fisma certification and accreditation handbook phần 4 potx

... 10 149 40 9_Cert_Accred_10.qxd 11/2/06 1:57 PM Page 149 Table 8 .4 continued Operational Assurance Control Questions No. Question L1 L2 L3 L4 Incident Response Capabilities Required by: FISMA § 3 546 ... Awareness and Training Requirements • Chapter 9 141 40 9_Cert_Accred_09.qxd 11/2/06 1: 54 PM Page 141 Table 10.2 continued Rules of Behavior for Handhelds End-User Rules of Behavio...

Ngày tải lên: 14/08/2014, 18:20

... for evaluation. Without a handbook and a specified process, the www.syngress.com 46 Chapter 4 • Establishing a C&A Program 40 9_Cert_Accred_ 04. qxd 11/2/06 1:29 PM Page 46 C&A Best Practices… Initiation ... staff to www.syngress.com 40 Chapter 3 • Understanding the Certification and Accreditation Process 40 9_Cert_Accred_03.qxd 11/2/06 1:28 PM Page 40 Summary The cert...

Ngày tải lên: 14/08/2014, 18:20

... . . . . . . .46 C&A Handbook Development . . . . . . . . . . . . . . . . . . . . . .46 What to Include in Your Handbook . . . . . . . . . . . . . . . .47 Who Should Write the Handbook? . . ... agency, you will continually need to go back to the handbook and reference it.The handbook will have way too much information in it for you to read and absorb and remember in one f...

Ngày tải lên: 14/08/2014, 18:20

... Certification Level 40 9_Cert_Accred_07.qxd 11/2/06 2:10 PM Page 90 Table 8 .4 Operational Assurance Control Questions No. Question L1 L2 L3 L4 User Trust Required by: FISMA § 3 543 (a)(2) & 3 545 (f); OMB ... agreements and memorandums of understanding? After new security controls are added, are they tested as required? Do security controls operate as intended? Life Cycle Support...

Ngày tải lên: 14/08/2014, 18:20

... (ST&E) 40 9_Cert_Accred_12.qxd 11/2/06 5 :44 PM Page 2 04 409_Cert_Accred_12.qxd 11/2/06 5 :44 PM Page 210 Assessment should determine if PII is collected and should list all types of PII that are ... (http://csrc.nist.gov/cryptval/ 140 -1/FIPS 140 2IG.pdf ). www.syngress.com Performing the Security Tests and Evaluation (ST&E) • Chapter 12 209 40 9_Cert_Accred_12.qxd 11/2/06 5...

Ngày tải lên: 14/08/2014, 18:20

... con- www.syngress.com 238 Chapter 14 • Performing the Business Risk Assessment 40 9_Cert_Accred_ 14. qxd 11/3/06 9: 34 AM Page 238 ■ Does a contact list exist and is it up-to-date? ■ Are roles and responsibilities ... and impact severity with S, our risk exposure equation looks like this: P x S = Risk Exposure (RE) www.syngress.com 2 34 Chapter 14 • Performing the Business Risk As...

Ngày tải lên: 14/08/2014, 18:20

... Hossein. Handbook of Information Security,Volume 3,Threats, Vulnerabilities, Prevention, Detection, and Management. John Wiley & Sons, January 2006. ISBN: 047 1 648 329. Jones, Andy, and Debi ... Plan Continued 40 9_Cert_Accred_18.qxd 11/3/06 2 :48 PM Page 300 approving or disapproving, agency information security pro- grams required under section 3 544 (b)…. Additionally, in FISM...

Ngày tải lên: 14/08/2014, 18:20

... three connections (now closed): TCP 128.88 .41 .2:1025 140 .216 .41 .2:80 CLOSE_WAIT TCP 128.88 .41 .2:2180 140 .216 .41 .2:80 CLOSE_WAIT TCP 128.88 .41 .2:1188 140 .216 .41 .2:80 CLOSE_WAIT (A socket is an IP address ... applica- tions, and databases are hardened and locked down. Section 3 544 (b)(2)(D)iii www.syngress.com Preparing the System Security Plan • Chapter 19 341 40 9_Cert_Ac...

Ngày tải lên: 14/08/2014, 18:20

... Certification Package for Accreditation • Chapter 21 40 5 40 9_Cert_Accred_21.qxd 11/3/06 2:59 PM Page 40 5 FISMA Appendix A: 43 1 40 9_Cert_Accred_AA.qxd 11/3/06 3:58 PM Page 43 1 ... Standards and Technology Act (15 www.syngress.com 43 4 Appendix A • FISMA 40 9_Cert_Accred_AA.qxd 11/3/06 3:58 PM Page 43 4 ■ Are changes to milestones identified and listed? ■ Does the weakne...

Ngày tải lên: 14/08/2014, 18:20

... MANDATORY REQUIREMENTS.— ‘‘(1) AUTHORITY TO MAKE MANDATORY.—Except as provided under paragraph (2), the www.syngress.com 44 4 Appendix A • FISMA 40 9_Cert_Accred_AA.qxd 11/3/06 3:58 PM Page 44 4 48 6 ... Integrity, and Availability (CIA) 40 9_Cert_Accred_Index.qxd 11/3/06 4: 41 PM Page 48 7 APPENDIX A TERMS AND DEFINITIONS AVAILABILITY: Ensuring timely and reliable access to a...

Ngày tải lên: 14/08/2014, 18:20