X hits on this document

Powerpoint document

HHS Cybersecurity Program Training Information Security for Information Technology (IT) Administrato... - page 45 / 158

461 views

0 shares

0 downloads

0 comments

45 / 158

U.S. Department of Health and Human Services

Does an IT Administrator typically get involved in security for MAs? It depends. Each category - high, moderate, or low - dictates the different security controls that must be in place for every major application to meet the guidance of NIST SP 800-53 Rev. 3.

Some SP 800-53  Rev. 3 controls are handled at the organization level (that is, HHS-wide, or even within an OPDIV). These controls are usually related to policy, guidance, personnel controls (such as background checks), or security training. Some controls are also handled by the GSS – such as intrusion detection, or virus protection. IT Administrators do not typically check the MA against the controls that are handled by the GSS or the organization.

A local IT Administrator is likely to get involved when an MA requires additional protection above and beyond what the organization or GSS provides. This occurs after an MA System Owner or ISSO determines additional security controls are needed.

Page 2 of 3

Types of Systems

Securing a Major Application

Document info
Document views461
Page views461
Page last viewedSat Dec 10 15:12:11 UTC 2016
Pages158
Paragraphs2058
Words16945

Comments