Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
38 Cards in this Set
- Front
- Back
SP800-18 |
Guide for Developing Security Plans for Federal Information Systems |
|
SP800-30 |
Guide for Conducting |
|
SP800-34
|
Contingency Planning Guide for Federal Information Systems |
|
SP800-37
|
Guide for Applying the Risk Management Framework to Federal Information Systems |
|
SP800-39 |
Managing Information
Security Risk (Organization, Mission, and Information System View) |
|
SP800-40
|
Creating a Patch and Vulnerability Management Program |
|
SP800-41
|
Guidelines on Firewalls and Firewall Policy |
|
SP800-47 |
Security Guide for Interconnecting Information Technology Systems
|
|
SP800-50
|
Building an Information Technology Security Awareness and Training Program
|
|
SP800-53
|
Security and Privacy Controls for Federal Information Systems |
|
SP800-53A
|
Guide for Assessing the Security |
|
SP800-55 |
Performance Measurement Guide for Information Security
|
|
SP800-59
|
Guideline for Identifying an Information System as a National Security System |
|
SP800-60
|
Guide to Categorizing Information Systems
|
|
SP800-61 |
Computer Security Incident Handling Guide
|
|
SP800-64
|
System Development Life Cycle
|
|
SP800-83
|
Guide to Malware Incident Prevention and Handling for Desktops and Laptops
|
|
SP800-88 |
Guidelines for Media Sanitization
|
|
SP800-92 |
Guide to Computer Security Log Management
|
|
SP800-100
|
Information Security Handbook: A Guide for Managers |
|
SP800-115
|
Technical Guide to Information Security Testing and Assessment |
|
SP800-122 |
Guide to Protecting the Confidentiality of Personally Identifiable Information (PII) |
|
SP800-128 |
Configuration Management of Information Systems |
|
SP800-137 |
Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations |
|
SP800-144 |
Security and Privacy in the CLOUD |
|
5 U.S.C. 552a-Privacy Act of 1974 |
Information gathered on individuals should only be used for the purpose for which it was collected |
|
CNSS Instruction No. 1253A |
Security Control Overlays Template (Used for Security Categorization and Control Selection for National Security Systems) |
|
FIPS 199 |
Standards for Security Categorization of Federal Information and Information Systems |
|
FIPS 200 |
Minimum Security Requirements for Federal Information and Information Systems (Selecting Security Controls) |
|
OMB M-06-15 |
Safeguarding Personally Identifiable Information |
|
OMB M-06-19 |
Reporting Incidents involving PII |
|
OMB Circular A-11 |
Preparation, Submission, and Execution of the Budget |
|
OMB Circular A-123 |
Management's Responsibility for Internal Control |
|
OMB Circular A-130 (Management of Federal Information Resources) |
Must have: 1. Security plan 2. Emergency Response Capabilities 3. One person responsible for security 4. Reports to Congress 5. Security awareness training 6. Reg. review and improvement of contingency plans |
|
Section 3541 Title 44 U.S.C. - Federal Information Security Management Act of 2002 |
Requires: 1. Security Program 2. Annual Security Review 3. Annual Reporting 4. Defines National Security Systems
|
|
E-Government Act of 2002 |
The origin of the requirement for a Privacy Impact Assessment (P.I.A.)
|
|
Clinger-Cohen Act of 1996 (Also known as I.T. Management Reform Act) |
Required each Agency to have a process to maximize value and assess and manage risks of I.T. investments |
|
The Computer Security Act of 1987 |
Says: 1. Computer Security Plan should be made 2. Identify computers containing sensitive info. 3. Need Security awareness training for individuals |