Access Control
|
TRC Inc will review the client’s implementation of Account Management, Access Enforcement, Remote Access, Information Flow Enforcement, Separation of Duties, Least Privilege, Login Attempts(successful/unsuccessful), System Notifications, Session Lock, Session Termination, Wireless Access, Access for Mobile Devices, Use of External Systems, Publicly Accessible Content, etc
|
Awareness and Training
|
TRC Inc will review the client’s implementation of Security Awareness Training, Role Based Training, Security Awareness Training, Event Logging, Content of Audit Records, Audit Record Review/Analysis/Reporting, Audit Record Retention, Audit Record Reduction, Audit Record Generation, Logging Process Failures, Time Stamps, Protection of Audit Information, etc.
|
Configuration Management
|
Baseline Configuration Settings, System Component Inventory, Configuration Change Control, Security Impact Analysis, Access Restrictions for Change, Least Functionality, User-Installed Software, etc.
|
Identification and Authentication
|
Identification and Authentication (Privileged/Non-Privileged, Local/Remote Users), Device Identification and Authentication, Authenticator Management, Identifier Management, Authenticator Feedback, etc.
|
Incident Response
|
Incident Response Training, Incident Handling, Incident Monitoring, Incident Reporting, Incident Response Assistance, Incident Response Testing, etc.
|
Maintenance
|
Controlled Maintenance, Maintenance Tools, Nonlocal Maintenance, Maintenance Personnel, etc.
|
Media Protection
|
Media Access, Media Storage, Media Sanitization, Media Marking, Media Transport, Cryptographic Protection of Media, Media Use, System Backup, etc.
|
Personnel Security
|
Personnel Screening, Personnel Termination, Personnel Transfer,
|
Physical Protection
|
Physical Access Control/Authorizations, Access Control for Transmission Medium, Access Control for Output Devices, Monitoring Physical Access, Alternate Work Site, etc.
|
Risk Assessment
|
Risk Assessment, Vulnerability Scanning, etc.
|
Security Assessment
|
Security Assessments, Plan of Action and Milestones, Continuous Monitoring, System Security Plan, etc.
|
System and Communications Protection
|
Boundary Protection, Security Engineering Principles, Application Partitioning, Information in Shared Resources, Transmission Confidentiality and Integrity, Network Disconnect, Cryptographic Key Establishment and Management, Cryptographic Protection, Collaborative Computing Devices, Mobile Code, Voice over Internet Protocol, Session Authenticity, Protection of Information at Rest, etc.
|
System and Information Integrity
|
Flaw Remediation, Malicious Code Protection, Security Alerts, Advisories, and Directives, System Monitoring, etc.
|