by U.S. Department of Commerce, Computer Security Division, Information Technology, National Institute of Standards and Technology in Gaithersburg, MD .
Written in English
|Series||NIST special publication ;, 800-26, Computer security, NIST special publication.|
|LC Classifications||QA76.9.A25 S918 2001|
|The Physical Object|
|Pagination||1 v. (various paging) ;|
|LC Control Number||2002320193|
Adequate security of information and the systems that process it is a fundamental management responsibility. Agency officials must understand the current status of their information security program and controls in order to make informed judgments and investments that appropriately mitigate risks to an acceptable level. Self-assessments provide a method for agency officials to determine the Cited by: This ITL Bulletin summarizes Special Publication (SP) , Security Self-Assessment Guide for Information Technology Systems. Adequate security of information and the systems that process it is a fundamental management responsibility. Agency officials must understand the current status of their information security program and controls in order to make informed Cited by: This self-assessment guide utilizes an extensive questionnaire containing specific control objectives and techniques against which an unclassified system or group of interconnected systems can be tested and measured. The guide does not establish new security requirements. The control objectives and techniques are abstracted directly from long Cited by: Self-Assessment Handbook. For Assessing NIST SP systems are made aware of the security risks associated with their activities and of the applicable policies, standards, and procedures related to the security of organization Establish and enfor ce security configuration settings for information technology.
The National Institute of Standards and Technology control self-assessment methodology is based on customised questionnaires. It is an IT focused methodology suitable for assessing system based controls. It provides a cost-effective technique to determine the status of information security controls, identify any weaknesses and, where. Security Self-Assessment Guide For IT Systems 1 1. Introduction A self-assessment conducted on a system (major application or general support system) or multiple self-assessments conducted for a group of interconnected systems (internal or external to the agency) is one method used to measure information technology (IT) security assurance. Computer Security Division. Information Technology Laboratory. National Institute of Standards and Technology. Gaithersburg, MD and outreach efforts in information system security, and its collaborative activities Special Publication Guide for Conducting Risk Assessments. Information Technology Security Handbook v T he Preparation of this book was fully funded by a grant from the infoDev Program of the World Bank Group. The topic of Information Technology (IT) security has been growing in importance in the last few years, and .
Get this from a library! Security self-assessment guide for information technology systems. [Marianne Swanson; National Institute of Standards and Technology (U.S.)] -- Self-assessments provide a method for agency officials to determine the current status of their information security programs and, where necessary, establish a target for improvement. Physical Security Systems Assessment Guide – December PSS-3 Appendix B (Access Control System Performance Tests) contains effectiveness tests on entry control and detection equipment. Appendix C (Communications Equipment Performance Tests) contains performance tests on radio equipment and duress alarms. minimum standard for evaluating the security of Federal information systems. It includes an extensive questionnaire containing specific control objectives, elements, and techniques against which systems can be tested and measured. 1 NIST Special Publication , “Security Self-Assessment Guide for Information Technology Systems. In addition, this guide provides information on the selection of cost-effective security controls.2 These controls can be used to mitigate risk for the better protection of mission-critical information and the IT systems that process, store, and carry this information.