A
Provide Data/Information Assurance |
A1
Gather and document data/information assurance requirements |
A2
Develop data/information assurance plans and implementation strategies |
A3
Review and test plans and strategies for compliance with applicable regulations and standards |
A4
Implement data/information assurance plans and strategies |
A5
Monitor peformance to ensure integrity and confidentiality |
A6
Maintain and update data/information assurance plans and strategies as appropriate |
|
B
Ensure Infrastructure and Network Security |
B1
Gather data and analyze security requirements |
B2
Identify, interpret, and evaluate infrastructure and network vulnerabilities |
B3
Develop critical situation contigency plans and disaster recovery plan |
B4
Implement and test contingency and backup plans |
B5
Monitor, report, and resolve security problems |
B6
Coordinate contingency and recovery plans with internal and external stakeholders |
|
C
Develop, Manage, and Enforce Security Policies |
C1
Perform research and analyze requirements |
C2
Develop, assess, and document security policies, practices, and procedures |
C3
Disseminate policies and implementation practices and procedures |
C4
Implement and enforce security policies, practices, and procedures |
C5
Monitor, maintain, and revise security policies, practices, and procedures as required |
|
|
D
Perform Security Education and Training |
D1
Identify and assess education and training requirements for all constituents |
D2
Identify resources and support materials |
D3
Design and develop education and training plans and strategies |
D4
Determine appropriate methods and models for relevant stakeholders |
D5
Deliver education and training |
D6
Assess results and determine follow up requirements |
|
E
Develop and Implement Physical Security, Deterrence, and Detection |
E1
Identify and assess current and anticipated security risks and vulnerabilities |
E2
Research and evaluate alternative current and emerging practices, tools, and technologies |
E3
Select and apply relevant tools to meet security goals and requirements |
E4
Monitor and evaluate security conditions and environment |
E5
Develop and test physical security, deterrence, and detection systems and plans |
E6
Implement, extend, and refine physical security plans and practices |
|
F
Perform System Design and Analysis |
F1
Define current systems-level requirements, and forecast future needs and trends |
F2
Evaluate current and emerging tools and technologies |
F3
Evaluate organization's security strategies |
F4
Make recommendations regarding organization's investment in security |
F5
Define metrics and audit systems performance |
F6
Coordinate systems testing and integration |
F7
Maintain systems performance and ensure future readiness |