X hits on this document

Word document

Twenty Most Important Controls and Metrics for - page 8 / 48

140 views

0 shares

0 downloads

0 comments

8 / 48

Figure 1: Types of Computer Attacker Activities these Controls Are Designed to Help Thwart

Relationship to Other Federal Guidelines, Recommendations, and Requirements

These Consensus Audit Guidelines are meant to reinforce and prioritize some of the most important elements of the guidelines, standards, and requirements put forth in other US Government documentation, such as NIST special publication 800-53: Recommended Security Controls for Federal Information Systems, SCAP, FDCC, FISMA, and Department of Homeland Security Software Assurance documents.  These guidelines do not conflict with such recommendations.  In fact, the guidelines set forth herein are a proper subset of the recommendations of 800-53, designed so that organizations can focus on a specific set of actions associated with current threats and computer attacks they face every day.  A draft of the mapping of individual guidelines in this document to specific recommendations of 800-53 is included in Appendix A.   

Additionally, the Consensus Audit Guidelines are not intended to be comprehensive in addressing everything that a CIO or CISO must address in an effective security program.  For example, in addition to implementing controls identified in this document, organizations must develop appropriate security policies, security architectures, and

8

Document info
Document views140
Page views140
Page last viewedSat Dec 10 16:46:31 UTC 2016
Pages48
Paragraphs617
Words15387

Comments