SlideShare a Scribd company logo

Endpoint Protection Platform Invent Youself/tutorialoutletdotcom

A
apjk220

FOR MORE CLASSES VISIT www.tutorialoutlet.com Case Study #1: Technology & Product Review for Endpoint Protection Solutions Case Scenario: Red Clay Renovations (the “client”) has requested that your company research and recommend an Endpoint Protection Platform which will provide host-based protection for the laptop PC’s used by its construction managers and architects.

Economy & Finance
1 of 7
Download to read offline
Choose one of the Endpoint Protection Platform products from the Gartner Magic Quadrant analysis.Explain FOR MORE CLASSES VISIT www.tutorialoutlet.com Case Study #1: Technology & Product Review for Endpoint Protection Solutions Case Scenario: Red Clay Renovations (the “client”) has requested that your company research and recommend an Endpoint Protection Platform which will provide host-based protection for the laptop PC’s used by its construction managers and architects. These employees design and manage construction projects using a Web based project management system. The laptops are also used to access web-based corporate email servers and additional web-based applications used for internal business operations. Their laptops are running the Windows 8/8.1 operating system and cannot be upgraded to Windows 10 due to compatibility problems in a business critical, proprietary software package. The Windows 8/8.1 laptops currently use Microsoft Windows Defender and Microsoft Windows Firewall to provide host-based protection against malware, spyware, and intrusions. The client’s IT manager wants an Endpoint Protection product that is easy to use, is deployable on individual laptops as host-based protection, and automatically updates itself (patches and virus definition files). The “automatic” updates could be a problem since
the laptops are rarely connected to the company’s networks. Instead, the employees use an intermittent cellular connection to access the Internet while visiting customers and construction sites. Research: 1. Review the Week 1 readings. 2. Choose one of the Endpoint Protection Platform products from the Gartner Magic Quadrant analysis Write a 3 page summary of your research (“briefing paper”). At a minimum, your summary must include the following: 1. An introduction or overview for the security technology category (Endpoint Protection Platforms) 2. A review of the features, capabilities, and deficiencies for your selected vendor and product 3. Discussion of how the selected product could be used by your client to support its cybersecurity objectives by reducing risk, increasing resistance to threats/attacks, decreasing vulnerabilities, etc. 4. A closing section in which you restate your recommendation for a product (include the three most important benefits). Copyright ©2016 by University of Maryland University College. All Rights Reserved CSIA 310: Cybersecurity Processes & Technologies As you write your briefing paper, make sure that you address security issues using standard terms Use standard APA formatting for the MS Word document that you submit to your assignment folder. Formatting requirements and examples are found under Course Resources > APA Resources. Submit For Grading Submit your Technology & Product Review in MS Word format
(.docx or .doc file) for grading using your assignment folder. (Attach the file.) Additional Information 1. There is no penalty for writing more than 3 pages but, clarity and conciseness are valued. If your essay is shorter than 3 pages, you may not have sufficient content to meet the assignment requirements (see the rubric). 2. You are expected to write grammatically correct English in every assignment that you submit for grading. Do not turn in any work without (a) using spell check, (b) using grammar check, (c) verifying that your punctuation is correct and (d) reviewing your work for correct word usage and correctly structured sentences and paragraphs. 3. You are expected to credit your sources using in-text citations and reference list entries. Both your citations and your reference list entries must comply with APA 6th edition Style requirements. Failure to credit your sources will result in penalties as provided for under the university’s Academic Integrity policy. NIST Special Publication 800-34 Rev. 1 Contingency Planning Guide for Federal Information Systems Marianne Swanson Pauline Bowen Amy Wohl Phillips Dean Gallup David Lynes NIST Special Publication 800-34 Rev. 1 Contingency Planning Guide for Federal Information Systems Marianne Swanson Pauline Bowen Amy Wohl Phillips Dean Gallup David Lynes May 2010 U.S. Department of Commerce
Gary Locke, Secretary National Institute of Standards and Technology Patrick D. Gallagher, Director Certain commercial entities, equipment, or materials may be identified in this document in order to describe an experimental procedure or concept adequately. Such identification is not intended to imply recommendation or endorsement by the National Institute of Standards and Technology, nor is it intended to imply that the entities, materials, or equipment are necessarily the best available for the purpose. There are references in this publication to documents currently under development by NIST in accordance with responsibilities assigned to NIST under the Federal Information Security Management Act of 2002. The methodologies in this document may be used even before the completion of such companion documents. Thus, until such time as each document is completed, current requirements, guidelines, and procedures (where they exist) remain operative. For planning and transition purposes, federal agencies may wish to closely follow the development of these new documents by NIST. Individuals are also encouraged to review the public draft documents and offer their comments to NIST. NSPUE2 CONTINGENCY PLANNING GUIDE FOR FEDERAL INFORMATION SYSTEMS Reports on Computer Systems Technology The Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST) promotes the U.S. economy and public welfare by providing technical leadership for the nation’s measurement and standards infrastructure. ITL develops tests, test methods, reference data, proof of concept implementations, and technical analysis to advance the development and productive use of
information technology. ITL’s responsibilities include the development of technical, physical, administrative, and management standards and guidelines for the cost- effective security and privacy of sensitive unclassified information in federal computer systems. This Special Publication 800-series reports on ITL’s research, guidance, and outreach efforts in computer security and its collaborative activities with industry, government, and academic organizations. ii CONTINGENCY PLANNING GUIDE FOR FEDERAL INFORMATION SYSTEMS Authority This document has been developed by the National Institute of Standards and Technology (NIST) in furtherance of its statutory responsibilities under the Federal Information Security Management Act (FISMA) of 2002, Public Law 107-347. NIST is responsible for developing standards and guidelines, including minimum requirements, for providing adequate information security for all agency operations and assets, but such standards and guidelines shall not apply to national security systems. This guideline is consistent with the requirements of the Office of Management and Budget (OMB) Circular A-130, Section 8b(3), “Securing Agency Information Systems,” as analyzed in A-130, Appendix IV: Analysis of Key Sections. Supplemental information is provided in A-130, Appendix III. This guideline has been prepared for use by federal agencies. It may be used by nongovernmental organizations on a voluntary basis and is not subject to copyright. Attribution would be appreciated by NIST. Nothing in this document should be taken to contradict standards and guidelines made mandatory and binding on federal agencies by the Secretary of Commerce under statutory authority. Nor should these guidelines be interpreted as altering or superseding the existing
authorities of the Secretary of Commerce, Director of the OMB, or any other federal official. NIST Special Publication 800-34, Revision 1, 150 pages (May 2010) National Institute of Standards and Technology Attn: Computer Security Division, Information Technology Laboratory 100 Bureau Drive (Mail Stop 8930) Gaithersburg, MD 20899-8930 iii CONTINGENCY PLANNING GUIDE FOR FEDERAL INFORMATION SYSTEMS Compliance with NIST Standards and Guidelines NIST develops and issues standards, guidelines, and other publications to assist federal agencies in implementing the Federal Information Security Management Act (FISMA) of 2002 and in managing costeffective programs to protect their information and information systems. 1 • Federal Information Processing Standards (FIPS) are developed by NIST in accordance with FISMA. FIPS are approved by the Secretary of Commerce and are compulsory and binding for federal agencies. Since FISMA requires that federal agencies comply with these standards, agencies may not waive their use. • Guidance documents and recommendations are issued in the NIST Special Publication (SP) 800series. Office of Management and Budget (OMB) policies (including OMB FISMA Reporting Instructions for the Federal Information Security Management Act and Agency Privacy Management) state that, for other than national security programs and systems, agencies must follow NIST guidance. 1 • Other security-related publications, including NIST interagency and internal reports (NISTIRs) and ITL Bulletins, provide technical and other information about NIST’s activities. These publications are mandatory only when so specified by OMB. While agencies are required to follow NIST guidance in accordance with OMB policy, there is flexibility within NIST’s guidance in how agencies apply the guidance. Unless otherwise
specified by OMB, the 800-series guidance documents published by NIST generally allow agencies some latitude in the application. Consequently, the application of NIST guidance by agencies can result in different security solutions that are equally acceptable, compliant with the guidance, and meet the OMB definition of adequate security for federal information systems. When assessing federal agency compliance with NIST guidance, auditors, evaluators, and assessors should consider the intent of the security concepts and principles articulated within the particular guidance document and how the agency applied the guidance in the context of its specific mission responsibilities, operational environments, and unique organizational conditions. iv CONTINGENCY PLANNING GUIDE FOR FEDERAL INFORMATION SYSTEMS Acknowledgements The authors, Marianne Swanson and Pauline Bowen of the National Institute of Standards and Technology (NIST), Amy Wohl Phillips, Dean Gallup, and David Lynes of Booz Allen Hamilton, wish to thank their colleagues who reviewed drafts of this document and contributed to its technical content. The authors would like to acknowledge Kelley Dempsey, Esther Katzman, Peter Mell, Murugiah Souppaya, Lee Badger, and Elizabeth Lennon of NIST, and David Linthicum of Booz Allen Hamilton for their keen and insightful assistance with technical issues throughout the development of the document.

