|
|
|
Junior Member
 
Group: Forum Members
Last Login: 2/5/2008 10:09:22 AM
Posts: 10,
Visits: 7
|
|
| As stated in the DODD 5200.28 paragraph 4.3 "The safeguarding of information and AIS resources (against sabotage, tampering, denial of service, espionage, fraud, misappropriation, misuse, or release to unauthorized persons) shall be accomplished through the continuous employment of safeguards consisting of administrative, procedural, physical and/or environmental, personnel, communications security, emanations security, and computer security (i.e., hardware, firmware, and software), as required. The mix of safeguards selected shall achieve the requisite level of security or protection.” It would be beneficial for all if the IA controls were grouped into safeguard groupings with subsequent Subject Matter Areas (SMA) for a a more feasible process of completing a C&A Package. Each SMA would have multiple sub-questions for a compilation or percentage tabulation for showing compliance. These SMA's would be linked to the POAM and DIP for failed controls and vice versa in that when a control is mitigated in any of the three document a dominio effects is implemented in order to lessen the need to repeat the same entry over again. Example provided. | Adminstrative | Transmission Security | Configuration Security | Personnel Security | Physical Security | Operations Security | | Subject Matter Areas | Subject Matter Areas | Subject Matter Areas | Subject Matter Areas | Subject Matter Areas | Subject Matter Areas | | Security Education Training and Awareness Training (SETAP) | Partitioning | Remote Access | Personnel | Facility Description | Acquistion Plan | | System Rules of Behavior | Shared Resources | Functionality Checks | Limited Access Authorizations | Access Control | Resources |
|
|
|
|