Information Security Governance Papers

Paper Title Continuous Assessment
The Abstract of The Paper The continuous assessment process monitors the initial security accreditation of an information system to track the changes to the information system, analyzes the security impact of those changes, makes appropriate adjustments to the security controls and to the system’s security plan, and reports the security status of the system to appropriate agency officials. 􀂃
Many agency information systems are certified and accredited more frequently than every three years.
System security plans are updated frequently, as system changes occur.
Results of continuous assessment process can be tracked throughout system POA&Ms.
Appropriate agency officials are aware of the status of systems under their purview.
System control assessments and security assessment and evaluation occur at least annually.
Web Link http://csrc.nist.gov/publications/nistpubs/800-100/SP800-100-Mar07-2007.pdf

Back To Information Security Governance Papers List

Database Sections