NIST 800-53A: Guide for Assessing the Security Controls in ...
NIST 800-53A: Guide for Assessing the Security Controls in
Federal Information Systems
Samuel R. Ashmore Margarita Castillo Barry Gavrich
CS589 Information & Risk Management
New Mexico Tech Spring 2007
Assessing Security Controls
Introduction Framework and Methods Assessment Process Assessment Procedures Assessment Expectations Sample Assessment References Questions
Introduction
Security Assessments Performed Throughout System Development Life Cycle (SDLC) Phases
System initiation Development and acquisition Implementation Operational and maintenance Disposal
Assessments Performed Relative to System Risk, Minimally on an Annual Basis, A-130
Introduction
Security Control Types:
Management Operational Technical safeguards
Rely on Additional Input From:
Security categorization from SP800-53 / FIPS 199 Level of assurance required for operation
Additional Assessment Documents
SP800-37, Guide for Security C&A Common Criteria, FIPS 140-2
Framework of Assessment Procedures
Framework: Input, Processing, and Output
Input: 800-53, and FIPS 199 Policy, procedures, security requirements Specific protection-related actions Specific items: hardware, software, firmware
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related download
- what s new in draft nist special publication 800 53
- nist 800 53a guide for assessing the security controls in
- draft nist sp 800 53a revision 4 assessing security
- assessing security and privacy controls in federal nist
- nist sp 800 53a revision 1 guide for assessing the
- draft nist sp 800 53a rev 5 assessing security and
- nist sp 800 53a revision 1 guide for assessing the security
- draft nist sp 800 53a rev 5 assessing security and privacy
- what s new in draft nist special publication 800 53 revision 5
- draft nist sp 800 53a revision 4 assessing security and