X hits on this document

Powerpoint document

HHS Cybersecurity Program Training Information Security for Information Technology (IT) Administrato... - page 70 / 158

410 views

0 shares

0 downloads

0 comments

70 / 158

U.S. Department of Health and Human Services

Page 2 of 12

NIST SP 800-53 Rev 3. is divided into 18 control families comprising three classes – Management, Operational, and Technical.

Management Controls: Focus on the management of the computer security system and the management of risk for a system. They are techniques and concerns that are normally addressed by management, through policy and documentation.

Operational Controls: Address security issues related to mechanisms primarily implemented and executed by people (as opposed to systems). Often, they require technical or specialized expertise and rely upon management activities as well as technical controls.

Technical Controls: Technical controls are security controls that are configured within the system. Technical controls can provide automated protection for unauthorized access or misuse, facilitate detection of security violations, and support security requirements for applications and data.

Security  Control Selection

Three Classes of Controls

Document info
Document views410
Page views410
Page last viewedWed Dec 07 13:08:02 UTC 2016
Pages158
Paragraphs2058
Words16945

Comments