Federal Information Security Management Act of 2002/Catalogs: Difference between revisions
Jump to navigation
Jump to search
imported>Howard C. Berkowitz (New page: <noinclude>{{subpages}}</noinclude> ===Baseline common controls at low impact=== A low-impact system must have impairment to availability, confidentiality and integrity all rated in the lo...) |
(No difference)
|
Latest revision as of 11:59, 20 September 2009
Baseline common controls at low impact
A low-impact system must have impairment to availability, confidentiality and integrity all rated in the low category of FIPS 199: "limited adverse effect on organizational operations, organizational assets, or individuals," causing minor degradation, financial loss, or harm to individuals. [1]
- Access control
- AC-1, Access Control Policies and Procedures
- AC-2, Account management
- AC-3, Access enforcement
- AC-7, unsuccessful login attempts
- AC-8, system use notification
- AC-14, permitted use without identification or authentication
- AC-17, remote access controls
- AC-18, wireless access controls
- AC-19, access controls for mobile devices
- AC-20, external information systems
- AC-22, publicly accessible content
- Awareness and training
- Audit and accountability
- Security assessment and authorization
- Configuration management
- Contingency planning
- Identification and authentication
- Incident response
- Maintenance
- Media protection
- Physical and environmental protection
- Security planning
- Personnel security
- Information system risk assessment
- Information system and services acquisition
- Information system and communications protection
- Information system and integity
- SI-1, policy and procedures
- SI-2, flaw remediation
- SI-3, Malicious code protection
- ↑ FIPS 199, p. 2