NITC provides information and assurance that NITC services comply with mandatory security controls.
What is Included
- FISMA compliance for NITC-provided services
- Standards and guidelines, including minimum requirements, for providing adequate information security for all agency operations and assets
- Supervision and oversight of NITC activity to ensure enforcement and monitor usage of information system access controls
- Security controls review to enable more consistent, comparable, and repeatable assessments
- Annual internal and 3rd party audits and assessments of security controls to determine overall control effectiveness
- Risk Management Framework for security categorization, security control selection and implementation, control assessment, information system authorization, and control monitoring
- More complete, reliable, and trustworthy information for organizational officials, to support security accreditation decisions, information sharing, and FISMA compliance
How We Charge
This critical value-added service is included with NITC Hosting Services.
Hosting services that include Security Governance:
Service Level Metrics
|Measure||Service Level Targets|
|Inquiry Response||8 x 5|
|Control Inheritance Matrix||Upon Request*|
|Control Descriptions||Upon Request*|
* Documentation provided is controlled and For Official use Only (FOUO)
Cost Saving Tips
- Utilize a full complement of NITC services to obtain the most inheritable management controls
Relative Control Inheritance
|Infrastructure as a Service||Yes||Yes||xxxxxxx|
|Platform as a Service||Yes||Yes||xxxxxxxx|
A full matrix of inheritable management controls that identifies which controls are potentially inheritable as part of NITC’s other hosting services is available upon request.