Policy 7230A - Department of Administration
Policy 7230A - Department of Administration
Policy 7230A - Department of Administration
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Appendix C – Supporting Document Cross Reference Grid<br />
Mandatory<br />
Non-Mandatory<br />
Procedures Baselines Procedures Baselines<br />
2. Assessment & Security Planning <br />
2.1. Risk and Privacy Assessment<br />
2.1.1. Perform Risk Assessment (7 sets) (3 sets)<br />
2.1.2. Perform Privacy Assessment (7 sets) (3 sets)<br />
2.2. Security Planning<br />
2.2.1. Create a Security Plan (5 sets) (3 sets)<br />
2.3. Maintain Records <br />
3. Awareness & Training <br />
3.1. Security Awareness Training<br />
3.1.1. Design and Develop an Awareness Training Program (2 sets) (1 set)<br />
3.1.2. Provide Awareness Training (2 sets) (1 set)<br />
3.2. Security Operations Training<br />
3.2.1. Design and Develop an Operations Training Program (2 sets) (1 set)<br />
3.2.2. Provide Operations Training (3 sets) (2 sets)<br />
3.3. Maintain Records <br />
4. Access Control <br />
4.1. Identification and Authentication<br />
4.1.1. Manage Identification and Authentication (6 sets) (4 sets)<br />
4.2. Account Management<br />
4.2.1. Configure User Accounts (4 sets) (2 sets)<br />
4.3. Session Management<br />
4.3.1. Configure Systems for Secure Access (6 sets) (3 sets)<br />
4.3.2. Configure Systems for Secure Communications (3 sets) (1 set)<br />
4.4. Maintain Records <br />
5. Systems Configuration <br />
5.1. Configuration Management<br />
5.1.1. Build and Maintain a Systems Inventory (3 sets) (4 sets)<br />
5.1.2. Perform Systems and Data Classification (5 sets) (2 sets)<br />
5.1.3. Follow Process by Change Control (6 sets) (2 sets)<br />
5.2. Systems Protection<br />
5.2.1. Create and Maintain Security Infrastructure (3 sets) (2 sets)<br />
5.3. Data/Media Protection<br />
5.3.1. Securely Handle Data and Media (2 sets) (3 sets) (5 sets) (2 sets)<br />
5.4. Application Protection<br />
5.4.1. Apply Security Principles to Code Development (4 sets) (4 sets)<br />
5.5. Maintain Records <br />
6. Systems Operation <br />
6.1. Assessment Operations<br />
6.1.1. Perform Security Assessment (7 sets) (3 sets)<br />
6.1.2. Perform Security Self Assessment (4 sets) (2 sets)<br />
6.2. Integrity Operations<br />
6.2.1. Monitor System Security Controls (3 sets) (1 sets)<br />
47