Approved Standards for Security Domain

Security Domain

The following Disciplines, Technology Areas and Compliance Components have been approved as Enterprise Architecture blueprints for inclusion in the EA repository. As more documentation becomes a part of the overall governance and product standards, this list will expand accordingly.

Discipline	Technology Area	Product/Compliance Components
Management ControlsPDF Document	Information Security PolicyPDF Document	Information Security Policy PDF Document[CC]
	Personnel SecurityPDF Document	Agency Security Roles and ResponsibilitiesPDF Document [CC]
		Background ScreeningPDF Document [CC]
		Maintaining User AccountsPDF Document [CC]
	Review of Security ControlsPDF Document	Separation of DutiesPDF Document [CC]
	System Life Cycle SecurityPDF Document	Acquisition and Development PhasePDF Document [CC]
		Disposal PhasePDF Document [CC]
		Implementation PhasePDF Document [CC]
		Initiation PhasePDF Document [CC]
		Enterprise Patch ManagementPDF Document [CC]
	Security Risk ManagementPDF Document	Risk AssessmentPDF Document [CC]
		Risk FrameworkPDF Document [CC]
		Risk MonitoringPDF Document [CC]
		Risk ResponsePDF Document [CC]
	System Security Certification and Accreditation PDF Document	System Security Certification and Accreditation Process PDF Document
	System Security PlanningPDF Document	System Security Planning ProcedurePDF Document [CC]
	Data IntegrityPDF Document	Data Integrity and ValidationPDF Document [CC]
	Hardware & System Software MaintenancePDF Document	Configuration ManagementPDF Document [CC]
	Incident ResponsePDF Document	Incident Response ReportingPDF Document [CC]
	Incident ResponsePDF Document	Risk Level Awareness - CountermeasuresPDF Document [CC]
	Physical SecurityPDF Document	Physical and Environmental Protection ControlsPDF Document [CC]
	Production, Input and Output ControlsPDF Document	User SupportPDF Document [CC]
	Security Awareness Training and EducationPDF Document	Cyber Security Awareness TrainingPDF Document[CC]
	Security DocumentationPDF Document	Minimum System Security DocumentationPDF Document [CC]
	Supply Chain Risk ManagementPDF Document	Supply Chain Risk Management AcquisitionPDF Document [CC]
	Supply Chain Risk ManagementPDF Document	Supply Chain Risk Management PlanPDF Document [CC]
Operational ControlsPDF Document	Contingency PlanningPDF Document	Contingency Plan Development, Documentation and Technical ConsiderationsPDF Document [CC]
Operational ControlsPDF Document	Contingency PlanningPDF Document	Contingency Plan Testing, Training, Exercises and MaintenancePDF Document [CC]
Technical ControlsPDF Document	CryptographyPDF Document	CryptographyPDF Document [CC]
		Digital SignaturePDF Document [CC]
		Encryption Key ManagementPDF Document [CC]
		Hardware vs Software EncryptionPDF Document [CC]
		HashingPDF Document [CC]
		Public Key InfrastructurePDF Document [CC]
		Secret Key CryptographyPDF Document [CC]
	Identification / AuthenticationPDF Document	Entity AuthenticationPDF Document [CC]
		Electronic SignaturesPDF Document [CC]
		Message AuthenticationPDF Document [CC]
		Password ControlsPDF Document [CC]
		Securing Electronic TransactionsPDF Document [CC]
		Strong AuthenticationPDF Document [CC]
		User AuthorizationPDF Document [CC]
	Intrusion Detection SystemsPDF Document	Application Based IDSPDF Document [CC]
		Encryption for LaptopsPDF Document [CC]
		Host Based IDSPDF Document [CC]
		Network Based IDSPDF Document [CC]
		Network Intrusion Prevention Systems (IPS)PDF Document [CC]
	Logical Access ControlsPDF Document	Access ControlsPDF Document [CC]
		Date/Time ControlsPDF Document [CC]
		Inactivity ControlsPDF Document [CC]
		Logon BannersPDF Document [CC]
	Remote Access ControlsPDF Document
		Securing Remote ConnectionsPDF Document [CC]
		Securing Mobile DevicesPDF Document [CC]
		Security for Voice Over Internet Protocol (VOIP)PDF Document [CC]
		Securing Web BrowsersPDF Document [CC]
		Virtual Private Networks (VPNs)PDF Document [CC]
	Secure Gateways & FirewallsPDF Document	Application - Proxy Gateway FirewallsPDF Document [CC]
		Firewall AdministrationPDF Document [CC]
		Dedicated Proxy ServersPDF Document [CC]
		Firewall EnvironmentsPDF Document [CC]
		Firewall RulesPDF Document [CC]
		Firewall SelectionPDF Document [CC]
		Packet Filter FirewallsPDF Document [CC]
		Personal FirewallsPDF Document [CC]
		Stateful Inspection FirewallsPDF Document [CC]
	Virus Detection & EliminationsPDF Document
		Criteria for E-mailPDF Document [CC]
		Criteria for GatewaysPDF Document [CC]
		Criteria for ServerPDF Document [CC]
		Criteria for WirelessPDF Document [CC]
		Criteria for WorkstationPDF Document [CC]
		Virus Management Tools CriteriaPDF Document [CC]
		Virus Policy & Best PracticesPDF Document [CC]