HHS Information Security
Information Security Controls
PUBLIC
1
Revised: 10/21/2021
1. Purpose
The security and privacy controls contained in this document are the safeguards or countermeasures that, when implemented and enforced, will satisfy the information security compliance requirements defined in the Health and Human Services (HHS) Information Security Policy and applicable federal laws, executive orders, directives, policies, regulations, and standards.
2. Scope
All HHS employees, contractors, third-party users, external service providers, and all HHS physical, software, and information assets (whether standalone or attached to the HHS local and wide area networks), that access, create, disclose, receive, transmit, maintain, or store HHS information, as well as all services that support or otherwise handle those physical, software, and information assets, are required to comply with the security and privacy controls contained within this document. The security controls outlined in this document are required upon release of this document, and compliance should be documented in the information systems next annual risk assessment.
3. Audience
This document is intended to serve a diverse audience of information systems, information owners, information custodians, and Chief Information Security Office staff. While all users of HHS information systems assets should be aware of security controls as adopted by the HHS Chief Information Security Office, primary users of this document are the information custodians of IT operations, system and database administrators, application developers, support, maintenance personnel, and information security officers.
PUBLIC
2 Revised: 10/2021
4. Controls
The Information Security Controls are maintained by the Chief Information Security Office on the Chief Information Security Office SharePoint site.
The controls are made up of the following:
Framework for Understanding the Information Security Controls Appendix A: Security Baselines and Overlays Appendix B-C: HHS Information Security Controls Appendix D: HIPAA Security Rules to IS-Controls Mapping Appendix E: Security Control Risk Score Formula Appendix F: References and Resources
PUBLIC
3 Revised: 10/2021
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related download
- nist 800 171 compliance guideline
- data classification methodology
- hipaa security rule crosswalk to nist cybersecurity framework
- initial public draft ipd special publication 800 53
- guideline for mapping types of information and nist
- appendix b mapping cybersecurity assessment tool to nist
- volume i guide for mapping types of information nist
- hhs information security
- security and privacy controls for federal nist page
Related searches
- navy information security website
- information security classification standards
- information security data classification
- dod introduction to information security answers
- introduction to information security cdse
- information security risk register
- introduction to information security stepp
- introduction to information security usalearning
- top information security risks
- information security risk list
- information security classification levels
- information security maturity model