Recommended

Sp800 30-rev1-ipd
Sp800 30-rev1-ipdSp800 30-rev1-ipd
Sp800 30-rev1-ipdFISMA-COMPARED
 
NIST Malware Attack Prevention SP 800-83
NIST Malware Attack Prevention SP 800-83NIST Malware Attack Prevention SP 800-83
NIST Malware Attack Prevention SP 800-83David Sweigert
 
Extending Information Security to Non-Production Environments
Extending Information Security to Non-Production EnvironmentsExtending Information Security to Non-Production Environments
Extending Information Security to Non-Production EnvironmentsLindaWatson19
 
Nist.sp.800 53r4 (1)
Nist.sp.800 53r4 (1)Nist.sp.800 53r4 (1)
Nist.sp.800 53r4 (1)Aravamuthan Chockalingam
 
Glossary - Standard Security Terms - NIST Vocabulary
Glossary - Standard Security Terms - NIST VocabularyGlossary - Standard Security Terms - NIST Vocabulary
Glossary - Standard Security Terms - NIST VocabularyDavid Sweigert
 
Nist.sp.800 124r1
Nist.sp.800 124r1Nist.sp.800 124r1
Nist.sp.800 124r1Global Business Professor
 
Project department of defense (do d) ready purposethis cours
Project department of defense (do d) ready purposethis coursProject department of defense (do d) ready purposethis cours
Project department of defense (do d) ready purposethis coursSAHIL781034
 
IRJET- Comprehensive Study of E-Health Security in Cloud Computing
IRJET- Comprehensive Study of E-Health Security in Cloud ComputingIRJET- Comprehensive Study of E-Health Security in Cloud Computing
IRJET- Comprehensive Study of E-Health Security in Cloud ComputingIRJET Journal
 

Recommended

Sp800 30-rev1-ipd
Sp800 30-rev1-ipdSp800 30-rev1-ipd
Sp800 30-rev1-ipdFISMA-COMPARED
 
NIST Malware Attack Prevention SP 800-83
NIST Malware Attack Prevention SP 800-83NIST Malware Attack Prevention SP 800-83
NIST Malware Attack Prevention SP 800-83David Sweigert
 
Extending Information Security to Non-Production Environments
Extending Information Security to Non-Production EnvironmentsExtending Information Security to Non-Production Environments
Extending Information Security to Non-Production EnvironmentsLindaWatson19
 
Nist.sp.800 53r4 (1)
Nist.sp.800 53r4 (1)Nist.sp.800 53r4 (1)
Nist.sp.800 53r4 (1)Aravamuthan Chockalingam
 
Glossary - Standard Security Terms - NIST Vocabulary
Glossary - Standard Security Terms - NIST VocabularyGlossary - Standard Security Terms - NIST Vocabulary
Glossary - Standard Security Terms - NIST VocabularyDavid Sweigert
 
Nist.sp.800 124r1
Nist.sp.800 124r1Nist.sp.800 124r1
Nist.sp.800 124r1Global Business Professor
 
Project department of defense (do d) ready purposethis cours
Project department of defense (do d) ready purposethis coursProject department of defense (do d) ready purposethis cours
Project department of defense (do d) ready purposethis coursSAHIL781034
 
IRJET- Comprehensive Study of E-Health Security in Cloud Computing
IRJET- Comprehensive Study of E-Health Security in Cloud ComputingIRJET- Comprehensive Study of E-Health Security in Cloud Computing
IRJET- Comprehensive Study of E-Health Security in Cloud ComputingIRJET Journal
 
Wp security-data-safe
Wp security-data-safeWp security-data-safe
Wp security-data-safeALI ANWAR, OCP®
 
Big Data Security Challenges: An Overview and Application of User Behavior An...
Big Data Security Challenges: An Overview and Application of User Behavior An...Big Data Security Challenges: An Overview and Application of User Behavior An...
Big Data Security Challenges: An Overview and Application of User Behavior An...IRJET Journal
 
