This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Category:GIC-NISTSP80037r1FPD"

From OWASP
Jump to: navigation, search
(Initial add for GIC review of NIST SP 800-37r1 FPD)
 
 
(2 intermediate revisions by the same user not shown)
Line 1: Line 1:
 +
{| align="right"
 +
| __TOC__
 +
|}
 
== Table of Contents ==
 
== Table of Contents ==
  
*[[Industry:Project_Review/NIST_SP_800-37r1_FPD_Front_Matter|FRONT MATTER]]
+
*[[Industry:Project_Review/NIST_SP_800-37r1_FPD_Front_Matter|FRONT MATTER]] ([[Talk:Industry:Project_Review/NIST_SP_800-37r1_FPD_Front_Matter|Discussion]])
*[[Industry:Project_Review/NIST_SP_800-37r1_FPD_Chapter_1|CHAPTER ONE INTRODUCTION]]
+
*[[Industry:Project_Review/NIST_SP_800-37r1_FPD_Chapter_1|CHAPTER ONE INTRODUCTION]] ([[Talk:Industry:Project_Review/NIST_SP_800-37r1_FPD_Chapter_1|Discussion]])
 
**1.1 BACKGROUND
 
**1.1 BACKGROUND
 
**1.2 PURPOSE AND APPLICABILITY
 
**1.2 PURPOSE AND APPLICABILITY
 
**1.3 TARGET AUDIENCE
 
**1.3 TARGET AUDIENCE
 
**1.4 ORGANIZATION OF THIS SPECIAL PUBLICATION
 
**1.4 ORGANIZATION OF THIS SPECIAL PUBLICATION
*[[Industry:Project_Review/NIST_SP_800-37r1_FPD_Chapter_2|CHAPTER TWO THE FUNDAMENTALS]]
+
*[[Industry:Project_Review/NIST_SP_800-37r1_FPD_Chapter_2|CHAPTER TWO THE FUNDAMENTALS]] ([[Talk:Industry:Project_Review/NIST_SP_800-37r1_FPD_Chapter_2|Discussion]])
 
**2.1 INTEGRATED ENTERPRISE-WIDE RISK MANAGEMENT
 
**2.1 INTEGRATED ENTERPRISE-WIDE RISK MANAGEMENT
 
**2.2 SYSTEM DEVELOPMENT LIFE CYCLE
 
**2.2 SYSTEM DEVELOPMENT LIFE CYCLE
 
**2.3 INFORMATION SYSTEM BOUNDARIES
 
**2.3 INFORMATION SYSTEM BOUNDARIES
 
**2.4 SECURITY CONTROL ALLOCATION
 
**2.4 SECURITY CONTROL ALLOCATION
*[[Industry:Project_Review/NIST_SP_800-37r1_FPD_Chapter_3|CHAPTER THREE THE PROCESS]]
+
*[[Industry:Project_Review/NIST_SP_800-37r1_FPD_Chapter_3|CHAPTER THREE THE PROCESS]] ([[Talk:Industry:Project_Review/NIST_SP_800-37r1_FPD_Chapter_3|Discussion]])
 
