Information Technology Reference
In-Depth Information
4. Certification, accreditation, and security assessments
4.1 Certification,
accreditation,
and
security
assessment
policies
and
procedures
4.2 Security assessments
4.3 Information system connections
4.4 Security certification
4.5 Plan of action and milestones
4.6 Security accreditation
4.7 Continuous monitoring
5. Configuration management
5.1 Configuration management policy and procedures
5.2 Baseline configuration
5.3 Configuration change control
5.4 Monitoring configuration changes
5.5 Access restrictions for change
5.6 Configuration settings
5.7 Least functionality
5.8 Information system component inventory
6. Contingency planning
6.1 Contingency planning policy and procedures
6.2 Contingency plan
6.3 Contingency training
6.4 Contingency plan testing and exercises
6.5 Contingency plan update
6.6 Alternate storage site
6.7 Alternate processing site
6.8 Telecommunications services
6.9 Information system backup
6.10
Information system recovery and reconstitution
7. Identification and authentication
7.1 Identification and authentication policy and procedures
7.2 User identification and authentication
7.3 Device identification and authentication
7.4 Identifier management
7.5 Authenticator management
7.6 Authenticator feedback
7.7 Cryptographic module authentication
8. Incident response
8.1 Incident response policy and procedures
8.2 Incident response training
8.3 Incident response testing and exercises
8.4 Incident handling
