Information Protection Processes and Procedures


Services that help maintain and use security policies (i.e., addressing purpose, scope, roles, responsibilities, management commitment, and coordination among organizational entities), processes, and procedures to manage the protection of information systems and assets. Select the services and agency provider logos below to contact service providers directly and learn more about how to obtain these services. 

Access Control Policies/Procedures Consultation & Documentation

DOTThis includes a security documentation service focused on helping agencies design and document system access control processes and procedures that comply with federal guidelines.

 

 


Audit Log Monitoring Processes/Procedures Consultation & Documentation

DOTThis includes a security documentation service focused on helping agencies design and document system audit log monitoring processes and procedures that comply with federal guidelines.

 

 


Incident Response Planning & Testing Strategies Consultation & Documentation

DOTThis includes system security incident response planning and testing services in accordance with National Institute of Standards and Technology (NIST) 800-37 and 800-53. Services include the delivery of a customized security incident response plan tailored for the unique needs, system structure, and higher-level incident response plans of the federal organization. Deliverables include:

  • Incident Response Plan (IRP)
  • Incident Response Exercise Plan and After-Action Report

Information System Security Officer (ISSO) Security Guidance & Analysis

HHSThe Security Guidance and Analysis service provides an advisor/security Subject Matter Expert (SME) on matters involving the security of an information system.

 

 

 


Physical Security Protections Consultation & Documentation

DOTThis includes a security documentation service focused on helping agencies design and document system physical security safeguarding processes and procedures that comply with federal guidelines.

 

 


Privacy Data Handling Policies/Procedures Consultation & Documentation

DOTThis includes a security documentation service focused on helping agencies design and document system privacy handling processes and procedures that comply with federal guidelines.

 

 


Security Consultation Services (SCS) Security Guidance & Analysis

HHSThe Security Guidance and Analysis service provides an advisor/security Subject Matter Expert (SME) on matters involving the security of an information system.

 

 


 

Was this document helpful?  Yes  |  Somewhat  |  No