What people are saying - Write a review
We haven't found any reviews in the usual places.
Other editions - View all
adequate alternatives Applicable Approach appropriate security controls Assessment Auditing authority automated information systems believe Bureau of Standards changes Circular Committee Computer Security Act concerns consistent construction Controls in Automated correct cost currently Cycle decisions Define definition Department determine development practices Development Procedures documents draft effective establish estimated Evaluation example existing feasibility federal fips firmr functional guidance Guide guidelines House identify incorporated information security Information System Development initiation phase Integrity issues Management ment National Bureau necessary needs nine agencies Number objectives Office operations overall Performed phase policies potential problems procedures protect Recommendations Reduces Assurance Activity Regulation request Resources responsibility revise risk risk analysis security requirements selected sensitive information similar Social Security Administration Special Publication specific systems under development Table technical Technology Test tion unauthorized vulnerabilities
Page 46 - ADP/EDP system or network, to process sensitive data in an operational environment, made on the basis of a certification by designated technical personnel of the extent to which design and implementation of the system meet prespecified technical requirements for achieving adequate data security. Management can accredit a system at a higher/lower level than the certification.
Page 16 - Federal computer system identified by that agency pursuant to subsection (a) that is commensurate with the risk and magnitude of the harm resulting from the loss, misuse, or unauthorized access to or modification of the information contained in such system.
Page 46 - A specification or product that has been formally reviewed and agreed upon, that thereafter serves as the basis for further development, and that can be changed only through formal change control procedures.
Page 46 - A configuration identification document or a set of such documents formally designated and fixed at a specific time during a CI's life cycle.
Page 50 - Code (the Privacy Act), but which has not been specifically authorized under criteria established by an Executive order or an Act of Congress to be kept secret in the interest of national defense or foreign policy; and (5) the term "Federal agency...
Page 47 - The property that information is not made available or disclosed to unauthorized individuals, entities, or processes.
Page 46 - A specific type of interaction between a subject and an object that results in the flow of information from one to the other.
Page 48 - Extent to which a program can be expected to perform its intended function with required precision.
Page 16 - Developing technical, management, physical, and administrative standards and guidelines for the cost-effective security and privacy of sensitive information in Federal computer systems as defined in the Act; and, 2.
Page 46 - Certification - The technical evaluation of a system's security features, made as part of and in support of the approval/accreditation process, that establishes the extent to which a particular computer system's design and implementation meet a set of specified security requirements.