Index

Cross Reference and Index

 

 

 

 

 

 

Interdependencies Cross Reference

 

 

The following is a cross reference of the interdependencies sections. Note that the references only include specific controls. Some controls were referenced in groups, such as technical controls and occasionally interdependencies were noted for all controls.

 

Control Chapters Where It Is Cited

Policy Program Management

Life Cycle

Personnel/User

Contingency

Awareness and Training

Logical Access

Audit

Program Management Policy

Awareness and Training

Risk Management Life Cycle

Contingency

Incident

Life Cycle Program Management

Assurance

Assurance Life Cycle

Support and Operations

Audit

Cryptography

Personnel Training and Awareness

Support and Operations

Access

Training and Awareness Personnel/User

Incident

Support and Operations

Contingency Incident

Support and Operations

Physical and Environmental

Audit

Incident Contingency

Support and Operations

Audit

Physical and Environment Contingency

Support and Operations

Logical Access

Cryptography

Support and Operations Contingency

Incident

Identification and Personnel/User

Authentication Physical and Environmental

Logical Access

Audit

Cryptography

Access Controls Policy

Personnel/User

Physical and Environmental

Identification and Authentication

Audit

Cryptography

Audit Identification and Authentication

Logical Access

Cryptography

Cryptography Identification and Authentication

General Index

 

A

account management (user) 110-12

access control lists 182, 189, 199-201, 203

access modes 196-7, 200

acknowledgment statements 111, 112, 144

accountability 12, 36, 39, 143, 144, 159, 179, 195, 212

accreditation 6, 66-7, 75, 80, 81-2, 89, 90-2, 94-5,

reaccreditation 75, 83, 84, 85, 96, 100

advanced authentication 181, 204, 230

advanced development 93

asset valuation 61

attack signature 219, 220

audits/auditing 18, 51, 73, 75, 81, 82, 96-9, 110, 111, 112-3, 159, 195, 211

audit reduction 219

authentication, host-based 205

authentication, host-to-host 189

authentication servers 189

authorization (to process) 66, 81, 112

B

bastion host 204

biometrics 180, 186-7

C

certification 75, 81, 85, 91, 93, 95

self-certification 94

challenge response 185, 186, 189

checksumming 99

cold site 125, 126

Computer Security Act 3, 4, 7, 52-3, 71-2, 73, 76, 143, 149,

Computer Security Program Managers'

Forum 50, 52, 151

conformance - see validation

consequence assessment 61

constrained user interface 201-2

cost-benefit 65-6, 78, 173-4

crackers - see hackers

D

data categorization 202

Data Encryption Standard (DES) 205, 224, 231

database views 202

diagnostic port - see maintenance accounts

dial-back modems 203

digital signature - see electronic signature

Digital Signature Standard 225, 231

disposition/disposal 75, 85, 86, 160, 197, 235

dual-homed gateway 204

dynamic password generator 185

E

ease of safe use 94

electromagnetic interception 172

see also electronic monitoring

electronic monitoring 171, 182, 184, 185, 186,

electronic/digital signature 95, 99, 218, 228-30, 233

encryption 140, 162, 182, 188, 199, 224-7, 233

end-to-end encryption 233

Escrowed Encryption Standard 224, 225-6, 231

espionage 22, 26-8

evaluations (product) 94

see also validation

export (of cryptography) 233-4

F

Federal Information Resources Management

Regulation (FIRMR) 7, 46, 48, 52

firewalls - see secure gateways

FIRST 52, 139

FISSEA 151

G

gateways - see secure gateways

H

hackers 25-6, 97, 116, 133, 135, 136, 156, 162, 182, 183, 186, 204

HALON 169, 170

hash, secure 228, 230

hot site 125, 126

I

individual accountability - see accountability

integrity statements 95

integrity verification 100, 159-60, 227-30

internal controls 98, 114

intrusion detection 100, 168, 213

J, K

keys, cryptographic for authentication 182

key escrow 225-6

see also Escrowed Encryption Standard

key management (cryptography) 85, 114-5, 186, 199, 232

keystroke monitoring 214

L

labels 159, 202-3

least privilege 107-8, 109, 112, 114, 179

liabilities 95

likelihood analysis 62-3

link encryption 233

M

maintenance accounts 161-2

malicious code 27-8, 79, 95, 99, 133-5, 157, 166, 204, 213,

(virus, virus scanning, Trojan horse) 215, 230

monitoring 36, 67, 75, 79, 82, 86, 96, 99-101, 171, 182, 184, 185, 186, 205, 213, 214, 215

N, O

operational assurance 82-3, 89, 96

OMB Circular A-130 7, 48, 52, 73, 76, 116, 149

P

password crackers 99-100, 182

passwords, one-time 185-6, 189, 230

password-based access control 182, 199

penetration testing 98-9

permission bits 200-1, 203

plan, computer security 53, 71-3, 98, 127, 161

privacy 14, 28-9, 38, 78, 92, 196

policy (general) 12, 33-43, 49, 51, 78, 144, 161

policy, issue-specific 37-40, 78

policy, program 34-7, 51

policy, system-specific 40-3, 53, 78, 86, 198, 204, 205, 215

port protection devises 203-4

privileged accounts 206

proxy host 204

public access 116-7

public key cryptography 223-30

public key infrastructure 232

Q, R

RSA 225

reciprocal agreements 125

redundant site 125

reliable (architectures, security) 93, 94

responsibility 12-3, 15-20

see also accountability

roles, role-based access 107, 113-4, 195

routers 204

 

S

safeguard analysis 61

screening (personnel) 108-9, 113, 162

secret key cryptography 223-9

secure gateways (firewalls) 204-5

sensitive (systems, information) 4, 7, 53, 71, 76

sensitivity assessment 75, 76-7

sensitivity (position) 107-9, 205

separation of duties 107, 109, 114, 195

single log-in 188-9

standards, guidelines, procedures 35, 48, 51, 78, 93, 231

system integrity 6-7, 166

T

TEMPEST - see electromagnetic interception

theft 23-4, 26, 166, 172

tokens (authentication) 115, 162, 174, 180-90

threat identification 21-29, 61

Trojan horse - see malicious code

trusted development 93

trusted system 6, 93, 94

U, V

uncertainty analysis 64, 67-8

virus, virus scanning - see malicious code

validation testing 93, 234

variance detection 219

vulnerability analysis 61-2

W, X, Y, Z

warranties 95