Top Viewed Controls (Last 30 Days)
An annual IA review is conducted that comprehensively evaluates existing policies and processes to ensure procedural consistency and to ensure that they fully support the goal of uninterrupted...
Procedures are in place assure the appropriate physical and technical protection of the backup and restoration hardware, firmware, and software, such as router tables, compilers, and other...
The organization develops, disseminates, and reviews/updates [Assignment: organization-defined frequency]:
a. A formal, documented access control policy that addresses purpose, scope, roles,...
The organization:
a. Determines the types of changes to the information system that are configuration controlled;
b. Approves configuration-controlled changes to the system with explicit...
The organization:
a. Conducts an assessment of risk, including the likelihood and magnitude of harm, from the unauthorized access, use, disclosure, disruption, modification, or destruction of the...
The organization:
a. Assigns a senior-level executive or manager to the role of authorizing official for the information system;
b. Ensures that the authorizing official authorizes the information...
Access control, including:
Least Privilege procedures, including the assurance that each user or process is granted the most restrictive set of privileges or accesses needed for the performance of authorized tasks.
The organization develops, disseminates, and reviews/updates [Assignment: organization-defined frequency]:
a. A formal, documented system and services acquisition policy that includes information...
The information system enforces approved authorizations for logical access to the system in accordance with applicable policy.
The organization:
a. Develops a comprehensive strategy to manage risk to organizational operations and assets, individuals, other organizations, and the Nation associated with the operation and use...
The organization:
a. Establishes a process for maintenance personnel authorization and maintains a current list of authorized maintenance organizations or personnel; and
b. Ensures that personnel...
The information system fails to a [Assignment: organization-defined known-state] for [Assignment: organization-defined types of failures] preserving [Assignment: organization-defined system state...
Discretionary access controls are a sufficient IA mechanism for connecting DoD information systems operating at the same classification, but with different need-to-know access rules. A controlled...