Information Technology Reference
In-Depth Information
12.5 Privacy impact assessment
12.6 Security-related activity planning
13. Personnel security
13.1 Personnel security policy and procedures
13.2 Position categorization
13.3 Personnel screening
13.4 Personnel termination
13.5 Personnel transfer
13.6 Access agreements
13.7 Third-party personnel security
13.8 Personnel sanctions
14. Risk assessment
14.1 Risk assessment policy and procedures
14.2 Security categorization
14.3 Risk assessment
14.4 Risk assessment update
14.5 Vulnerability scanning
15. System and services acquisition
15.1 System and services acquisition policy and procedures
15.2 Allocation of resources
15.3 Life cycle support
15.4 Acquisitions
15.5 Information system documentation
15.6 Software usage restrictions
15.7 User installed software
15.8 Security engineering principles
15.9 External information system services
15.10 Developer configuration management
15.11 Developer security testing
16. System and communications protection
16.1 System and communications protection policy and procedures
16.2 Application partitioning
16.3 Security function isolation
16.4 Information remnance
16.5 Denial-of-service protection
16.6 Resource priority
16.7 Boundary protection
16.8 Transmission integrity
16.9 Transmission confidentiality
16.10
Network disconnect
16.11
Trusted path
16.12
Cryptographic key establishment and management