N018138696
N018138696N018138696
N018138696IOSR Journals
 
NIST Cybersecurity Event Recovery Guide 800-184
NIST Cybersecurity Event Recovery Guide 800-184NIST Cybersecurity Event Recovery Guide 800-184
NIST Cybersecurity Event Recovery Guide 800-184David Sweigert
 
Itbpm
ItbpmItbpm
ItbpmSergey Erohin
 
Final Exam Case Study (3)
Final Exam Case Study (3)Final Exam Case Study (3)
Final Exam Case Study (3)Kathy_67
 
NIST presentation on RMF 2.0 / SP 800-37 rev. 2
NIST presentation on RMF 2.0 / SP 800-37 rev. 2NIST presentation on RMF 2.0 / SP 800-37 rev. 2
NIST presentation on RMF 2.0 / SP 800-37 rev. 2NetLockSmith
 
Atlanta ISSA 2010 Enterprise Data Protection Ulf Mattsson
Atlanta ISSA 2010 Enterprise Data Protection Ulf MattssonAtlanta ISSA 2010 Enterprise Data Protection Ulf Mattsson
Atlanta ISSA 2010 Enterprise Data Protection Ulf MattssonUlf Mattsson
 
Healthcare_Security_White_Paper
Healthcare_Security_White_PaperHealthcare_Security_White_Paper
Healthcare_Security_White_PaperJames Maudlin
 
Cyber security white paper final PMD 12_28_16
Cyber security white paper final PMD 12_28_16Cyber security white paper final PMD 12_28_16
Cyber security white paper final PMD 12_28_16Dave Darnell
 
i2 Contact Tracing One Pager
i2 Contact Tracing One Pageri2 Contact Tracing One Pager
i2 Contact Tracing One PagerSydney Wolff
 
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...IJNSA Journal
 
Jenkins_ Carlasha 2016 v1
Jenkins_ Carlasha 2016 v1Jenkins_ Carlasha 2016 v1
Jenkins_ Carlasha 2016 v1Carlasha Jenkins
 
Information security management guidance for discrete automation
Information security management guidance for discrete automationInformation security management guidance for discrete automation
Information security management guidance for discrete automationjohnnywess
 
IRJET- Secrecy Preserving and Intrusion Avoidance in Medical Data Sharing...
IRJET- Secrecy Preserving and Intrusion Avoidance in Medical Data Sharing...IRJET- Secrecy Preserving and Intrusion Avoidance in Medical Data Sharing...
IRJET- Secrecy Preserving and Intrusion Avoidance in Medical Data Sharing...IRJET Journal
 
Ssdf nist
Ssdf nistSsdf nist
Ssdf nistNaveen Koyi
 
NHTSA Cybersecurity Best Practices
NHTSA Cybersecurity Best PracticesNHTSA Cybersecurity Best Practices
NHTSA Cybersecurity Best PracticesDr Dev Kambhampati
 
Data centric security key to digital business success - ulf mattsson - bright...
Data centric security key to digital business success - ulf mattsson - bright...Data centric security key to digital business success - ulf mattsson - bright...
Data centric security key to digital business success - ulf mattsson - bright...Ulf Mattsson
 
Dlp notes
Dlp notesDlp notes
Dlp notesanuepcet
 
Chapter 10 security standart
Chapter 10 security standartChapter 10 security standart
Chapter 10 security standartnewbie2019
 
NIST Special Publication 800-34 Rev. 1 Contingency.docx
NIST Special Publication 800-34 Rev. 1 Contingency.docxNIST Special Publication 800-34 Rev. 1 Contingency.docx
NIST Special Publication 800-34 Rev. 1 Contingency.docxpicklesvalery
 
Contingency Planning Guide for Federal Information Systems Maria.docx
Contingency Planning Guide for Federal Information Systems Maria.docxContingency Planning Guide for Federal Information Systems Maria.docx
Contingency Planning Guide for Federal Information Systems Maria.docxmaxinesmith73660
 

More Related Content

What's hot

Big Data Security Challenges: An Overview and Application of User Behavior An...
Big Data Security Challenges: An Overview and Application of User Behavior An...Big Data Security Challenges: An Overview and Application of User Behavior An...
Big Data Security Challenges: An Overview and Application of User Behavior An...IRJET Journal
 
NIST Cybersecurity Event Recovery Guide 800-184
NIST Cybersecurity Event Recovery Guide 800-184NIST Cybersecurity Event Recovery Guide 800-184
NIST Cybersecurity Event Recovery Guide 800-184David Sweigert
 
Final Exam Case Study (3)
Final Exam Case Study (3)Final Exam Case Study (3)
Final Exam Case Study (3)Kathy_67
 
NIST presentation on RMF 2.0 / SP 800-37 rev. 2
NIST presentation on RMF 2.0 / SP 800-37 rev. 2NIST presentation on RMF 2.0 / SP 800-37 rev. 2
NIST presentation on RMF 2.0 / SP 800-37 rev. 2NetLockSmith
 
Atlanta ISSA 2010 Enterprise Data Protection Ulf Mattsson
Atlanta ISSA 2010 Enterprise Data Protection Ulf MattssonAtlanta ISSA 2010 Enterprise Data Protection Ulf Mattsson
Atlanta ISSA 2010 Enterprise Data Protection Ulf MattssonUlf Mattsson
 
Healthcare_Security_White_Paper
Healthcare_Security_White_PaperHealthcare_Security_White_Paper
Healthcare_Security_White_PaperJames Maudlin
 
Cyber security white paper final PMD 12_28_16
Cyber security white paper final PMD 12_28_16Cyber security white paper final PMD 12_28_16
Cyber security white paper final PMD 12_28_16Dave Darnell
 
i2 Contact Tracing One Pager
i2 Contact Tracing One Pageri2 Contact Tracing One Pager
i2 Contact Tracing One PagerSydney Wolff
 
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...IJNSA Journal
 
Information security management guidance for discrete automation
Information security management guidance for discrete automationInformation security management guidance for discrete automation
Information security management guidance for discrete automationjohnnywess
 
IRJET- Secrecy Preserving and Intrusion Avoidance in Medical Data Sharing...
IRJET- Secrecy Preserving and Intrusion Avoidance in Medical Data Sharing...IRJET- Secrecy Preserving and Intrusion Avoidance in Medical Data Sharing...
IRJET- Secrecy Preserving and Intrusion Avoidance in Medical Data Sharing...IRJET Journal
 
