X hits on this document

Powerpoint document

HHS Cybersecurity Program Training Information Security for Information Technology (IT) Administrato... - page 38 / 158

340 views

0 shares

0 downloads

0 comments

38 / 158

U.S. Department of Health and Human Services

A system’s set of baseline security controls (low, moderate, or high), required by NIST SP 800-53 Revision 3: Recommended Security Controls for Federal Information Systems, will correspond to the system’s security category, which is determined by utilizing the FIPS 199: Standards for Security Categorization of Federal Information and Information Systems.

The minimal set of security controls may be augmented or refined, as necessary, throughout the EPLC. All planned and implemented security controls are documented within the SSP.

Furthermore, after assessing risk to the system, additional controls may be necessary to lower the acceptable level of risk to the system. A Risk Assessment profiles a system’s security risk and provides the rationale for any supplemental controls necessary.

Page 2 of 5

Development Phase Security

Security Control Selection & Refinement

Document info
Document views340
Page views340
Page last viewedSat Dec 03 02:53:58 UTC 2016
Pages158
Paragraphs2058
Words16945

Comments