Security Self Assessment Guide For Information Technology Systems
Download Security Self Assessment Guide For Information Technology Systems PDF/ePub or read online books in Mobi eBooks. Click Download or Read Online button to get Security Self Assessment Guide For Information Technology Systems book now. This website allows unlimited access to, at the time of writing, more than 1.5 million titles, including hundreds of thousands of titles in various foreign languages.
Security Self-Assessment Guide for Information Technology Systems
Adequate security of information and the systems that process it is a fundamental management responsibility. Agency officials must understand the current status of their information security program and controls in order to make informed judgments and investments that appropriately mitigate risks to an acceptable level. Self-assessments provide a method for agency officials to determine the current status of their information security programs and, where necessary, establish a target for improvement. This self assessment guide utilizes an extensive questionnaire containing specific control objectives and techniques against which an unclassified system or group of interconnected systems can be tested and measured. The guide does not establish new security requirements. The control objectives and techniques are abstracted directly from long-standing requirements found in statute, policy, and guidance on security. This document builds on the Federal IT Security Assessment Framework (Framework) developed by NIST for the Federal Chief Information Officer (ClO) Council. The Framework established the groundwork for standardizing on five levels of security status and criteria agencies could use to determine if the five levels were adequately implemented. This document provides guidance on applying the Framework by identifying 17 control areas, such as those pertaining to identification and authentication and contingency planning. In addition, the guide provides control objectives and techniques that can be measured for each area.
Computer Security
This document builds on the Federal IT Security Assessment Framework developed by the Nat. Technical Information Service for the Federal Chief Information Officer Council. The Framework established the groundwork for standardizing on 5 levels of security status and criteria that agencies could use to determine if the 5 levels were adequately implemented. This document provides guidance on applying the Framework by identifying 17 control areas, such as those pertaining to identification and authentication and contingency planning. In addition, the guide provides control objectives and techniques that can be measured for each area.