Office of the Chief Information Officer

United States Department of Agriculture

Security Governance

An image of the cover of the National Institute of Standards and Technology Special Publication 800=53A. Text reads: NITC can provide information and assurance that NITC services comply with mandatory security controls.

Service Description

NITC provides information and assurance that NITC services comply with mandatory security controls.

What is Included

  • FISMA compliance for NITC-provided services
  • Standards and guidelines, including minimum requirements, for providing adequate information security for all agency operations and assets
  • Supervision and oversight of NITC activity to ensure enforcement and monitor usage of information system access controls
  • Security controls review to enable more consistent, comparable, and repeatable assessments
  • Annual internal and 3rd party audits and assessments of security controls to determine overall control effectiveness
  • Risk Management Framework for security categorization, security control selection and implementation, control assessment, information system authorization, and control monitoring
  • More complete, reliable, and trustworthy information for organizational officials, to support security accreditation decisions, information sharing, and FISMA compliance

How We Charge

This critical value-added service is included with NITC Hosting Services.

Hosting services that include Security Governance:

Service Level Metrics

Measure Service Level Targets
Inquiry Response 8 x 5
Audit Results Annual
Control Inheritance Matrix Upon Request*
Control Descriptions Upon Request*

* Documentation provided is controlled and For Official use Only (FOUO)

Cost Saving Tips

  • Utilize a full complement of NITC services to obtain the most inheritable management controls

Relative Control Inheritance

Managed Hosting No No xxxx
Managed Hosting Yes No xxxxx
Managed Hosting Yes Yes xxxxxx
Infrastructure as a Service Yes Yes xxxxxxx
Platform as a Service Yes Yes xxxxxxxx

Additional Information

A full matrix of inheritable management controls that identifies which controls are potentially inheritable as part of NITC’s other hosting services is available upon request.

An image of the National Information Technology Center art with the text: Service Desk: 888-USE-NITC