U.S. Department of Health and Human Services
Most systems at HHS are in the operations phase. While security controls, analysis, and testing should have been established earlier in the life cycle, this is often not the case and IT Administrators find themselves having to catch up. Even if these security measures—controls, analysis, testing—have been completed properly, security remains an ongoing assignment throughout all phases. Why?
To confirm that all security controls are still in place and functioning as intended
To verify that any changes to the system or to the environment which the system resides have not resulted in any compromise of security controls
What key ideas do you want to remember from the focus on the EPLC?
Page 3 of 3
Your System and the EPLC
Critical Security Issues