DHS’ National Cyber Security Division has released Version 1.0 of their “FY 2011 Chief Information Officer Federal Information Security Management Act Reporting Metrics.” The document explains that
Some questions are informational and may not be specifically mapped to a NIST SP 800‐53 requirement or may only be required for a FIPS 199 High impact system. The intent is to gather information on best practices and Agency implementation status beyond minimal requirements.
Requirments covered include:
-
System Inventory;
-
Asset Management;
-
Configuration Management;
-
Vulnerability Management;
-
Identity and Access Management;
-
Data Protection;
-
Boundary Protection;
-
Incident Management;
-
Training and Education;
-
Remote Access;
-
Network Security Protocols;
-
Software Assurance; and
-
Continuous Monitoring.
Attached below is DHS Reporting Metrics document
Leave a Reply