**3.1 RMF STEP 1 – CATEGORIZE INFORMATION SYSTEM
 
**3.1 RMF STEP 1 – CATEGORIZE INFORMATION SYSTEM
 
**3.2 RMF STEP 2 – SELECT SECURITY CONTROLS
 
**3.2 RMF STEP 2 – SELECT SECURITY CONTROLS
Line 19: Line 22:
 
**3.5 RMF STEP 5 – AUTHORIZE INFORMATION SYSTEM
 
**3.5 RMF STEP 5 – AUTHORIZE INFORMATION SYSTEM
 
**3.6 RMF STEP 6 – MONITOR SECURITY CONTROLS
 
**3.6 RMF STEP 6 – MONITOR SECURITY CONTROLS
*[[Industry:Project_Review/NIST_SP_800-37r1_FPD_Appendix_A|APPENDIX A REFERENCES]]
+
*[[Industry:Project_Review/NIST_SP_800-37r1_FPD_Appendix_A|APPENDIX A REFERENCES]] ([[Talk:Industry:Project_Review/NIST_SP_800-37r1_FPD_Appendix_A|Discussion]])
*[[Industry:Project_Review/NIST_SP_800-37r1_FPD_Appendix_B|APPENDIX B GLOSSARY]]
+
*[[Industry:Project_Review/NIST_SP_800-37r1_FPD_Appendix_B|APPENDIX B GLOSSARY]] ([[Talk:Industry:Project_Review/NIST_SP_800-37r1_FPD_Appendix_B|Discussion]])
*[[Industry:Project_Review/NIST_SP_800-37r1_FPD_Appendix_C|APPENDIX C ACRONYMS]]
+
*[[Industry:Project_Review/NIST_SP_800-37r1_FPD_Appendix_C|APPENDIX C ACRONYMS]] ([[Talk:Industry:Project_Review/NIST_SP_800-37r1_FPD_Appendix_C|Discussion]])
*[[Industry:Project_Review/NIST_SP_800-37r1_FPD_Appendix_D|APPENDIX D ROLES AND RESPONSIBILITIES]]
+
*[[Industry:Project_Review/NIST_SP_800-37r1_FPD_Appendix_D|APPENDIX D ROLES AND RESPONSIBILITIES]] ([[Talk:Industry:Project_Review/NIST_SP_800-37r1_FPD_Appendix_D|Discussion]])
*[[Industry:Project_Review/NIST_SP_800-37r1_FPD_Appendix_E|APPENDIX E SUMMARY OF RMF TASKS]]
+
*[[Industry:Project_Review/NIST_SP_800-37r1_FPD_Appendix_E|APPENDIX E SUMMARY OF RMF TASKS]] ([[Talk:Industry:Project_Review/NIST_SP_800-37r1_FPD_Appendix_E|Discussion]])
*[[Industry:Project_Review/NIST_SP_800-37r1_FPD_Appendix_F|APPENDIX F SECURITY AUTHORIZATION]]
+
*[[Industry:Project_Review/NIST_SP_800-37r1_FPD_Appendix_F|APPENDIX F SECURITY AUTHORIZATION]] ([[Talk:Industry:Project_Review/NIST_SP_800-37r1_FPD_Appendix_F|Discussion]])
*[[Industry:Project_Review/NIST_SP_800-37r1_FPD_Appendix_G|APPENDIX G CONTINUOUS MONITORING]]
+
*[[Industry:Project_Review/NIST_SP_800-37r1_FPD_Appendix_G|APPENDIX G CONTINUOUS MONITORING]] ([[Talk:Industry:Project_Review/NIST_SP_800-37r1_FPD_Appendix_G|Discussion]])
*[[Industry:Project_Review/NIST_SP_800-37r1_FPD_Appendix_H|APPENDIX H OPERATIONAL SCENARIOS]]
+
*[[Industry:Project_Review/NIST_SP_800-37r1_FPD_Appendix_H|APPENDIX H OPERATIONAL SCENARIOS]] ([[Talk:Industry:Project_Review/NIST_SP_800-37r1_FPD_Appendix_H|Discussion]])
 +
*[[Industry:Project_Review/NIST_SP_800-37r1_FPD_Appendix_I|APPENDIX I SECURITY CONTROLS IN EXTERNAL ENVIRONMENTS]] ([[Talk:Industry:Project_Review/NIST_SP_800-37r1_FPD_Appendix_I|Discussion]])
  
  

Latest revision as of 03:28, 16 December 2009

Table of Contents


Prologue

"...Through the process of risk management, leaders must consider risk to U.S. interests from adversaries using cyberspace to their advantage and from our own efforts to employ the global nature of cyberspace to achieve objectives in military, intelligence, and business operations..."
"...For operational plans development, the combination of threats, vulnerabilities, and impacts must be evaluated in order to identify important trends and decide where effort should be applied to eliminate or reduce threat capabilities; eliminate or reduce vulnerabilities; and assess, coordinate, and deconflict all cyberspace operations..."
"...Leaders at all levels are accountable for ensuring readiness and security to the same degree as in any other domain..."

-- THE NATIONAL STRATEGY FOR CYBERSPACE OPERATIONS

OFFICE OF THE CHAIRMAN, JOINT CHIEFS OF STAFF, U.S. DEPARTMENT OF DEFENSE


Footnotes

<references />


Sources

Subcategories

This category has only the following subcategory.

G