Engineering, Protecting, Managing, Processing, and Controlling National Security and Sensitive Information

Best Practices for Safeguarding National Security and Sensitive (Unclassified) Information

Question

Which of the following guidelines is recommended for engineering, protecting, managing, processing, and controlling national security and sensitive (although unclassified) information.

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

B.

When it comes to engineering, protecting, managing, processing, and controlling national security and sensitive (although unclassified) information, several guidelines and standards have been developed to ensure that the information remains secure and confidential. The guidelines and standards provide best practices for organizations and government agencies to follow to ensure that the information is protected from unauthorized access, use, disclosure, disruption, modification, or destruction.

The Federal Information Processing Standard (FIPS) is a set of standards developed by the National Institute of Standards and Technology (NIST) that provide guidance on computer and information security. The FIPS standards are mandatory for use by federal agencies in the United States and are also used by non-federal organizations that process sensitive information on behalf of the federal government. The FIPS standards cover a wide range of topics, including cryptographic standards, security requirements for federal information systems, and guidelines for managing and securing personal identity verification (PIV) credentials.

The Special Publication (SP) series is another set of guidelines and standards developed by NIST that provide recommendations for securing information systems and data. The SP series covers a wide range of topics, including security controls for federal information systems, guidelines for managing and securing mobile devices, and best practices for securing cloud computing environments.

NIST Internal Reports (NISTIRs) are technical reports that provide in-depth analysis and guidance on specific topics related to information security. NISTIRs are intended to provide technical guidance to organizations and government agencies and are often used as a reference by other standards bodies and organizations developing their own security guidelines.

Finally, the Department of Defense (DoD) has developed the Defense Information Assurance Certification and Accreditation Process (DIACAP) as a comprehensive process for certifying and accrediting information systems that are used by the DoD. The DIACAP process includes a risk management framework that is used to identify and assess potential risks to DoD information systems and develop appropriate controls to mitigate those risks.

In summary, all four guidelines (FIPS, SP, NISTIRs, and DIACAP) provide guidance for engineering, protecting, managing, processing, and controlling national security and sensitive (although unclassified) information. The choice of which guideline to follow will depend on the specific requirements and regulations of the organization or agency involved.