Approved Standards

Security Domain

The following Disciplines, Technology Areas and Compliance Components have been approved as Enterprise Architecture blueprints for inclusion in the EA repository. As more documentation becomes a part of the overall governance and product standards, this list will expand accordingly.

Discipline Technology Area Product/Compliance Components
Management Controls Information Security Policy Information Security Policy [CC]
Personnel Security Agency Security Roles and Responsibilities [CC]
Background Screening [CC]
Maintaining User Accounts [CC]
Separation of Duties [CC]
Review of Security Controls --
System Life Cycle Security Acquisition and Development Phase [CC]
cyberCide [PC]
DBAN [Confidential file, contact CIO]
DataEraser [PC]
DataGone [PC]
DiskWipe [PC]
Disposal Phase [CC]
EastTec [PC]
Eraser [Confidential file, contact CIO]
FDisk [Confidential file, contact CIO]
GDisk, Part of Symantec’s Ghost 7.5 [PC]
Implementation Phase [CC]
Initiation Phase [CC]
KillDisk [PC]
Operation and Maintenance Phase (Security Patch Management) [CC]
Wipe Drive [PC]
Security Risk Management Risk Assessment [CC]
Risk Mitigation [CC]
Security Testing [CC]
WatchFire AppScan [PC]
System Security Certification and Accreditation System Security Certification and Accreditation Process
System Security Planning System Security Planning Procedure [CC]
Operational Controls Contingency Planning Contingency Plan Development, Documentation and Technical Considerations [CC]
Contingency Plan Testing, Maintenance & Training [CC]
Data Integrity Data Integrity and Validation [CC]
Hardware & System Software Maintenance Configuration Management [CC]
Incident Response Incident Response Reporting [CC]
Risk Level Awareness - Countermeasures [CC]
Physical Security Physical and Environmental Security Controls [CC]
Production, Input and Output Controls User Support [CC]
Security Awareness Training and Education Cyber Security Technical Training [CC]
Security Documentation Minimum System Security Documentation [CC]
Technical Controls Cryptography Cryptography Design/Implementation [CC]
Cryptography for Email [CC]
Cryptography for Stored Data [CC]
Cryptography for VPN [CC]
Cryptography for Wireless [CC]
Cryptography Uses [CC]
Cryptography for Web Servers [CC]
Digital Signature [CC]
Encryption Key Management [CC]
Entrust Secure Messaging Solution [PC]
Hardware vs Software Encryption [CC]
Hashing [CC]
Public Key Infrastructure [CC]
Secret Key Cryptography [CC]
Verisign Digital Certificates [PC]
Identification / Authentication Entity Authentication [CC]
Electronic Signatures [CC]
Message Authentication [CC]
Password Controls [CC]
Securing Electronic Transactions [CC]
Strong Authentication [CC]
User Authorization [CC]
Intrusion Detection Systems Application Based IDS [CC]
Encryption for Laptops [CC]
Host Based IDS [CC]
Network Based IDS [CC]
Logical Access Controls Access Controls [CC]
Date/Time Controls [CC]
Inactivity Controls [CC]
Logon Banners [CC]
Remote Access Controls CS-MARS (Cisco Monitoring, Analysis and Response System) [PC]
Securing Remote Computers & Connections [CC]
Securing Personal Digital Assistants (PDAs) and Other Handheld Devices [CC]
Security for Voice Over Internet Protocol (VOIP) [CC]
Securing Web Browsers [CC]
Virtual Private Networks (VPNs) [CC]
Secure Gateways & Firewalls Application - Proxy Gateway Firewalls [CC]
Firewall Administration [CC]
Dedicated Proxy Servers [CC]
Firewall Environments [CC]
Firewall Rules [CC]
Firewall Selection [CC]
Packet Filter Firewalls [CC]
Personal Firewalls [CC]
Stateful Inspection Firewalls [CC]
Virus Detection & Eliminations Antigen for Microsoft Exchange (email) [PC]
Antigen for Microsoft Exchange (gateway) [PC]
Antigen for Lotus Notes/Domino (email) [PC]
Antigen for Lotus Notes/Domino (gateway) [PC]
Computer Associates InoculateIT (email) [PC]
Computer Associates InoculateIT (management tool) [PC]
Computer Associates InoculateIT (server) [PC]
Computer Associates InoculateIT (wireless) [PC]
Computer Associates InoculateIT (workstation) [PC]
Criteria for E-mail [CC]
Criteria for Gateways [CC]
Criteria for Server [CC]
Criteria for Wireless [CC]
Criteria for Workstation [CC]
McAfee EPolicy Orchestrator (management tool) [PC]
McAfee Groupshield (email) [PC]
McAfee NetShield (server) [PC]
McAfee VirusScan (wireless) [PC]
McAfee VirusScan (workstation) [PC]
McAfee WebShield (gateway) [PC]
Symantec Norton AntiVirus Corporate Ed (email) [PC]
Symantec Norton AntiVirus Corporate Ed (gateway) [PC]
Symantec Norton AntiVirus Corporate Ed (management tools) [PC]
Symantec Norton AntiVirus Corporate Ed (server) [PC]
Symantec Norton AntiVirus Corporate Ed (workstation) [PC]
Virus Management Tools Criteria [CC]
Virus Policy & Best Practices [CC]