No edit summary |
No edit summary |
||
| Line 7: | Line 7: | ||
== Overview == |
== Overview == |
||
| − | "The term security requirement is used by different communities and groups in different ways and may require additional explanation to establish the particular context for the various use cases. Security requirements can be stated at a very high level of abstraction, for example, in [[legislation]], [[Executive Order]]s, directives, [[policies]], [[standard]]s, and mission/business needs statements. [[FISMA]] and [[FIPS 200]] articulate security requirements at such a level. Organizations take these high-level security requirements and define certain [[security capabilities]] needed to satisfy those requirements and provide appropriate mission/business protection." |
+ | "The term security requirement is used by different communities and groups in different ways and may require additional explanation to establish the particular context for the various use cases. Security requirements can be stated at a very high level of abstraction, for example, in [[legislation]], [[Executive Order]]s, directives, [[policies]], [[standard]]s, and mission/business needs statements. [[FISMA]] and [[FIPS 200]] articulate security requirements at such a level. Organizations take these high-level security requirements and define certain [[security capabilities]] needed to satisfy those requirements and provide appropriate mission/business protection." |
| + | |||
| + | :::::. . . |
||
| + | |||
| + | "Security requirements are also reflected in various non technical [[security control]]s that address such matters as [[policy]] and procedures at the management and operational elements within organizations, again at differing levels of detail. It is important to define the context for each use of the term security requirement so the respective communities (including individuals responsible for [[policy]], [[architecture]], [[acquisition]], [[engineering]], and mission/business protection) can clearly [[communicate]] their [[intent]]." <ref>''Id.'' at x.</ref> |
||
== References == |
== References == |
||
Revision as of 00:00, 14 February 2013
Definition
Security requirements are
| “ | those requirements levied on an information system that are derived from laws, Executive Orders, directives, policies, instructions, regulations, or organizational (mission) needs to ensure the confidentiality, integrity, and availability of the information being processed, stored, or transmitted.[1] | ” |
Overview
"The term security requirement is used by different communities and groups in different ways and may require additional explanation to establish the particular context for the various use cases. Security requirements can be stated at a very high level of abstraction, for example, in legislation, Executive Orders, directives, policies, standards, and mission/business needs statements. FISMA and FIPS 200 articulate security requirements at such a level. Organizations take these high-level security requirements and define certain security capabilities needed to satisfy those requirements and provide appropriate mission/business protection."
- . . .
"Security requirements are also reflected in various non technical security controls that address such matters as policy and procedures at the management and operational elements within organizations, again at differing levels of detail. It is important to define the context for each use of the term security requirement so the respective communities (including individuals responsible for policy, architecture, acquisition, engineering, and mission/business protection) can clearly communicate their intent." [2]
References
- ↑ NIST Special Publication 800-53, Rev. 4.
- ↑ Id. at x.