Common Standards and Regulations 253 controls that are discussed include asset management and configuration management controls, separation and security controls for network communications, specific host security controls regarding access control, and Anti-Malware protection. Of particular interest are a group of controls around security incident management--the first of the standards discussed in this book to specifically mention the anticipation of a secu- rity breach using anomaly detection. Specifically, ISO/IEC mentions "malfunctions or other anomalous system behavior may be an indicator of a security attack or actual security breach." 19 NOTE Excerpts from the ISO/IEC 27002:2005 Standard have been mapped to common security controls under the section "Mapping Industrial Network Security to Compliance." NRC Regulation 5.71 NRC Regulation 5.71 (RG 5.71) provides security recommendations for comply- ing with Title 10 of the Code of Federal Regulations (CFR) 73.54. It consists of