Information Technology Reference
In-Depth Information
table e.1
iA
2
Details of S
ecurity Controls
IA
2
Topic
Description
Section header
<Insert description of security control.>
Drivers
Describe drivers behind IA. IA addresses business
risk and technical risk. Root drivers are generically
to further organizational and stakeholder interests,
ensure organizational viability, and support,
empower, protect, and facilitate the fulfillment of
the organizational mission.
IA
2
views
Describe applicable IA
2
views: People, policy,
business process, systems and applications,
information/data, infrastructure (technical,
physical)
IA core principles
Describe applicable IA core principles:
Confidentiality-integrity-availability (CIA),
Possession-authenticity-utility (PAU), Privacy-
authorized use-nonrepudiation (PAN)
Compliance requirements
Legislative, policy, guidelines, executive order,
presidential directive, or other requirement
specifically calling out or implying the use of
specific standards
ELCM application
Describe applicable ELCM elements: Concept,
architect, engineer, develop/acquire, implement,
test, deploy, train, O&M, retire
Verification
Describe applicable verification methods, e.g.,
system test and evaluation (ST&E), certification and
accreditation (C&A), others.
Operations
List applicable IA ops cycle elements: Anticipate,
defend, monitor, respond
