expand for answer
Security requirements baseline
A description of minimum requirements necessary for a system to maintain an acceptable level of security. Description of the minimum requirements necessary for an information system to maintain an acceptable level of security.
Similar items:
(1) A program whereby a laboratory demonstrates that something is operating under accepted standards to ensure quality assurance. (2) A management or administrative process of accepting a specific site installation/implementation for operational use based upon evaluations and certifications. (3) A formal declaration by a Designated Approving Authority (DAA) that the AIS is approved to operate in a particular security mode using a prescribed set of safeguards. Accreditation is the official management authorization for operation of an AIS and is based on the certification process as well as other management considerations. The accreditation statement affixes security responsibility with the DAA and shows that due care has been taken for security. (4) Formal declaration by a (DAA) that an information system is approved to operate in a particular security mode using a prescribed set of safeguards at an acceptable level of risk. Formal declaration by a Designated Accrediting Authority (DAA) that an information system is approved to operate at an acceptable level of risk, based on the implementation of an approved set of technical, managerial, and procedural safeguards. (. See security safeguards. )The formal declaration by the Designated Approving Authority (DAA) that an IT system is approved to operate in a particular security mode using a prescribed set of safeguards at an acceptable level of risk.
[view]
[view]
An evaluation of controls protecting an information system against a set of minimum acceptable security requirements.
[view]
[view]
A set of minimum acceptable security controls that are applicable to a range of information technology systems.
[view]
[view]
A policy that a user must agree to follow to gain access to a network or to the Internet. A policy that defines a level of acceptable performance and expectation of behavior and activity for employees. Failure to comply with the policy may result in job action warnings, penalties, or termination.
[view]
[view]
The level of residual risk that has been determined to be a reasonable level of potential loss/disruption for a specific IT system. See also total risk, residual risk, and minimum level of protection.
[view]
[view]
There are no comments yet.