NHTSA Cybersecurity Best Practices
NHTSA Cybersecurity Best PracticesNHTSA Cybersecurity Best Practices
NHTSA Cybersecurity Best PracticesDr Dev Kambhampati
 
Data centric security key to digital business success - ulf mattsson - bright...
Data centric security key to digital business success - ulf mattsson - bright...Data centric security key to digital business success - ulf mattsson - bright...
Data centric security key to digital business success - ulf mattsson - bright...Ulf Mattsson
 
Chapter 10 security standart
Chapter 10 security standartChapter 10 security standart
Chapter 10 security standartnewbie2019
 

What's hot (20)

Wp security-data-safe
Wp security-data-safeWp security-data-safe
Wp security-data-safe
 
Big Data Security Challenges: An Overview and Application of User Behavior An...
Big Data Security Challenges: An Overview and Application of User Behavior An...Big Data Security Challenges: An Overview and Application of User Behavior An...
Big Data Security Challenges: An Overview and Application of User Behavior An...
 
N018138696
N018138696N018138696
N018138696
 
NIST Cybersecurity Event Recovery Guide 800-184
NIST Cybersecurity Event Recovery Guide 800-184NIST Cybersecurity Event Recovery Guide 800-184
NIST Cybersecurity Event Recovery Guide 800-184
 
Itbpm
ItbpmItbpm
Itbpm
 
Final Exam Case Study (3)
Final Exam Case Study (3)Final Exam Case Study (3)
Final Exam Case Study (3)
 
NIST presentation on RMF 2.0 / SP 800-37 rev. 2
NIST presentation on RMF 2.0 / SP 800-37 rev. 2NIST presentation on RMF 2.0 / SP 800-37 rev. 2
NIST presentation on RMF 2.0 / SP 800-37 rev. 2
 
Atlanta ISSA 2010 Enterprise Data Protection Ulf Mattsson
Atlanta ISSA 2010 Enterprise Data Protection Ulf MattssonAtlanta ISSA 2010 Enterprise Data Protection Ulf Mattsson
Atlanta ISSA 2010 Enterprise Data Protection Ulf Mattsson
 
Healthcare_Security_White_Paper
Healthcare_Security_White_PaperHealthcare_Security_White_Paper
Healthcare_Security_White_Paper
 
Cyber security white paper final PMD 12_28_16
Cyber security white paper final PMD 12_28_16Cyber security white paper final PMD 12_28_16
Cyber security white paper final PMD 12_28_16
 
i2 Contact Tracing One Pager
i2 Contact Tracing One Pageri2 Contact Tracing One Pager
i2 Contact Tracing One Pager
 
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...
 
Jenkins_ Carlasha 2016 v1
Jenkins_ Carlasha 2016 v1Jenkins_ Carlasha 2016 v1
Jenkins_ Carlasha 2016 v1
 
Information security management guidance for discrete automation
Information security management guidance for discrete automationInformation security management guidance for discrete automation
Information security management guidance for discrete automation
 
IRJET- Secrecy Preserving and Intrusion Avoidance in Medical Data Sharing...
IRJET- Secrecy Preserving and Intrusion Avoidance in Medical Data Sharing...IRJET- Secrecy Preserving and Intrusion Avoidance in Medical Data Sharing...
IRJET- Secrecy Preserving and Intrusion Avoidance in Medical Data Sharing...
 
Ssdf nist
Ssdf nistSsdf nist
Ssdf nist
 
NHTSA Cybersecurity Best Practices
NHTSA Cybersecurity Best PracticesNHTSA Cybersecurity Best Practices
NHTSA Cybersecurity Best Practices
 
Data centric security key to digital business success - ulf mattsson - bright...
Data centric security key to digital business success - ulf mattsson - bright...Data centric security key to digital business success - ulf mattsson - bright...
Data centric security key to digital business success - ulf mattsson - bright...
 
Dlp notes
Dlp notesDlp notes
Dlp notes
 
Chapter 10 security standart
Chapter 10 security standartChapter 10 security standart
Chapter 10 security standart
 

Similar to Endpoint Protection Platform Invent Youself/tutorialoutletdotcom

NIST Special Publication 800-34 Rev. 1 Contingency.docx
NIST Special Publication 800-34 Rev. 1 Contingency.docxNIST Special Publication 800-34 Rev. 1 Contingency.docx
NIST Special Publication 800-34 Rev. 1 Contingency.docxpicklesvalery
 
Contingency Planning Guide for Federal Information Systems Maria.docx
Contingency Planning Guide for Federal Information Systems Maria.docxContingency Planning Guide for Federal Information Systems Maria.docx
Contingency Planning Guide for Federal Information Systems Maria.docxmaxinesmith73660
 
NIST Patch Management SP 800-40 Rev 3
NIST Patch Management SP 800-40 Rev 3NIST Patch Management SP 800-40 Rev 3
NIST Patch Management SP 800-40 Rev 3David Sweigert
 
NIST Risk management Framework NIST 800-30, rev. 1
NIST Risk management Framework NIST 800-30, rev. 1NIST Risk management Framework NIST 800-30, rev. 1
NIST Risk management Framework NIST 800-30, rev. 1David Sweigert
 
NIST 800-125 a DRAFT (HyperVisor Security)
NIST 800-125 a DRAFT (HyperVisor Security)NIST 800-125 a DRAFT (HyperVisor Security)
NIST 800-125 a DRAFT (HyperVisor Security)David Sweigert
 
NIST Special Publication 800-53 Revision 4 Securit.docx
NIST Special Publication 800-53 Revision 4 Securit.docxNIST Special Publication 800-53 Revision 4 Securit.docx
NIST Special Publication 800-53 Revision 4 Securit.docxvannagoforth
 
Guide for Security-Focused Configuration Management of I.docx
Guide for Security-Focused Configuration Management of I.docxGuide for Security-Focused Configuration Management of I.docx
Guide for Security-Focused Configuration Management of I.docxwhittemorelucilla
 
NIST Special Publication 800-39 Managi.docx
NIST Special Publication 800-39 Managi.docxNIST Special Publication 800-39 Managi.docx
NIST Special Publication 800-39 Managi.docxvannagoforth
 
