X hits on this document

Powerpoint document

HHS Cybersecurity Program Training Information Security for Information Technology (IT) Administrato... - page 39 / 158

553 views

0 shares

0 downloads

0 comments

39 / 158

U.S. Department of Health and Human Services

NIST SP 800-53 Rev.3 is divided into 18 control families comprising three classes:

Management Controls focus on the management of the information system and the management of risk for the system. They are techniques and concerns that are normally addressed by management.

Operational Controls address security methods focusing on mechanisms primarily implemented and executed by people (as opposed to systems). They are put in place to improve the security of a particular system (or group of systems). They often require technical or specialized expertise and many times rely upon management activities, as well as technical controls.

Technical Controls concentrate on security controls that the computer system executes. The controls can provide automated protection for unauthorized access or misuse, facilitate detection of security violations, and support security requirements for applications and data.

Page 3 of 5

Development Phase Security

Security Control Class

Document info
Document views553
Page views553
Page last viewedFri Jan 20 08:22:39 UTC 2017
Pages158
Paragraphs2058
Words16945

Comments