Information Technology Reference
In-Depth Information
SMp outline
1. Access control technical
1.1 Access control policy and procedures
1.2 Account management
1.3 Access enforcement
1.4 Information flow enforcement
1.5 Separation of duties
1.6 Least privilege
1.7 Unsuccessful login attempts
1.8 System use notification
1.9 Previous logon notification
1.10
Concurrent session control
1.11
Session lock
1.12
Session termination
1.13
Supervision and review—access control
1.14
Permitted actions without identification or authentication
1.15
Automated marking
1.16
Automated labeling
1.17
Remote access
1.18
Wireless access restrictions
1.19
Access control for portable and mobile devices
1.20
Use of external information systems
2. Awareness and training
2.1 Security awareness and training policy and procedures
2.2 Security awareness
2.3 Security training
2.4 Security training records
2.5 Contacts with security groups and associations
3. Audit and accountability
3.1 Audit and accountability policy and procedures
3.2 Auditable events
3.3 Content of audit records
3.4 Audit storage capacity
3.5 Response to audit processing failures
3.6 Audit monitoring, analysis, and reporting
3.7 Audit reduction and report generation
3.8 Time stamps
3.9 Protection of audit information
3.10
Nonrepudiation
3.11
Audit record retention
Previous Page
Next Page
Information Assurance Architecture
Search WWH ::




Custom Search
Home