3 - Firewall Guidlines.pdf
3 - Firewall Guidlines.pdf3 - Firewall Guidlines.pdf
3 - Firewall Guidlines.pdfAdmin621695
 
httpsclass.waldenu.eduwebappsassessmenttakelaunchAssess
httpsclass.waldenu.eduwebappsassessmenttakelaunchAssesshttpsclass.waldenu.eduwebappsassessmenttakelaunchAssess
httpsclass.waldenu.eduwebappsassessmenttakelaunchAssessLizbethQuinonez813
 
NIST - определения для Интернета вещей
NIST - определения для Интернета вещейNIST - определения для Интернета вещей
NIST - определения для Интернета вещейVictor Gridnev
 
NIST Special Publication 800-52 Revision 2 Guidelines .docx
NIST Special Publication 800-52 Revision 2 Guidelines .docxNIST Special Publication 800-52 Revision 2 Guidelines .docx
NIST Special Publication 800-52 Revision 2 Guidelines .docxgibbonshay
 
NIST Special Publication 800-52 Revision 2 Guidelines .docx
NIST Special Publication 800-52 Revision 2 Guidelines .docxNIST Special Publication 800-52 Revision 2 Guidelines .docx
NIST Special Publication 800-52 Revision 2 Guidelines .docxvannagoforth
 
NIST Definition for Cloud Computing
NIST Definition for Cloud ComputingNIST Definition for Cloud Computing
NIST Definition for Cloud ComputingAjay Ohri
 
NIST 2011 Cloud Computing definitions
NIST 2011 Cloud Computing definitionsNIST 2011 Cloud Computing definitions
NIST 2011 Cloud Computing definitionsi-SCOOP
 
Instructions Describe the risk assessment process and how to desi.docx
Instructions Describe the risk assessment process and how to desi.docxInstructions Describe the risk assessment process and how to desi.docx
Instructions Describe the risk assessment process and how to desi.docxnormanibarber20063
 

Similar to Endpoint Protection Platform Invent Youself/tutorialoutletdotcom (20)

NIST Special Publication 800-34 Rev. 1 Contingency.docx
NIST Special Publication 800-34 Rev. 1 Contingency.docxNIST Special Publication 800-34 Rev. 1 Contingency.docx
NIST Special Publication 800-34 Rev. 1 Contingency.docx
 
Contingency Planning Guide for Federal Information Systems Maria.docx
Contingency Planning Guide for Federal Information Systems Maria.docxContingency Planning Guide for Federal Information Systems Maria.docx
Contingency Planning Guide for Federal Information Systems Maria.docx
 
NIST Patch Management SP 800-40 Rev 3
NIST Patch Management SP 800-40 Rev 3NIST Patch Management SP 800-40 Rev 3
NIST Patch Management SP 800-40 Rev 3
 
NIST.SP.800-53r4
NIST.SP.800-53r4NIST.SP.800-53r4
NIST.SP.800-53r4
 
NIST Risk management Framework NIST 800-30, rev. 1
NIST Risk management Framework NIST 800-30, rev. 1NIST Risk management Framework NIST 800-30, rev. 1
NIST Risk management Framework NIST 800-30, rev. 1
 
oow
oowoow
oow
 
NIST 800-125 a DRAFT (HyperVisor Security)
NIST 800-125 a DRAFT (HyperVisor Security)NIST 800-125 a DRAFT (HyperVisor Security)
NIST 800-125 a DRAFT (HyperVisor Security)
 
NIST Special Publication 800-53 Revision 4 Securit.docx
NIST Special Publication 800-53 Revision 4 Securit.docxNIST Special Publication 800-53 Revision 4 Securit.docx
NIST Special Publication 800-53 Revision 4 Securit.docx
 
Guide for Security-Focused Configuration Management of I.docx
Guide for Security-Focused Configuration Management of I.docxGuide for Security-Focused Configuration Management of I.docx
Guide for Security-Focused Configuration Management of I.docx
 
NIST Special Publication 800-39 Managi.docx
NIST Special Publication 800-39 Managi.docxNIST Special Publication 800-39 Managi.docx
NIST Special Publication 800-39 Managi.docx
 
3 - Firewall Guidlines.pdf
3 - Firewall Guidlines.pdf3 - Firewall Guidlines.pdf
3 - Firewall Guidlines.pdf
 
Nist.sp.800 82r2
Nist.sp.800 82r2Nist.sp.800 82r2
Nist.sp.800 82r2
 
httpsclass.waldenu.eduwebappsassessmenttakelaunchAssess
httpsclass.waldenu.eduwebappsassessmenttakelaunchAssesshttpsclass.waldenu.eduwebappsassessmenttakelaunchAssess
httpsclass.waldenu.eduwebappsassessmenttakelaunchAssess
 
NIST - определения для Интернета вещей
NIST - определения для Интернета вещейNIST - определения для Интернета вещей
NIST - определения для Интернета вещей
 
NIST Special Publication 800-52 Revision 2 Guidelines .docx
NIST Special Publication 800-52 Revision 2 Guidelines .docxNIST Special Publication 800-52 Revision 2 Guidelines .docx
NIST Special Publication 800-52 Revision 2 Guidelines .docx
 
NIST Special Publication 800-52 Revision 2 Guidelines .docx
NIST Special Publication 800-52 Revision 2 Guidelines .docxNIST Special Publication 800-52 Revision 2 Guidelines .docx
NIST Special Publication 800-52 Revision 2 Guidelines .docx
 
NIST Definition for Cloud Computing
NIST Definition for Cloud ComputingNIST Definition for Cloud Computing
NIST Definition for Cloud Computing
 
NIST 2011 Cloud Computing definitions
NIST 2011 Cloud Computing definitionsNIST 2011 Cloud Computing definitions
NIST 2011 Cloud Computing definitions
 
Nist cloud comp
Nist cloud compNist cloud comp
Nist cloud comp
 
Instructions Describe the risk assessment process and how to desi.docx
Instructions Describe the risk assessment process and how to desi.docxInstructions Describe the risk assessment process and how to desi.docx
Instructions Describe the risk assessment process and how to desi.docx
 

Recently uploaded

03_Emmanuel Ndiaye_Degroof Petercam.pptx
03_Emmanuel Ndiaye_Degroof Petercam.pptx03_Emmanuel Ndiaye_Degroof Petercam.pptx
03_Emmanuel Ndiaye_Degroof Petercam.pptxFinTech Belgium
 
00_Main ppt_MeetupDORA&CyberSecurity.pptx
00_Main ppt_MeetupDORA&CyberSecurity.pptx00_Main ppt_MeetupDORA&CyberSecurity.pptx
00_Main ppt_MeetupDORA&CyberSecurity.pptxFinTech Belgium
 
