Service Description
NITC provides information and assurance that NITC services comply with mandatory security controls.
What's Included
- FISMA compliance for NITC-provided services
- Standards and guidelines, including minimum requirements, for providing adequate information security for all agency operations and assets
- Supervision and oversight of NITC activity to ensure enforcement and monitor usage of information system access controls
- Security controls review to enable more consistent, comparable, and repeatable assessments
- Annual internal and 3rd party audits and assessments of security controls to determine overall control effectiveness
- Risk Management Framework for security categorization, security control selection and implementation, control assessment, information system authorization, and control monitoring
- More complete, reliable, and trustworthy information for organizational officials, to support security accreditation decisions, information sharing, and FISMA compliance
This critical value-added service is included with NITC Hosting Services. Hosting services that include Security Governance: * Documentation provided is controlled and For Official use Only (FOUO) Utilize a full complement of NITC services to obtain the most inheritable management controls Relative Control Inheritance A full matrix of inheritable management controls that identifies which controls are potentially inheritable as part of NITC’s other hosting services is available upon request. Download the Security Services - Security Governance page from the NITC Service Catalog.
Service Level Metrics
Measure
Target SLA
Inquiry Response
8 x 5
Audit Results
Annual
Control Inheritance Matrix
Upon Request*
Control Descriptions
Upon Request*
Cost Saving Tips
NITC Service
NITC
Network
NITC
Storage
Inheritable
Controls
Managed Hosting
No
No
xxxx
Yes
No
xxxxx
Yes
Yes
xxxxxx
Infrastructure as a Service
Yes
Yes
xxxxxxx
Platform as a Service
Yes
Yes
xxxxxxxx
Additional Information
