framework

The Federal Desktop Core Configuration (FDCC) is a security configuration that must be enabled on any desktop that connects to a federal network. FDCC began with a 2007 memorandum by the United States Office of Management and Budget (OMB). That memo discusses the need for a centralization of effort in defining a central configuration for all desktops contained within federal IT environments. Such a unified configuration would strengthen federal IT security by mandating a tested configuration across all federal IT organizations.

This configuration would additionally provide a standardized starting point for external vendors, easing their process with developing solutions that work across the whole of government IT. In conjunction with the FDCC, the OMB also began work on the Security Content Automation Protocol (SCAP), a cross platform vulnerability management protocol that enables outside vendors to validate their productsf functionality with FDCC desktops as well as other regulations required by government systems.

Download Free Cloud Computing IT Security Control Objectives

Asset management, access control

Data protection/segregation/encryption
To provide logical segregation of CSP customers’ data
To enable customer classification of sensitive data
To enable protection of data commensurate with risk and defined information classifications

Information systems acquisition, development, and maintenance

Encryption standards
To enable encryption of sensitive data using consistent mechanisms
To enable access to current and archived data regardless of which keys were used for encryption

Communications and operations management

Download Free Payment Card Industry Data Security Standard Compliance (PCI DSS) Roles and Responsibilities Matrix Templates

- Chief Information Officers (CIOs) who are concerned with the deployment and operation of systems and IT-related processes.

- Chief Information Security Officers (CISOs) who are concerned with the overall information security program and compliance with information security policies.

- Chief Financial Officers (CFOs) who are concerned with the overall control environment of their organizations. This is often delegated to financial positions such as those in Payments Operations, and Accounts Receivable.

- Chief Privacy Officers (CPOs) who are responsible for the implementation of policies that relate to the management of personal information, including policies that support compliance with privacy and data protection laws.

The ISLA framework is enabling because it introduces advanced work-flow automation and community management technology into the OSS environment, thereby creating a number of core capabilities that can be divided over seven functionally oriented logical domains, which will be discussed later in the chapter.

The three framework components are as follows:
1. Enabling technology and concepts
- Dynamic work-flow automation
- Dynamic work-flow communities

2. Capabilities
- Universal access
- Intelligence
- Collaboration
- Automation

Download Free GLBA Compliance Risk Assessment Templates for Banking and Financial Institution.
Administrative Safeguards
1) Do you check references prior to hiring employees who will have access to customer information?
2) Do you ask every new employee to sign an agreement to follow your organization's confidentiality and security standards for handling customer information
3) Do you train employees to take basic steps to maintain the security, confidentiality and integrity of customer information, such as:
a. locking rooms and file cabinets where paper records are kept;
b. using password-activated screensavers;