ADMINISTRATIVE PROCEDURES TO GUARD DATA INTEGRITY, CONFIDENTIALITY, AND AVAILABILITY
Certification
Contingency plan
Applications and data criticality analysis
Data backup plan
Disaster recovery plan
Emergency mode operation plan
Testing and revision
Formal mechanism for processing records
Information access control
Access authorization
Access establishment
Access modification
Internal audit
Personnel security
Assure supervision of maintenance personnel by authorized, knowledgeable person
Maintenance of record of access authorizations
Operating, and in some cases, maintenance personnel have proper access authorization
Personnel clearance procedure
Personnel security policy/procedure
System users, including maintenance personnel, trained in security
Security configuration management
Documentation
Hardware/software installation & maintenance review and testing for security features
Inventory
Security testing
Virus checking
Security incident procedures
Report procedures
Response procedures
Security management process
Risk analysis
Risk management
Sanction policy
Security policy
Termination procedures
Combination locks changed
Removal from access lists
Removal of user account(s)
Turn in keys, token or cards that allow access
Training
Awareness training for all personnel
Periodic security reminders
User education concerning virus protection
User education in importance of monitoring log in success/failure, and how to report discrepancies
User education in password management
PHYSICAL SAFEGUARDS TO GUARD DATA INTEGRITY, CONFIDENTIALITY, AND AVAILABILITY
Assigned security responsibility
Media controls
Access control
Accountability
Data backup
Data storage
Disposal
Physical access controls
Disaster recovery
Emergency mode operation
Equipment control
Facility security plan
Procedures for verifying access authorizations prior to physical access
Maintenance records
Need-to-know procedures for personnel access
Sign-in for visitors and escort, if appropriate
Testing and revision
Policy/guideline on work station use
Secure work station location
Security awareness training
TECHNICAL SECURITY SERVICES TO GUARD DATA INTEGRITY, CONFIDENTIALITY, AND AVAILABILITY
Access control
Context-based access
Encryption
Procedure for emergency access
Role-based access
User-based access
Audit controls
Authorization control
Role-based access
User-based access
Data authentication
Entity authentication
Automatic logoff
Biometric
Password
PIN
Telephone callback
Token
Unique user identification
TECHNICAL SECURITY MECHANISMS TO GUARD AGAINST UNAUTHORIZED ACCESS TO DATA THAT IS TRANSMITTED OVER A COMMUNICATIONS NETWORK
Communications/network controls
Access controls
Alarm
Audit trail
Encryption
Entity authentication
Event reporting
Integrity controls
Message authentication
ELECTRONIC SIGNATURE
Digital signature
Ability to add attributes
Continuity of signature capability
Countersignatures
Independent verifiability
Interoperability
Message integrity
Multiple Signatures
Non-repudiation
Transportability
User authentication
[Edit footer.html to set your custom footer here]
Current URL: http://compliancemanager.com/ModelStore/ModelPreview?ModelStoreId=ad48f93d-2cdf-41fd-9354-cca39e6a3699 Base URL: http://compliancemanager.com/ Current URL Domain Name: compliancemanager.com
ADMINISTRATIVE PROCEDURES TO GUARD DATA INTEGRITY, CONFIDENTIALITY, AND AVAILABILITY