Monthly Market Risk Update: April 2024 [SlideShare]
Monthly Market Risk Update: April 2024 [SlideShare]Monthly Market Risk Update: April 2024 [SlideShare]
Monthly Market Risk Update: April 2024 [SlideShare]Commonwealth
 
VIP Call Girls Service Dilsukhnagar Hyderabad Call +91-8250192130
VIP Call Girls Service Dilsukhnagar Hyderabad Call +91-8250192130VIP Call Girls Service Dilsukhnagar Hyderabad Call +91-8250192130
VIP Call Girls Service Dilsukhnagar Hyderabad Call +91-8250192130Suhani Kapoor
 
20240417-Calibre-April-2024-Investor-Presentation.pdf
20240417-Calibre-April-2024-Investor-Presentation.pdf20240417-Calibre-April-2024-Investor-Presentation.pdf
20240417-Calibre-April-2024-Investor-Presentation.pdfAdnet Communications
 
call girls in Nand Nagri (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Nand Nagri (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Nand Nagri (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Nand Nagri (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Q3 2024 Earnings Conference Call and Webcast Slides
Q3 2024 Earnings Conference Call and Webcast SlidesQ3 2024 Earnings Conference Call and Webcast Slides
Q3 2024 Earnings Conference Call and Webcast SlidesMarketing847413
 
The Economic History of the U.S. Lecture 19.pdf
The Economic History of the U.S. Lecture 19.pdfThe Economic History of the U.S. Lecture 19.pdf
The Economic History of the U.S. Lecture 19.pdfGale Pooley
 
Independent Call Girl Number in Kurla Mumbai📲 Pooja Nehwal 9892124323 💞 Full ...
Independent Call Girl Number in Kurla Mumbai📲 Pooja Nehwal 9892124323 💞 Full ...Independent Call Girl Number in Kurla Mumbai📲 Pooja Nehwal 9892124323 💞 Full ...
Independent Call Girl Number in Kurla Mumbai📲 Pooja Nehwal 9892124323 💞 Full ...Pooja Nehwal
 
Dividend Policy and Dividend Decision Theories.pptx
Dividend Policy and Dividend Decision Theories.pptxDividend Policy and Dividend Decision Theories.pptx
Dividend Policy and Dividend Decision Theories.pptxanshikagoel52
 
VIP Call Girls LB Nagar ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With Room...
VIP Call Girls LB Nagar ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With Room...VIP Call Girls LB Nagar ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With Room...
VIP Call Girls LB Nagar ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With Room...Suhani Kapoor
 
Bladex Earnings Call Presentation 1Q2024
Bladex Earnings Call Presentation 1Q2024Bladex Earnings Call Presentation 1Q2024
Bladex Earnings Call Presentation 1Q2024Bladex
 
Instant Issue Debit Cards - School Designs
Instant Issue Debit Cards - School DesignsInstant Issue Debit Cards - School Designs
Instant Issue Debit Cards - School Designsegoetzinger
 
Interimreport1 January–31 March2024 Elo Mutual Pension Insurance Company
Interimreport1 January–31 March2024 Elo Mutual Pension Insurance CompanyInterimreport1 January–31 March2024 Elo Mutual Pension Insurance Company
Interimreport1 January–31 March2024 Elo Mutual Pension Insurance CompanyTyöeläkeyhtiö Elo
 
Dharavi Russian callg Girls, { 09892124323 } || Call Girl In Mumbai ...
Dharavi Russian callg Girls, { 09892124323 } || Call Girl In Mumbai ...Dharavi Russian callg Girls, { 09892124323 } || Call Girl In Mumbai ...
Dharavi Russian callg Girls, { 09892124323 } || Call Girl In Mumbai ...Pooja Nehwal
 
Call Girls In Yusuf Sarai Women Seeking Men 9654467111
Call Girls In Yusuf Sarai Women Seeking Men 9654467111Call Girls In Yusuf Sarai Women Seeking Men 9654467111
Call Girls In Yusuf Sarai Women Seeking Men 9654467111Sapana Sha
 
Quarter 4- Module 3 Principles of Marketing
Quarter 4- Module 3 Principles of MarketingQuarter 4- Module 3 Principles of Marketing
Quarter 4- Module 3 Principles of MarketingMaristelaRamos12
 
06_Joeri Van Speybroek_Dell_MeetupDora&Cybersecurity.pdf
06_Joeri Van Speybroek_Dell_MeetupDora&Cybersecurity.pdf06_Joeri Van Speybroek_Dell_MeetupDora&Cybersecurity.pdf
06_Joeri Van Speybroek_Dell_MeetupDora&Cybersecurity.pdfFinTech Belgium
 
How Automation is Driving Efficiency Through the Last Mile of Reporting
How Automation is Driving Efficiency Through the Last Mile of ReportingHow Automation is Driving Efficiency Through the Last Mile of Reporting
How Automation is Driving Efficiency Through the Last Mile of ReportingAggregage
 
Stock Market Brief Deck for 4/24/24 .pdf
Stock Market Brief Deck for 4/24/24 .pdfStock Market Brief Deck for 4/24/24 .pdf
Stock Market Brief Deck for 4/24/24 .pdfMichael Silva
 

Recently uploaded (20)

03_Emmanuel Ndiaye_Degroof Petercam.pptx
03_Emmanuel Ndiaye_Degroof Petercam.pptx03_Emmanuel Ndiaye_Degroof Petercam.pptx
03_Emmanuel Ndiaye_Degroof Petercam.pptx
 
00_Main ppt_MeetupDORA&CyberSecurity.pptx
00_Main ppt_MeetupDORA&CyberSecurity.pptx00_Main ppt_MeetupDORA&CyberSecurity.pptx
00_Main ppt_MeetupDORA&CyberSecurity.pptx
 
Monthly Market Risk Update: April 2024 [SlideShare]
Monthly Market Risk Update: April 2024 [SlideShare]Monthly Market Risk Update: April 2024 [SlideShare]
Monthly Market Risk Update: April 2024 [SlideShare]
 
VIP Call Girls Service Dilsukhnagar Hyderabad Call +91-8250192130
VIP Call Girls Service Dilsukhnagar Hyderabad Call +91-8250192130VIP Call Girls Service Dilsukhnagar Hyderabad Call +91-8250192130
VIP Call Girls Service Dilsukhnagar Hyderabad Call +91-8250192130
 
