },
        {
            "control": "SA-9",
            "title": "External System Services",
            "rules_mapped": 0
        },
        {
            "control": "SC-1",
            "title": "Policy and Procedures",
            "rules_mapped": 0
        },
        {
            "control": "SC-10",
            "title": "Network Disconnect",
            "rules_mapped": 11
        },
        {
            "control": "SC-11",
            "title": "Trusted Path",
            "rules_mapped": 0
        },
        {
            "control": "SC-12",
            "title": "Cryptographic Key Establishment and Management",
            "rules_mapped": 3
        },
        {
            "control": "SC-13",
            "title": "Cryptographic Protection",
            "rules_mapped": 10
        },
        {
            "control": "SC-15",
            "title": "Collaborative Computing Devices and Applications",
            "rules_mapped": 0
        },
        {
            "control": "SC-16",
            "title": "Transmission of Security and Privacy Attributes",
            "rules_mapped": 0
        },
        {
            "control": "SC-17",
            "title": "Public Key Infrastructure Certificates",
            "rules_mapped": 0
        },
        {
            "control": "SC-18",
            "title": "Mobile Code",
            "rules_mapped": 12
        },
        {
            "control": "SC-19",
            "title": "Voice Over Internet Protocol",
            "rules_mapped": 0
        },
        {
            "control": "SC-2",
            "title": "Separation of System and User Functionality",
            "rules_mapped": 6
        },
        {
            "control": "SC-20",
            "title": "Secure Name/Address Resolution Service (Authoritative Source)",
            "rules_mapped": 0
        },
        {
            "control": "SC-21",
            "title": "Secure Name/Address Resolution Service (Recursive or Caching Resolver)",
            "rules_mapped": 0
        },
        {
            "control": "SC-22",
            "title": "Architecture and Provisioning for Name/Address Resolution Service",
            "rules_mapped": 0
        },
        {
            "control": "SC-23",
            "title": "Session Authenticity",
            "rules_mapped": 27
        },
        {
            "control": "SC-24",
            "title": "Fail in Known State",
            "rules_mapped": 1
        },
        {
            "control": "SC-25",
            "title": "Thin Nodes",
            "rules_mapped": 0
        },
        {
            "control": "SC-26",
            "title": "Decoys",
            "rules_mapped": 0
        },
        {
            "control": "SC-27",
            "title": "Platform-independent Applications",
            "rules_mapped": 0
        },
        {
            "control": "SC-28",
            "title": "Protection of Information at Rest",
            "rules_mapped": 13
        },
        {
            "control": "SC-29",
            "title": "Heterogeneity",
            "rules_mapped": 0
        },
        {
            "control": "SC-3",
            "title": "Security Function Isolation",
            "rules_mapped": 37
        },
        {
            "control": "SC-30",
            "title": "Concealment and Misdirection",
            "rules_mapped": 0
        },
        {
            "control": "SC-31",
            "title": "Covert Channel Analysis",
            "rules_mapped": 0
        },
        {
            "control": "SC-32",
            "title": "System Partitioning",
            "rules_mapped": 0
        },
        {
            "control": "SC-34",
            "title": "Non-modifiable Executable Programs",
            "rules_mapped": 0
        },
        {
            "control": "SC-35",
            "title": "External Malicious Code Identification",
            "rules_mapped": 0
        },
        {
            "control": "SC-36",
            "title": "Distributed Processing and Storage",
            "rules_mapped": 0
        },
        {
            "control": "SC-37",
            "title": "Out-of-band Channels",
            "rules_mapped": 0
        },
        {
            "control": "SC-38",
            "title": "Operations Security",
            "rules_mapped": 0
        },
        {
            "control": "SC-39",
            "title": "Process Isolation",
            "rules_mapped": 0
        },
        {
            "control": "SC-4",
            "title": "Information in Shared System Resources",
            "rules_mapped": 28
        },
        {
            "control": "SC-40",
            "title": "Wireless Link Protection",
            "rules_mapped": 0
        },
        {
            "control": "SC-41",
            "title": "Port and I/O Device Access",
            "rules_mapped": 0
        },
        {
            "control": "SC-42",
            "title": "Sensor Capability and Data",
            "rules_mapped": 0
        },
        {
            "control": "SC-43",
            "title": "Usage Restrictions",
            "rules_mapped": 0
        },
        {
            "control": "SC-44",
            "title": "Detonation Chambers",
            "rules_mapped": 0
        },
        {
            "control": "SC-45",
            "title": "System Time Synchronization",
            "rules_mapped": 0
        },
        {
            "control": "SC-46",
            "title": "Cross Domain Policy Enforcement",
            "rules_mapped": 0
        },
        {
            "control": "SC-47",
            "title": "Alternate Communications Paths",
            "rules_mapped": 0
        },
        {
