X hits on this document

Powerpoint document

HHS Cybersecurity Program Training Information Security for Information Technology (IT) Administrato... - page 39 / 158

433 views

0 shares

0 downloads

0 comments

39 / 158

U.S. Department of Health and Human Services

NIST SP 800-53 Rev.3 is divided into 18 control families comprising three classes:

Management Controls focus on the management of the information system and the management of risk for the system. They are techniques and concerns that are normally addressed by management.

Operational Controls address security methods focusing on mechanisms primarily implemented and executed by people (as opposed to systems). They are put in place to improve the security of a particular system (or group of systems). They often require technical or specialized expertise and many times rely upon management activities, as well as technical controls.

Technical Controls concentrate on security controls that the computer system executes. The controls can provide automated protection for unauthorized access or misuse, facilitate detection of security violations, and support security requirements for applications and data.

Page 3 of 5

Development Phase Security

Security Control Class

Document info
Document views433
Page views433
Page last viewedThu Dec 08 15:17:26 UTC 2016
Pages158
Paragraphs2058
Words16945

Comments