REG NASA-LLIS-5099-2012 Lessons Learned - Information Technology (IT) Security Requirements Levied On Federal Agencies Do Not Align With Systems Engineering and Integration (SE&I) .pdf

上传人:dealItalian200 文档编号:1019481 上传时间:2019-03-21 格式:PDF 页数:2 大小:58.59KB
下载 相关 举报
REG NASA-LLIS-5099-2012 Lessons Learned - Information Technology (IT) Security Requirements Levied On Federal Agencies Do Not Align With Systems Engineering and Integration (SE&I) .pdf_第1页
第1页 / 共2页
REG NASA-LLIS-5099-2012 Lessons Learned - Information Technology (IT) Security Requirements Levied On Federal Agencies Do Not Align With Systems Engineering and Integration (SE&I) .pdf_第2页
第2页 / 共2页
亲,该文档总共2页,全部预览完了,如果喜欢就下载吧!
资源描述

1、Public Lessons Learned Entry: 5099 Lesson Info: Lesson Number: 5099 Submitting Organization: KSC Submitted by: Jenni Palmer Subject: Information Technology (IT) Security Requirements Levied On Federal Agencies Do Not Align With Systems Engineering and Integration (SE&I) Requirements Management Proce

2、sses Abstract: Federally mandated IT security requirements when implemented through the Constellation Program requirements process failed to capture scope and intent of higher level requirements. Description of Driving Event: The Constellation Program identified the need to tailor security controls

3、for implementation in Orion/Ares flight communication systems. The resulting requirements, based on NIST 800-53 controls, were inserted in Program level requirements document and levied on system designers through the Constellation Architecture Requirements Document. This resulted in designers addre

4、ssing only the allocated requirements rather than assessing the applicability of the entire standard. Lesson(s) Learned: Placing a subset of NIST 800-53 controls into the SE&I requirements management process created the appearance that the NIST 800-53 controls not referenced were not applicable to s

5、ystem designers. The current SE&I requirements management structure is not structured to accommodate the requirement of system designers to address NIST 800-53 controls. Recommendation(s): Program specific requirements relating to IT security should be limited to the definition of interfaces between

6、 systems. Decisions regarding applicability and implementation of specific NIST 800-53 controls should be made at the lowest level possible so the intent of controls are met in the most cost efficient manner. Evidence of Recurrence Control Effectiveness: N/A Documents Related to Lesson: NPR 2810.1 S

7、ecurity of Information Technology NIST 800-53 Recommended Security Controls for Federal Information Systems and Organizations Mission Directorate(s): Exploration Systems Additional Key Phrase(s): Additional Categories. Additional Categories.Information Technology/Systems Additional Info: Provided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-Project: constellation Approval Info: Approval Date: 2012-04-05 Approval Name: mbell Approval Organization: HQ Provided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-

展开阅读全文
相关资源
猜你喜欢
相关搜索

当前位置:首页 > 标准规范 > 国际标准 > 其他

copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1