Which of the following assessment methodologies defines a six-step technical security evaluation?
Click on the arrows to vote for the correct answer
A. B. C. D.D.
The assessment methodology that defines a six-step technical security evaluation is FITSAF (Federal IT Security Assessment Framework).
FITSAF was developed by the National Institute of Standards and Technology (NIST) to provide a comprehensive approach to assessing and managing IT security risk within the federal government.
The six steps of the FITSAF methodology are as follows:
Categorize the system - This involves identifying the system's security objectives and selecting a baseline security control set that is appropriate for the system's categorization.
Select security controls - This step involves selecting appropriate security controls from the baseline control set to implement for the system based on its risk assessment.
Implement security controls - This involves implementing the selected security controls to meet the system's security objectives.
Assess security controls - This step involves testing the implemented security controls to determine their effectiveness in meeting the system's security objectives.
Authorize system - This step involves making a risk-based decision on whether to authorize the system to operate, based on the results of the security control assessment.
Monitor security controls - This involves ongoing monitoring of the implemented security controls to ensure they continue to meet the system's security objectives.
In conclusion, the FITSAF methodology is a six-step technical security evaluation that provides a comprehensive approach to assessing and managing IT security risk within the federal government.