U.S. Department of Health and Human Services
HHS’s IT Administrator security practices are grounded in agency policies and procedures and the professional standards offered by NIST. Here are key ideas from this topic:
There are three categories of potential impact: low, moderate, or high.
These three categories determine how secure a system must be to ensure confidentiality, integrity, and availability
NIST SP 800-53 Rev. 3 contains a catalog of 18 families of system controls for ensuring the appropriate degree of security. These controls are arranged in three classes (Management, Operational, Technical)
IT Administrators are typically most concerned with the four families of technical controls.
Page 1 of 1