Archive for security controls
You are browsing the archives of security controls.
Policy and Procedure
Each of the seventeen families of security controls found in 800-53 contain a first control that requires the development of policy and procedures for that specific family of controls. Here is an example from the PL family: 800-53 security control PL-1 SECURITY PLANNING POLICY AND PROCEDURES Control: The organization develops, disseminates, and periodically reviews/updates: (i) [...]
Contingency Plan
Policy Identify statutory or regulatory requirements Create a policy statement Get the policy statement approved Publish the policy statement Key elements of policy Roles and responsibilities Scope Resources required Training required Testing and exercises schedule Maintenance schedule Backup and storage schedule Business Impact Assessment (BIA) The BIA is a critical piece of the CP that [...]
Implementation and Assessment Phase
Integration of security controls, Certification & Accreditation and documentation updates.
(…more)
Acquisition and Development Phase
Defining the security requirements, including risk assessment and security controls. Security planning involves documenting these requirements and preventative controls.
(…more)
