My Account Log in

2 options

Guide for developing security plans for federal information systems / Marianne Swanson, Joan Hash, Pauline Bowen.

Connect to full text Available online

View online

U.S. Government Documents Available online

View online
Format:
Book
Government document
Author/Creator:
Swanson, Marianne
Contributor:
Hash, Joan
Bowen, Pauline
National Institute of Standards and Technology (U.S.)
Series:
NIST special publication. Information security ; 800-18.
NIST special publication ; 800-18. Information security
Language:
English
Subjects (All):
Federal government--Information technology--Security measures--United States.
Federal government.
Computer security--Standards--United States.
Computer security.
Computer security--Standards.
United States.
Physical Description:
1 online resource (vii, 41 pages)
Edition:
Revision 1.
Place of Publication:
Gaithersburg, MD : U.S. Dept. of Commerce, National Institute of Standards and Technology, [2006]
Summary:
The objective of system security planning is to improve protection of information system resources. All federal systems have some level of sensitivity and require protection as part of good management practice. The protection of a system must be documented in a system security plan. The completion of system security plans is a requirement of the Office of Management and Budget (OMB) Circular A-130, "Management of Federal Information Resources," Appendix III, "Security of Federal Automated Information Resources," and Title III of the E-Government Act, entitled the Federal Information Security Management Act (FISMA), The purpose of the system security plan is to provide an overview of the security requirements of the system and describe the controls in place or planned for meeting those requirements. The system security plan also delineates responsibilities and expected behavior of all individuals who access the system. The system security plan should be viewed as documentation of the structured process of planning adequate, cost-effective security protection for a system. It should reflect input from various managers with responsibilities concerning the system, including information owners, the system owner, and the senior agency information security officer (SAISO). Additional information may be included in the basic plan and the structure and format organized according to agency needs, so long as the major sections described in this document are adequately covered and readily identifiable.
Notes:
Title from title screen (viewed on July 18, 2006).
"February 2006."
OCLC:
70786552

The Penn Libraries is committed to describing library materials using current, accurate, and responsible language. If you discover outdated or inaccurate language, please fill out this feedback form to report it and suggest alternative language.

Find

Home Release notes

My Account

Shelf Request an item Bookmarks Fines and fees Settings

Guides

Using the Find catalog Using Articles+ Using your account