Question

In: Computer Science

Please explain to me in your own words (no cut and past) what each of the...

Please explain to me in your own words (no cut and past) what each of the following documents mean and what they are trying to accomplish.

  • FIPS 199
  • FIPS 200
  • 800-39

Solutions

Expert Solution

FIPS stands for Federal  Informational Processing Standards these are set of rules that describe the document processing,encryption algorithm and other information technology standards for use with in non-military government and by government contractors and vendors who work with agencies.

FIPS 199/200

- Its all about Risk Assessment and Risk Management. Federal agencies must conduct these assessments per The Federal Information Security Management Act of 2002 (FISMA).

- So it made NIST (National Institute of Standards and Technology) to develop these standards i.e

1. Categorize information based on the level of risks(FIPS 199).

2. Secure information appropriate to its level(FIPS 200).

FIPS 199 :

- Security Categories for information and information Systems.

1. Based on security objectives:

a)Confidentiality.

b) Integrity.

c) Availability.

2. Levels of impact if a security breach occurred:

a)Low.

b) Moderate.

c)High.

FIPS 200 :

- FIPS 200 provides guidance to properly protecting the system, base on this classification

Controls fall within 17 categories:

1) Access control.

2) Awareness and Training.

3) Audit and Accountability.

4) Certification, accreditation, security and Assessments.

5) Configuration Management.

6) Contingency Planning.

7) Identification and Authentication.

8) Incident Response.

9) Maintenance.

10) Media protection.

11) Physical and environmental protection.

12) Planning.

13)Personnel Security.

14) Risk Assessment.

15) Systems and Service Acquisition.

16) System and Communication Protection.

17) System and Information Integrity.

SP 800-39 :

- It is a Special Publication titled as Information Security,  standards are set by NIST in response to FISMA.

-SP 800-39 purpose is to provide guidance for an integrated, organization-wide program for managing information security risk to organizational operations (i.e., mission, functions, image, and reputation), organizational assets, individuals, other organizations, and the Nation resulting from the operation and use of federal information systems.


Related Solutions

Please explain to me in your own words (no cut and past) what each of the...
Please explain to me in your own words (no cut and past) what each of the following documents mean and what they are trying to accomplish. what does each law number refers too and what does it do ? 800-18 800-59 800-30
please give me every single question answers in your own words with reference. What is a...
please give me every single question answers in your own words with reference. What is a cataract? How is it treated? Differentiate between narrow angle and wide angle glaucoma. How is each treated? What is macular degeneration? Identify the types and their treatment (some may still be at the clinical trial level). What are the signs and symptoms associated with retinal detachment? How is retinal detachment treated? What are conductive hearing loss and sensorineural hearing loss? What does a cochlear...
In your own words, please explain the Conflict Perspective. Provide an example. In your own words,...
In your own words, please explain the Conflict Perspective. Provide an example. In your own words, please explain the Interactionist Perspective. Provide an example.
1. can you please use your own words to tell me what is the difference between...
1. can you please use your own words to tell me what is the difference between capital budgeting screening decisions and capital budgeting preference decisions? 2. use your own words to tell me what is meant by the term 'time value of money". 3. What is net present value (NPV)? Can it ever be negative? Explain in your own words. 4. How is the project profitability index computed, and what does it measure?
( please in your own words) Explain what is meant by quality management and why is...
( please in your own words) Explain what is meant by quality management and why is it important?
Please explain in your own words, what is the difference between state and federal government? Please...
Please explain in your own words, what is the difference between state and federal government? Please don't copy paste from a website.
In your own words, explain what an outlier is.
In your own words, explain what an outlier is.
Please explain primitive and adaptive refexes in your own words?
Please explain primitive and adaptive refexes in your own words?
Please in your own words only, give me a brief history summary of Puerto Rico and...
Please in your own words only, give me a brief history summary of Puerto Rico and why it became part of U.S citizenship?
Use your own words to explain it. Please NO handwriting. NO copying. What is research? Why...
Use your own words to explain it. Please NO handwriting. NO copying. What is research? Why is it important to write up research? When is a formal report necessary? What is meant by “writing is thinking”? Please provide examples. Discussion post must be a minimum of 300 words.
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT