X hits on this document

Powerpoint document

HHS Cybersecurity Program Training Information Security for Information Technology (IT) Administrato... - page 63 / 158

370 views

0 shares

0 downloads

0 comments

63 / 158

U.S. Department of Health and Human Services

Security Controls Assessment is the independent verification and validation of both technical and non-technical controls during the security authorization process. Technical controls include those system configurations and features designed within the system, such as identification and authorization, audit, and operating system security policies. An Security Controls Assessment Plan documents the management, operational, and technical components to be tested, and outlines the approach used throughout the test.

The information in a ST&E verifies findings of the initial risk assessment and is documented in a Security Assessment Report (SAR). The purpose of the SAR is to document any identified vulnerabilities and outline security risks associated with each. Upon completion of the SAR, the system’s Risk Assessment is updated.

Page 7 of 9

Implementation & Assessment Phase

Security Controls Assessment

Document info
Document views370
Page views370
Page last viewedSun Dec 04 14:21:37 UTC 2016
Pages158
Paragraphs2058
Words16945

Comments