Security self-assessment guide for information technology systems [electronic resource] / Marianne Swanson.
Imprint
[Gaithersburg, MD] : U.S. Dept. of Commerce, Technology Administration, National Institute of Standards and Technology : For sale by the Supt. of Docs., U.S. G.P.O., [2001]
Title from title screen (viewed on July 24, 2006).
"November 2001."
Bibliography
Includes bibliographical references.
Note
G.P.O. sales statement incorrect in publication.
Access
Use copy Restrictions unspecified star MiAaHDL
Reproduction
Electronic reproduction. [S.l.] : HathiTrust Digital Library, 2010. MiAaHDL
System Details
Master and use copy. Digital master created according to Benchmark for Faithful Digital Reproductions of Monographs and Serials, Version 1. Digital Library Federation, December 2002. http://purl.oclc.org/DLF/benchrepro0212 MiAaHDL
Processing Action
digitized 2010 HathiTrust Digital Library committed to preserve pda MiAaHDL
Summary
Self-assessments provide a method for agency officials to determine the current status of their information security programs and, where necessary, establish a target for improvement. This self-assessment guide utilizes an extensive questionnaire containing specific control objectives and techniques against which an unclassified system or group of interconnected systems can be tested and measured. The guide does not establish new security requirements. The control objectives and techniques are abstracted directly from long-standing requirements found in statute, policy, and guidance on security. This document builds on the Federal IT Security Assessment Framework (Framework) developed by NIST for the Federal Chief Information Officer (CIO) Council. The Framework established the groundwork for standardizing on five levels of security status and criteria agencies could use to determine if the five levels were adequately implemented. This document provides guidance on applying the Framework by identifying 17 control areas, such as those pertaining to identification and authentication and contingency planning. In addition, the guide provides control objectives and techniques that can be measured for each area.