Security Self-Assessment Guide for Information Technology Systems

摘要: Abstract : Adequate security of information and the systems that process it is a fundamental management responsibility. Agency officials must understand current status their program controls in order to make informed judgments investments appropriately mitigate risks an acceptable level. Self-assessments provide method for agency determine programs and, where necessary, establish target improvement. This self assessment guide utilizes extensive questionnaire containing specific control objectives techniques against which unclassified system or group interconnected can be tested measured. The does not new requirements. are abstracted directly from long-standing requirements found statute, policy, guidance on security. document builds Federal IT Security Assessment Framework (Framework) developed by NIST Chief Information Officer (ClO) Council. established groundwork standardizing five levels criteria agencies could use if were adequately implemented. provides applying identifying 17 areas, such as those pertaining identification authentication contingency planning. In addition, measured each area.