MO Project: Contextual Branding

Office of Administration

Excellent customer service, every time.

Approved Standards for Security Domain

Print

Security Domain

The following Disciplines, Technology Areas and Compliance Components have been approved as Enterprise Architecture blueprints for inclusion in the EA repository. As more documentation becomes a part of the overall governance and product standards, this list will expand accordingly.

Discipline Technology Area Product/Compliance Components
Management Controls Information Security Policy Information Security Policy [CC]
Personnel Security Agency Security Roles and Responsibilities [CC]
Background Screening [CC]
Maintaining User Accounts [CC]
Review of Security Controls Separation of Duties [CC]
System Life Cycle Security Acquisition and Development Phase [CC]
Disposal Phase [CC]
Implementation Phase [CC]
Initiation Phase [CC]
Operation and Maintenance Phase (Security Patch Management) [CC]
Security Risk Management Risk Assessment [CC]
Risk Mitigation [CC]
Security Testing [CC]
System Security Certification and Accreditation System Security Certification and Accreditation Process
System Security Planning System Security Planning Procedure [CC]
Data Integrity Data Integrity and Validation [CC]
Hardware & System Software Maintenance Configuration Management [CC]
Incident Response Incident Response Reporting [CC]
Risk Level Awareness - Countermeasures [CC]
Physical Security Physical and Environmental Protection Controls [CC]
Production, Input and Output Controls User Support [CC]
Security Awareness Training and Education Cyber Security Awareness Training[CC]
Security Documentation Minimum System Security Documentation [CC]
Operational Controls Contingency Planning Contingency Plan Development, Documentation and Technical Considerations [CC]
Contingency Plan Testing, Training, Exercises and Maintenance [CC]
Technical Controls Cryptography Cryptography Design/Implementation [CC]
Cryptography for Email [CC]
Cryptography for Stored Data [CC]
Cryptography for VPN [CC]
Cryptography for Wireless [CC]
Cryptography Uses [CC]
Cryptography for Web Servers [CC]
Digital Signature [CC]
Encryption Key Management [CC]
Entrust Secure Messaging Solution [PC]
Hardware vs Software Encryption [CC]
Hashing [CC]
Public Key Infrastructure [CC]
Secret Key Cryptography [CC]
Identification / Authentication Entity Authentication [CC]
Electronic Signatures [CC]
Message Authentication [CC]
Password Controls [CC]
Securing Electronic Transactions [CC]
Strong Authentication [CC]
User Authorization [CC]
Intrusion Detection Systems Application Based IDS [CC]
Encryption for Laptops [CC]
Host Based IDS [CC]
Network Based IDS [CC]
Network Intrusion Prevention Systems (IPS) [CC]
Logical Access Controls Access Controls [CC]
Date/Time Controls [CC]
Inactivity Controls [CC]
Logon Banners [CC]
Remote Access Controls
Securing Remote Computers & Connections [CC]
Securing Mobile Devices [CC]
Security for Voice Over Internet Protocol (VOIP) [CC]
Securing Web Browsers [CC]
Virtual Private Networks (VPNs) [CC]
Secure Gateways & Firewalls Application - Proxy Gateway Firewalls [CC]
Firewall Administration [CC]
Dedicated Proxy Servers [CC]
Firewall Environments [CC]
Firewall Rules [CC]
Firewall Selection [CC]
Packet Filter Firewalls [CC]
Personal Firewalls [CC]
Stateful Inspection Firewalls [CC]
Virus Detection & Eliminations
Criteria for E-mail [CC]
Criteria for Gateways [CC]
Criteria for Server [CC]
Criteria for Wireless [CC]
Criteria for Workstation [CC]
Virus Management Tools Criteria [CC]
Virus Policy & Best Practices [CC]