            "control": "SC-48",
            "title": "Sensor Relocation",
            "rules_mapped": 0
        },
        {
            "control": "SC-49",
            "title": "Hardware-enforced Separation and Policy Enforcement",
            "rules_mapped": 0
        },
        {
            "control": "SC-5",
            "title": "Denial-of-service Protection",
            "rules_mapped": 9
        },
        {
            "control": "SC-50",
            "title": "Software-enforced Separation and Policy Enforcement",
            "rules_mapped": 0
        },
        {
            "control": "SC-51",
            "title": "Hardware-based Protection",
            "rules_mapped": 0
        },
        {
            "control": "SC-6",
            "title": "Resource Availability",
            "rules_mapped": 0
        },
        {
            "control": "SC-7",
            "title": "Boundary Protection",
            "rules_mapped": 1
        },
        {
            "control": "SC-8",
            "title": "Transmission Confidentiality and Integrity",
            "rules_mapped": 44
        },
        {
            "control": "SI-1",
            "title": "Policy and Procedures",
            "rules_mapped": 0
        },
        {
            "control": "SI-10",
            "title": "Information Input Validation",
            "rules_mapped": 0
        },
        {
            "control": "SI-11",
            "title": "Error Handling",
            "rules_mapped": 20
        },
        {
            "control": "SI-12",
            "title": "Information Management and Retention",
            "rules_mapped": 0
        },
        {
            "control": "SI-13",
            "title": "Predictable Failure Prevention",
            "rules_mapped": 0
        },
        {
            "control": "SI-14",
            "title": "Non-persistence",
            "rules_mapped": 0
        },
        {
            "control": "SI-15",
            "title": "Information Output Filtering",
            "rules_mapped": 0
        },
        {
            "control": "SI-16",
            "title": "Memory Protection",
            "rules_mapped": 16
        },
        {
            "control": "SI-17",
            "title": "Fail-safe Procedures",
            "rules_mapped": 0
        },
        {
            "control": "SI-18",
            "title": "Personally Identifiable Information Quality Operations",
            "rules_mapped": 0
        },
        {
            "control": "SI-19",
            "title": "De-identification",
            "rules_mapped": 0
        },
        {
            "control": "SI-2",
            "title": "Flaw Remediation",
            "rules_mapped": 3
        },
        {
            "control": "SI-20",
            "title": "Tainting",
            "rules_mapped": 0
        },
        {
            "control": "SI-21",
            "title": "Information Refresh",
            "rules_mapped": 0
        },
        {
            "control": "SI-22",
            "title": "Information Diversity",
            "rules_mapped": 0
        },
        {
            "control": "SI-23",
            "title": "Information Fragmentation",
            "rules_mapped": 0
        },
        {
            "control": "SI-3",
            "title": "Malicious Code Protection",
            "rules_mapped": 1
        },
        {
            "control": "SI-4",
            "title": "System Monitoring",
            "rules_mapped": 1
        },
        {
            "control": "SI-5",
            "title": "Security Alerts, Advisories, and Directives",
            "rules_mapped": 0
        },
        {
            "control": "SI-6",
            "title": "Security and Privacy Function Verification",
            "rules_mapped": 6
        },
        {
            "control": "SI-7",
            "title": "Software, Firmware, and Information Integrity",
            "rules_mapped": 0
        },
        {
            "control": "SI-8",
            "title": "Spam Protection",
            "rules_mapped": 0
        },
        {
            "control": "SR-1",
            "title": "Policy and Procedures",
            "rules_mapped": 0
        },
        {
            "control": "SR-10",
            "title": "Inspection of Systems or Components",
            "rules_mapped": 0
        },
        {
            "control": "SR-11",
            "title": "Component Authenticity",
            "rules_mapped": 0
        },
        {
            "control": "SR-12",
            "title": "Component Disposal",
            "rules_mapped": 0
        },
        {
            "control": "SR-2",
            "title": "Supply Chain Risk Management Plan",
            "rules_mapped": 0
        },
        {
            "control": "SR-3",
            "title": "Supply Chain Controls and Processes",
            "rules_mapped": 0
        },
        {
            "control": "SR-4",
            "title": "Provenance",
            "rules_mapped": 0
        },
        {
            "control": "SR-5",
            "title": "Acquisition Strategies, Tools, and Methods",
            "rules_mapped": 0
        },
        {
            "control": "SR-6",
            "title": "Supplier Assessments and Reviews",
            "rules_mapped": 0
        },
        {
            "control": "SR-7",
            "title": "Supply Chain Operations Security",
            "rules_mapped": 0
        },
        {
            "control": "SR-8",
            "title": "Notification Agreements",
            "rules_mapped": 0
        },
        {
            "control": "SR-9",
            "title": "Tamper Resistance and Detection",
            "rules_mapped": 0
        }
    ]
}