X hits on this document

Powerpoint document

HHS Cybersecurity Program Training Information Security for Information Technology (IT) Administrato... - page 153 / 158





153 / 158

U.S. Department of Health and Human Services


Risk Management Framework - The new six-step process established in NIST SP 800-37 Rev.1, which is the transformation of the previous certification and accreditation (C&A) process. The RMF changes the traditional focus of C&A as a static, procedural activity to a more dynamic approach that provides the capability to more effectively manage information system-related security risks in highly diverse environments of complex and sophisticated cyber threats, ever-increasing system vulnerabilities, and rapidly changing missions.

Sanitization - A general term referring to the actions taken to render data written on media unrecoverable by both ordinary and, for some forms of sanitization, extraordinary means.

Security Category - The characterization of information or an information system that is based on an assessment of the potential impact that a loss of confidentiality, integrity, or availability would have on organizational operations, organizational assets, or individuals.

Security Control Assessment– The testing and/or evaluation of the management, operational, and technical security controls in an information system to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system.

Security Objectives - Confidentiality, integrity, and availability.

System Development Life Cycle (SDLC) - The scope of activities associated with a system, encompassing the system’s initiation, development and acquisition, implementation, operation and maintenance, and ultimately its disposal that instigates another system initiation.

Document info
Document views265
Page views265
Page last viewedTue Oct 25 15:34:16 UTC 2016