Try the new CSRC.nist.gov and let us know what you think!
(Note: Beta site content may not be complete.)
PRISMA Review Option 1
Option one of a PRISMA review focuses on the strategic aspects of the overall information security program. The review identifies the level of maturity of the information security program and the agency's ability to comply with existing requirements in eight areas focus areas:
- Information Security Management and Culture
- Information Security Planning
- Security Awareness, Training, and Education
- Budget and Resources
- Life Cycle Management
- Certification and Accreditation
- Critical Infrastructure Protection
- Incident Response
Back to Top
Information Security Management and Culture
- IT Roles and Responsibilities
- Security Control Review
- Rules of Behavior and Documentation
- Personnel Security
- Risk Management
Information Security Planning
- System Security Plans
Security Awareness, Training, and Education
- End Users' Security Awareness and Training
- Security and IT Professionals' with Trusted Functions Security Awareness and Training
- Executive and Management Security Awareness and Training
- Security Awareness and Training Infrastructure
Budget and Resources
- IT Security Part of Capital Planning Process
- Adequate Resources Applied to IT Security
- IT Security Funding Distributed Based Upon a Risk Model
- Cost-effective IT Security Solutions
- Procurement Controls
- Governance Process
- Systems and Projects Inventory
Life Cycle Managements
- System Development Life Cycle (SDLC) Methodology
- Changes Controlled and Tested Through SDLC
- Security Requirements Definition
Certification and Accreditation
Back to Top
Critical Infrastructure Protection
Back to Top
Incident Response
- Contingency Planning and Disaster Response
- Incident Identification, Reporting, and Response