Đang chuẩn bị nút TẢI XUỐNG, xin hãy chờ
Tải xuống
và các tiêu chuẩn an ninh thông tin ban hành theo mục 11331 của tiêu đề 40;''(iii) yêu cầu cấu hình hệ thống tối thiểu chấp nhận được, theo quyết định của cơ quan; và (iv) bất kỳ yêu cầu khác áp dụng, bao gồm các tiêu chuẩn và | 438 Appendix A FISMA D ensure compliance with i the requirements of this subchapter ii policies and procedures as may be prescribed by the Director and information security standards promulgated under section 11331 of title 40 iii minimally acceptable system configuration requirements as determined by the agency and iv any other applicable requirements including standards and guidelines for national security systems issued in accordance with law and as directed by the President 3 subordinate plans for providing adequate information security for networks facilities and systems or groups of information systems as appropriate 4 security awareness training to inform personnel including contractors and other users of information systems that support the operations and assets of the agency of A information security risks associated with their activities and B their responsibilities in complying with agency policies and procedures designed to reduce these risks 5 periodic testing and evaluation of the effectiveness of information security policies procedures and practices to be performed with a frequency depending on risk but no less than annually of which such testing A shall include testing of management operational and technical controls of every information system identified in the inventory required under section 3505 c and B may include testing relied on in a evaluation under section 3545 6 a process for planning implementing evaluating and documenting remedial action to address any deficiencies in the information security policies procedures and practices of the agency 7 procedures for detecting reporting and responding to security incidents consistent with standards and guidelines issued pursuant to section 3546 b including A mitigating risks associated with such incidents before substantial damage is done B notifying and consulting with the Federal information security incident center referred to in section 3546 and C notifying and consulting with as appropriate
