Governance


Services that support the creation, development, and standardization of policies, procedures, and processes to manage and monitor cybersecurity risks. Select the services and agency provider logos below to contact service providers directly and learn more about how to obtain these services.

Creation/Maintenance of Security Documentation and/or Procedures

DOTThis service includes creating, updating and/or consultation on information protection processes and procedures (based on National Institute of Standards and Technology (NIST) 800-53 and any other applicable federal guidance). This service yields the required documentation for a new or continuously monitored system to prepare for a security control assessment. Key deliverables include:

  • System Security Plans (SSP)
  • Audit log monitoring procedures
  • Account Management Plans (AMP)
  • Incident Response Plans (IRP)
  • Information System Contingency Plans (ISCP)

Enterprise Performance Life Cycle (EPLC) Compliance

HHSEPLC Compliance ensures compliance from planning through the EPLC/System Development Life Cycle (SDLC) processes and procedures.

 

 


Interface Memorandum of Understanding/Interconnection Security Agreement Negotiations & Documentation

DOTThis service includes collaborative authorship of system-to-system interconnection agreements in accordance with National Institute of Standards and Technology (NIST) 800-47. Through guided discussions, this service helps federal organizations document the terms of an agreement that protect the interests of each party while concurrently meeting all applicable federal policies.

 


 

Was this document helpful?  Yes  |  Somewhat  |  No