20240417-Calibre-April-2024-Investor-Presentation.pdf
20240417-Calibre-April-2024-Investor-Presentation.pdf20240417-Calibre-April-2024-Investor-Presentation.pdf
20240417-Calibre-April-2024-Investor-Presentation.pdf
 
call girls in Nand Nagri (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Nand Nagri (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Nand Nagri (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Nand Nagri (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
 
Q3 2024 Earnings Conference Call and Webcast Slides
Q3 2024 Earnings Conference Call and Webcast SlidesQ3 2024 Earnings Conference Call and Webcast Slides
Q3 2024 Earnings Conference Call and Webcast Slides
 
The Economic History of the U.S. Lecture 19.pdf
The Economic History of the U.S. Lecture 19.pdfThe Economic History of the U.S. Lecture 19.pdf
The Economic History of the U.S. Lecture 19.pdf
 
Independent Call Girl Number in Kurla Mumbai📲 Pooja Nehwal 9892124323 💞 Full ...
Independent Call Girl Number in Kurla Mumbai📲 Pooja Nehwal 9892124323 💞 Full ...Independent Call Girl Number in Kurla Mumbai📲 Pooja Nehwal 9892124323 💞 Full ...
Independent Call Girl Number in Kurla Mumbai📲 Pooja Nehwal 9892124323 💞 Full ...
 
Dividend Policy and Dividend Decision Theories.pptx
Dividend Policy and Dividend Decision Theories.pptxDividend Policy and Dividend Decision Theories.pptx
Dividend Policy and Dividend Decision Theories.pptx
 
VIP Call Girls LB Nagar ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With Room...
VIP Call Girls LB Nagar ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With Room...VIP Call Girls LB Nagar ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With Room...
VIP Call Girls LB Nagar ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With Room...
 
Bladex Earnings Call Presentation 1Q2024
Bladex Earnings Call Presentation 1Q2024Bladex Earnings Call Presentation 1Q2024
Bladex Earnings Call Presentation 1Q2024
 
Instant Issue Debit Cards - School Designs
Instant Issue Debit Cards - School DesignsInstant Issue Debit Cards - School Designs
Instant Issue Debit Cards - School Designs
 
Interimreport1 January–31 March2024 Elo Mutual Pension Insurance Company
Interimreport1 January–31 March2024 Elo Mutual Pension Insurance CompanyInterimreport1 January–31 March2024 Elo Mutual Pension Insurance Company
Interimreport1 January–31 March2024 Elo Mutual Pension Insurance Company
 
Dharavi Russian callg Girls, { 09892124323 } || Call Girl In Mumbai ...
Dharavi Russian callg Girls, { 09892124323 } || Call Girl In Mumbai ...Dharavi Russian callg Girls, { 09892124323 } || Call Girl In Mumbai ...
Dharavi Russian callg Girls, { 09892124323 } || Call Girl In Mumbai ...
 
Call Girls In Yusuf Sarai Women Seeking Men 9654467111
Call Girls In Yusuf Sarai Women Seeking Men 9654467111Call Girls In Yusuf Sarai Women Seeking Men 9654467111
Call Girls In Yusuf Sarai Women Seeking Men 9654467111
 
Quarter 4- Module 3 Principles of Marketing
Quarter 4- Module 3 Principles of MarketingQuarter 4- Module 3 Principles of Marketing
Quarter 4- Module 3 Principles of Marketing
 
06_Joeri Van Speybroek_Dell_MeetupDora&Cybersecurity.pdf
06_Joeri Van Speybroek_Dell_MeetupDora&Cybersecurity.pdf06_Joeri Van Speybroek_Dell_MeetupDora&Cybersecurity.pdf
06_Joeri Van Speybroek_Dell_MeetupDora&Cybersecurity.pdf
 
How Automation is Driving Efficiency Through the Last Mile of Reporting
How Automation is Driving Efficiency Through the Last Mile of ReportingHow Automation is Driving Efficiency Through the Last Mile of Reporting
How Automation is Driving Efficiency Through the Last Mile of Reporting
 
Stock Market Brief Deck for 4/24/24 .pdf
Stock Market Brief Deck for 4/24/24 .pdfStock Market Brief Deck for 4/24/24 .pdf
Stock Market Brief Deck for 4/24/24 .pdf
 

