X hits on this document

Powerpoint document

HHS Cybersecurity Program Training Information Security for Information Technology (IT) Administrato... - page 62 / 158

431 views

0 shares

0 downloads

0 comments

62 / 158

U.S. Department of Health and Human Services

Security control assessments determine the extent to which security controls are implemented correctly, operating as intended, and producing the desired outcome, with respect to meeting security requirements. NIST SP 800-53A Revision 1: Guide for Assessing the Security Controls in Federal Information Systems and Organizations, Building Effective Security Assessment Plans, is designed to establish a set of standardized assessment techniques and procedures for each security control listed in NIST SP 800-53 Revision 3.

For a new system, security controls are tested by way of an independent security controls assessment. Once a system is operational, a subset of its controls must be assessed, at least annually, in between independent security controls assessment efforts.

IT Administrators may participate in the annual internal assessment of a system’s controls or may be responsible for refining controls, if an independent reviewer finds weaknesses.

Page 6 of 9

Implementation & Assessment Phase

Security Controls Assessment

Document info
Document views431
Page views431
Page last viewedThu Dec 08 12:52:42 UTC 2016
Pages158
Paragraphs2058
Words16945

Comments