NIST SP800-37.pdfT • Enabling more consistent, com

文件名称: NIST SP800-37.pdf

所属分类: 其它

开发工具:

文件大小: 738kb

下载次数: 0

上传时间: 2020-02-14

提供者: sam****

下载 (738kb)

不能下载？报告错误

详细说明：T • Enabling more consistent, comparable, and repeatable assessments of security controls in federal information systems; • Promoting a better understanding of agency-related mission risks resulting from the operation of information systems; and • Creating more complete, reliable, and trustworthy information for authorizing officials—to facilitate more informed security accreditation decisions. Security certification and accreditation are important activities that support a risk management process and are an integral part of an agency’s information security program. Security accreditation is the official management decision given by a senior agency official to authorize operation of an information system and to explicitly accept the risk to agency operations, agency assets, or individuals based on the implementation of an agreed-upon set of security controls. Required by OMB Circular A-130, Appendix III, security accreditation provides a form of quality control and challenges managers and technical staffs at all levels to implement the most effective security controls possible in an information system, given mission requirements, technical constraints, operational constraints, and cost/schedule constraints. By accrediting an information system, an agency official accepts responsibility for the security of the system and is fully accountable for any adverse impacts to the agency if a breach of security occurs. Thus, responsibility and accountability are core principles that characterize security accreditation. It is essential that agency officials have the most complete, accurate, and trustworthy information possible on the security status of their information systems in order to make timely, credible, risk-based decisions on whether to authorize operation of those systems. The information and supporting evidence needed for security accreditation is developed during a detailed security review of an information system, typically referred to as security certifica

(系统自动生成,下载前可以参看下载内容)