|
| Home | Statistics | Documents | Catalog | StratEdit | XSLTForms | DNAOS | About | Portal | Glossary | Contact [!?] |
| Documents/OPICIT/4: Information Security/4.1: Policies, Standards, and Procedures |
4.1: Policies, Standards, and Procedures Information Security Policies, Standards, and Procedures Other Information: The Policies, Standards, and Procedures element will establish the framework for the overall Information Security program through the development, documentation, and maintenance of policies, standards, and procedures. The compilation of these documents is essential to the overall effectiveness of OPIC working towards similar security solutions and implementing them in accordance with a defined security architecture. The collection of security policies establishes foundational IA requirements and rules for OPIC to protect the confidentiality, integrity, and availability of information assets. This element will document policies, standards, and procedures that will instruct Department staff on the specifics of the IA program and on safeguarding the program and specific systems. These documents will draw source materials from authoritative sources, including NIST, OMB, and public laws, and will ensure that these materials are distributed or otherwise made available to OPIC staff. The Policies, Standards, and Procedures element will also establish a framework for consistently collecting, analyzing, and distributing guidance materials. These documents will be developed and compiled in a manner that fulfills OPIC regulations and guidelines. The overall objective of this element is to develop the policies, standards, and procedures that will serve as the foundation for a robust IA program. To meet this objective, OPIC will undertake a series of tasks that will support a more effective application of security. The Policies, Standards, and Procedures element will meet the following objectives: • Establish and maintain an integrated security policy and metric framework including policies, standards, and guidelines • Validate the existing security standards or identify the need for new security standards • Ensure baseline security standards fulfill requirements set forth by current and future legislation, regulations, and federal guidance • Provide guidance for disaster recovery planning for all IT systems • Provide guidance for continuity of support planning for all IT systems Indicator(s):
|
| sitemap | Copyright 1971-2012 01 COMMUNICATIONS INC. ALL RIGHTS RESERVED. - Powered by DNAOS | contact |