Security functionality is
|“||security-related features, functions, mechanisms, services, procedures, and architectures implemented within organizational information systems or the environments in which those systems operate.||”|
Security functionality can be obtained by employing within the information systems and supporting infrastructure of the organization, a combination of management, operational, and technical security controls.
- NIST Special Publication SP 800-171, App. B, at B-7.
- "Management and operational security controls" are typically deployed within the organizational infrastructure that supports the information systems and include, for example: intrusion detection and protection capabilities; contingency planning capabilities; physical and environmental protection capabilities; awareness and training capabilities; and personnel security capabilities.
- "Technical security controls" include, for example: physical and logical access control mechanisms; identification and authentication mechanisms; auditing/accountability mechanisms; encryption mechanisms; and system and communications protection mechanisms.