|
| Home | Statistics | Documents | Catalog | StratEdit | XSLTForms | DNAOS | About | Portal | Glossary | Contact [!?] |
| Documents/DOIIT/2: IT Security |
|
Protect the availability, confidentiality and integrity of DOI’s IT resources. Other Information: Interior is committed to continuing improvements in its IT security program, and to complying with OMB Circular A-130, Appendix III security requirements. Interior has numerous systems to support over 50 business lines. This complexity makes security and IT management a very challenging undertaking, and underscores the need for further standardization. The goal of Information Security is to protect the availability, confidentiality and integrity of DOI information technology resources. This goal is met primarily by meeting the requirements specified in OMB Circular A-130, the Federal Information Security Management Act (FISMA) and various U.S. Commerce Department’s National Institute of Standards and Technology (NIST) publications. The Interior IT Security Program uses a risk-based, cost-effective approach to secure information and systems, identify and resolve current IT security weaknesses and risks, and protect against future vulnerabilities and threats.NIST has defined 17 areas that must be addressed as part of a world-class Information Security program. These 17 elements must be addressed in order to achieve the long term strategic goal for this focus area.1. Risk Management 2. Review of Security Controls 3. Life Cycle 4. Authorize Processing (Certification & Accreditation) 5. System Security Plan 6. Personnel Security 7. Physical and Environmental Protection 8. Production, Input/Output Controls 9. Contingency Planning 10. Hardware and System Software Maintenance 11. Data Integrity 12. Documentation 13. Security Awareness, Training, and Education 14. Incident Response Capability 15. Identification and Authentication 16. 1Logical Access Controls 17. Audit TrailsThe Certification & Accreditation (C & A) process is a key component of the security program as it consolidates many of the 17 program elements on a system by system basis. Interior has defined a process for completing C & A activities that is used across the Department and Bureaus.The Federal IT Security Assessment Framework developed by NIST is used to measure Interior’s progress in this strategic focus area. Objective(s):
|
| sitemap | Copyright 1971-2012 01 COMMUNICATIONS INC. ALL RIGHTS RESERVED. - Powered by DNAOS | contact |