Information Systems: Agencies Overlook Security Controls During Development : Report to the Chairman, Committee on Science, Space, and Technology, House of Representatives

Front Cover

What people are saying - Write a review

We haven't found any reviews in the usual places.

Selected pages

Other editions - View all

Common terms and phrases

Popular passages

Page 46 - ADP/EDP system or network, to process sensitive data in an operational environment, made on the basis of a certification by designated technical personnel of the extent to which design and implementation of the system meet prespecified technical requirements for achieving adequate data security. Management can accredit a system at a higher/lower level than the certification.
Page 16 - Federal computer system identified by that agency pursuant to subsection (a) that is commensurate with the risk and magnitude of the harm resulting from the loss, misuse, or unauthorized access to or modification of the information contained in such system.
Page 46 - A specification or product that has been formally reviewed and agreed upon, that thereafter serves as the basis for further development, and that can be changed only through formal change control procedures.
Page 46 - A configuration identification document or a set of such documents formally designated and fixed at a specific time during a CI's life cycle.
Page 50 - Code (the Privacy Act), but which has not been specifically authorized under criteria established by an Executive order or an Act of Congress to be kept secret in the interest of national defense or foreign policy; and (5) the term "Federal agency...
Page 47 - The property that information is not made available or disclosed to unauthorized individuals, entities, or processes.
Page 46 - A specific type of interaction between a subject and an object that results in the flow of information from one to the other.
Page 48 - Extent to which a program can be expected to perform its intended function with required precision.
Page 16 - Developing technical, management, physical, and administrative standards and guidelines for the cost-effective security and privacy of sensitive information in Federal computer systems as defined in the Act; and, 2.
Page 46 - Certification - The technical evaluation of a system's security features, made as part of and in support of the approval/accreditation process, that establishes the extent to which a particular computer system's design and implementation meet a set of specified security requirements.

Bibliographic information