Endpoint Protection Platform Invent Youself/tutorialoutletdotcom

  • 1. Choose one of the Endpoint Protection Platform products from the Gartner Magic Quadrant analysis.Explain FOR MORE CLASSES VISIT www.tutorialoutlet.com Case Study #1: Technology & Product Review for Endpoint Protection Solutions Case Scenario: Red Clay Renovations (the “client”) has requested that your company research and recommend an Endpoint Protection Platform which will provide host-based protection for the laptop PC’s used by its construction managers and architects. These employees design and manage construction projects using a Web based project management system. The laptops are also used to access web-based corporate email servers and additional web-based applications used for internal business operations. Their laptops are running the Windows 8/8.1 operating system and cannot be upgraded to Windows 10 due to compatibility problems in a business critical, proprietary software package. The Windows 8/8.1 laptops currently use Microsoft Windows Defender and Microsoft Windows Firewall to provide host-based protection against malware, spyware, and intrusions. The client’s IT manager wants an Endpoint Protection product that is easy to use, is deployable on individual laptops as host-based protection, and automatically updates itself (patches and virus definition files). The “automatic” updates could be a problem since
  • 2. the laptops are rarely connected to the company’s networks. Instead, the employees use an intermittent cellular connection to access the Internet while visiting customers and construction sites. Research: 1. Review the Week 1 readings. 2. Choose one of the Endpoint Protection Platform products from the Gartner Magic Quadrant analysis Write a 3 page summary of your research (“briefing paper”). At a minimum, your summary must include the following: 1. An introduction or overview for the security technology category (Endpoint Protection Platforms) 2. A review of the features, capabilities, and deficiencies for your selected vendor and product 3. Discussion of how the selected product could be used by your client to support its cybersecurity objectives by reducing risk, increasing resistance to threats/attacks, decreasing vulnerabilities, etc. 4. A closing section in which you restate your recommendation for a product (include the three most important benefits). Copyright ©2016 by University of Maryland University College. All Rights Reserved CSIA 310: Cybersecurity Processes & Technologies As you write your briefing paper, make sure that you address security issues using standard terms Use standard APA formatting for the MS Word document that you submit to your assignment folder. Formatting requirements and examples are found under Course Resources > APA Resources. Submit For Grading Submit your Technology & Product Review in MS Word format
  • 3. (.docx or .doc file) for grading using your assignment folder. (Attach the file.) Additional Information 1. There is no penalty for writing more than 3 pages but, clarity and conciseness are valued. If your essay is shorter than 3 pages, you may not have sufficient content to meet the assignment requirements (see the rubric). 2. You are expected to write grammatically correct English in every assignment that you submit for grading. Do not turn in any work without (a) using spell check, (b) using grammar check, (c) verifying that your punctuation is correct and (d) reviewing your work for correct word usage and correctly structured sentences and paragraphs. 3. You are expected to credit your sources using in-text citations and reference list entries. Both your citations and your reference list entries must comply with APA 6th edition Style requirements. Failure to credit your sources will result in penalties as provided for under the university’s Academic Integrity policy. NIST Special Publication 800-34 Rev. 1 Contingency Planning Guide for Federal Information Systems Marianne Swanson Pauline Bowen Amy Wohl Phillips Dean Gallup David Lynes NIST Special Publication 800-34 Rev. 1 Contingency Planning Guide for Federal Information Systems Marianne Swanson Pauline Bowen Amy Wohl Phillips Dean Gallup David Lynes May 2010 U.S. Department of Commerce
  • 4. Gary Locke, Secretary National Institute of Standards and Technology Patrick D. Gallagher, Director Certain commercial entities, equipment, or materials may be identified in this document in order to describe an experimental procedure or concept adequately. Such identification is not intended to imply recommendation or endorsement by the National Institute of Standards and Technology, nor is it intended to imply that the entities, materials, or equipment are necessarily the best available for the purpose. There are references in this publication to documents currently under development by NIST in accordance with responsibilities assigned to NIST under the Federal Information Security Management Act of 2002. The methodologies in this document may be used even before the completion of such companion documents. Thus, until such time as each document is completed, current requirements, guidelines, and procedures (where they exist) remain operative. For planning and transition purposes, federal agencies may wish to closely follow the development of these new documents by NIST. Individuals are also encouraged to review the public draft documents and offer their comments to NIST. NSPUE2 CONTINGENCY PLANNING GUIDE FOR FEDERAL INFORMATION SYSTEMS Reports on Computer Systems Technology The Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST) promotes the U.S. economy and public welfare by providing technical leadership for the nation’s measurement and standards infrastructure. ITL develops tests, test methods, reference data, proof of concept implementations, and technical analysis to advance the development and productive use of
  • 5. information technology. ITL’s responsibilities include the development of technical, physical, administrative, and management standards and guidelines for the cost- effective security and privacy of sensitive unclassified information in federal computer systems. This Special Publication 800-series reports on ITL’s research, guidance, and outreach efforts in computer security and its collaborative activities with industry, government, and academic organizations. ii CONTINGENCY PLANNING GUIDE FOR FEDERAL INFORMATION SYSTEMS Authority This document has been developed by the National Institute of Standards and Technology (NIST) in furtherance of its statutory responsibilities under the Federal Information Security Management Act (FISMA) of 2002, Public Law 107-347. NIST is responsible for developing standards and guidelines, including minimum requirements, for providing adequate information security for all agency operations and assets, but such standards and guidelines shall not apply to national security systems. This guideline is consistent with the requirements of the Office of Management and Budget (OMB) Circular A-130, Section 8b(3), “Securing Agency Information Systems,” as analyzed in A-130, Appendix IV: Analysis of Key Sections. Supplemental information is provided in A-130, Appendix III. This guideline has been prepared for use by federal agencies. It may be used by nongovernmental organizations on a voluntary basis and is not subject to copyright. Attribution would be appreciated by NIST. Nothing in this document should be taken to contradict standards and guidelines made mandatory and binding on federal agencies by the Secretary of Commerce under statutory authority. Nor should these guidelines be interpreted as altering or superseding the existing
  • 6. authorities of the Secretary of Commerce, Director of the OMB, or any other federal official. NIST Special Publication 800-34, Revision 1, 150 pages (May 2010) National Institute of Standards and Technology Attn: Computer Security Division, Information Technology Laboratory 100 Bureau Drive (Mail Stop 8930) Gaithersburg, MD 20899-8930 iii CONTINGENCY PLANNING GUIDE FOR FEDERAL INFORMATION SYSTEMS Compliance with NIST Standards and Guidelines NIST develops and issues standards, guidelines, and other publications to assist federal agencies in implementing the Federal Information Security Management Act (FISMA) of 2002 and in managing costeffective programs to protect their information and information systems. 1 • Federal Information Processing Standards (FIPS) are developed by NIST in accordance with FISMA. FIPS are approved by the Secretary of Commerce and are compulsory and binding for federal agencies. Since FISMA requires that federal agencies comply with these standards, agencies may not waive their use. • Guidance documents and recommendations are issued in the NIST Special Publication (SP) 800series. Office of Management and Budget (OMB) policies (including OMB FISMA Reporting Instructions for the Federal Information Security Management Act and Agency Privacy Management) state that, for other than national security programs and systems, agencies must follow NIST guidance. 1 • Other security-related publications, including NIST interagency and internal reports (NISTIRs) and ITL Bulletins, provide technical and other information about NIST’s activities. These publications are mandatory only when so specified by OMB. While agencies are required to follow NIST guidance in accordance with OMB policy, there is flexibility within NIST’s guidance in how agencies apply the guidance. Unless otherwise
  • 7. specified by OMB, the 800-series guidance documents published by NIST generally allow agencies some latitude in the application. Consequently, the application of NIST guidance by agencies can result in different security solutions that are equally acceptable, compliant with the guidance, and meet the OMB definition of adequate security for federal information systems. When assessing federal agency compliance with NIST guidance, auditors, evaluators, and assessors should consider the intent of the security concepts and principles articulated within the particular guidance document and how the agency applied the guidance in the context of its specific mission responsibilities, operational environments, and unique organizational conditions. iv CONTINGENCY PLANNING GUIDE FOR FEDERAL INFORMATION SYSTEMS Acknowledgements The authors, Marianne Swanson and Pauline Bowen of the National Institute of Standards and Technology (NIST), Amy Wohl Phillips, Dean Gallup, and David Lynes of Booz Allen Hamilton, wish to thank their colleagues who reviewed drafts of this document and contributed to its technical content. The authors would like to acknowledge Kelley Dempsey, Esther Katzman, Peter Mell, Murugiah Souppaya, Lee Badger, and Elizabeth Lennon of NIST, and David Linthicum of Booz Allen Hamilton for their keen and insightful assistance with technical issues throughout the development of the document.