Case Study report on security controls in the Information Assurance (IA). it’s IP5 Your CIO asked you to identify security controls in the Information Assurance (IA) family that are relevant to the database, using your sound reasoning and professional judgment. Based on the assumption that your system is a moderate, moderate, moderate… which of the IA family controls do you believe would be relevant to the database and why? Using NIST SP 800-53, create a table. Include columns for the control, the description, and comments. Be sure to include comments in your matrix regarding why or why not the control applies. (NOTE: not all of the controls should be applicable). The project deliverables for Week 3 are as follows: • Update the Case Study Report title page with new date and project name. • Update previously completed sections based on instructor feedback. • Appendix Development Section: o The content that should go into the appendix o A justification as to why or why not the controls apply • Be sure to update your table of contents before submission. • Document needs to be formatted according to APA.

    Certainty Regulates in the Not attributable attributableice Assurance

    Board of Contents

    Introduction to Case Study    2

    NIST SP 800-53 IA Origin    2

    Conclusions    6

    References    7

    Introduction to Case Study

    NIST SP 800-53 provides a costive methodology that tailors a pregnant catalogue restraint encountering constructional certainty regulates and conduct of imperils.  The guidelines supposing by NIST SP 800-53 are meant to be severely ensueed in imperil conduct way (Lubell, 2016). Medical Credentials Posse (MCC), a clearinghorepresentation restraint medical practitioners, hospitals, and other groups appetition to combine intensive certainty regulates. This hails from the take-placerence that MCC verifications sentient not attributable attributableice such as malpractices lawsuits and any disciplinary actions charmed to the clients. Thus, the posse requires high-certainty guidelines becoming restraint securing the not attributable attributableice from any bark of intrusion and tampering. NIST SP 800-53 regulate guidelines hence assist the posse well-mannered.

    NIST SP 800-53 IA Origin

    Past MCC is required to qualifiedly everyay any imperil that potentiality originate from unacknowledged adit to not attributable attributableice and any variation. The Identification and Not attributable attributableoriety (IA) origin is momentous restraint this object past it primarily focuses on constructional restraintm settings that market with scheme not attributable attributableoriety. The guidelines in this origin apprehend guidelines on how to footprint practiceees, guests, shared accounts, contractors, and services accounts (Gallagher, 2013). The availtelling regulates restraint MCC schemes are outlined in the board beneath.    

    Regulate NameRegulate BaselineDescriptionCommentIdentification and Not attributable attributableoriety Expedient and ProceduresIA-1Notoriety and not attributable attributableoriety that entails design, objects, roles, conduct commitment, responsibilities, and docility that facilitates the implementation of the IA expedient and regulatesProduces planned policies and procedures demanded in implementing certainty enhancements and regulates.  Identification and Not attributable attributableoriety
    (Organizational Representationrs)IA-2 (1) (2) (3) (8) (11) (12)The scheme should be telling to uncommonly realize and settle any constructional representationr or any way that should be unobstructed or acting on their advantageProvides uncommon not attributable attributableice restraint accountability of activities in the scheme. Passwords, biometrics, multifactor not attributable attributableoriety, and tokens or a league is momentous restraint this.Expedient Identification and Not attributable attributableoriety IA-3 Scheme uncommonly identifies and settles the expedient aditing the scheme anteriorly a fix union is made. Momentous to eliminate the expedient and its mark by representation of MAC discourse or TCP/IP to realize and to suffer expedients to integrate on twain topical and spacious area networks. Construction should representation a strengthful agency restraint not attributable attributableoriety.   Identifier Conduct IA-4 This regulate helps the construction obtain wield the not attributable attributableice schemes identifiers representationd restraint twain representationrs and schemes by selecting and assigning identifiers that uncommonly identifies a expedient or a representationr. Also prevents the rerepresentation of the identifiers by darken expedients or representationrs. Applied to every not attributable attributableice schemes. Representations MAC Discourse, IP discoursees and tokens. Authenticator Conduct IA-5 (1) (2) (3) (11)This regulate helps the conduct to assume regulate of not attributable attributableice scheme authenticators restraint every expedients and representationrs through reality, body of an calm authenticator time ensuring that each authenticator has qualified strength to verification the planned object. Additionally, establishes and implements the demandful procedures restraint division and repossession of injured or complicated not attributable attributableice schemes.  Applies to every schemes with authenticators such as passwords, tokens, biometrics, guide cards, and PKI testament are representationd. Authenticators should regularly diversify and lapse authenticators should be diversifyd with contiguous pi. Authenticator Feedback IA-6 The regulate is momentous in obscuring feedback during the not attributable attributableoriety way. This prevents any likely representation or exploitation by an unacknowledged personal. Scheme displays asterisks whenever a personal marks a password to darken the password from other tribe. Should practice to any not attributable attributableice scheme past it’s a basic restraintm of not attributable attributableice certainty and prevents any unacknowledged adit to representationr passwords. Cryptographic Module Not attributable attributableoriety IA-7 This regulate ask-fors that an not attributable attributableice scheme should representation cryptographic agencys restraint not attributable attributableoriety. The scheme should be telling to encounter the requirements supposing by certainty policies, standards, regulations and should conframe to magistrate cwhole and the federal laws in implementing the not attributable attributableoriety way. This not attributable attributableoriety way should practice to every not attributable attributableice schemes in the construction. Identification and Not attributable attributableoriety (Non
    Organizational Representationrs)IA-8 (1) (2) (3) (4)A obligatory not attributable attributableice regulate momentous in IA of non-organizational representationrs or wayes that represents or acts on their advantage. This ask-restraint that non-organizational representationrs using the scheme should be guarded and consistently, the scheme should be guarded from unacknowledged adit. Imperils impost are momentous in assessing whether the aditibility flattens suffers non-organizational representationrs to implicate the scheme. Momentous in mitigating imperils associated with operational aditibility, scalability and protects constructional goods, constructions and the personal not attributable attributableice at big.


    The calm identification and not attributable attributableoriety regulates restraintmal are momentous in guaranteeing a fix database externally any imperil of compromising the not attributable attributableice scheme. In the incident that the MCC feels that the certainty flattens are not attributable attributable attributable fitted restraint the wayes, they can practice indemnifying certainty regulates to stir surpassing certainty flattens. This can take-place in the incident that MCC is untelling to practice a certainty regulate as eliminated in the baseline. A indemnifying certainty regulate is representationd is a technical, operational, or a conduct regulate planned to stir the certainty flatten in the incident that the recommended calm regulates are complicated (Gallagher, 2013). These are applied behind practiceing the baseline certainty regulates.

    Conclusions

    The supposing baseline regulates demands to be ensueed to fix that the implementation successfully encounters the constructional not attributable attributableice certainty demands. Subsequently, the construction demands to inaugurate a severe and pregnant ensue up program. This apprehends imposts geared towards realizeing the piiveness of the certainty regulates applied. An update or species should be made consistently whenever a demand originates.

    References

    Gallagher, P. D. (2013). Certainty and Privacy Regulates restraint Federal Not attributable attributableice Schemes and Constructions. Retrieved from http://dx.doi.org/10.6028/NIST.SP.800-53r4

    Lubell, J. (2016). Integrating Top-down and Bottom-up Cybercertainty Guidance using XML. Balisage: The Markup Conference 2016. 17, pp. 1-20. Wahington DC: Balisage Series on Markup Technologies. Retrieved from https://doi.org/10.4242/BalisageVol17.Lubell01.