Edit Page
The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.
| Latest revision | Your text | ||
| Line 11: | Line 11: | ||
The term security requirement is used by different communities and groups in different ways and may require additional explanation to establish the particular context for the various use cases. Security requirements can be stated at a very high level of abstraction, for example, in [[legislation]], [[Executive Order]]s, directives, [[policies]], [[standard]]s, and mission/business needs statements. [[FISMA]] and [[FIPS 200]] articulate security requirements at such a level. Organizations take these high-level security requirements and define certain [[security capabilities]] needed to satisfy those requirements and provide appropriate mission/business protection. |
The term security requirement is used by different communities and groups in different ways and may require additional explanation to establish the particular context for the various use cases. Security requirements can be stated at a very high level of abstraction, for example, in [[legislation]], [[Executive Order]]s, directives, [[policies]], [[standard]]s, and mission/business needs statements. [[FISMA]] and [[FIPS 200]] articulate security requirements at such a level. Organizations take these high-level security requirements and define certain [[security capabilities]] needed to satisfy those requirements and provide appropriate mission/business protection. |
||
| − | Security requirements are also reflected in various non technical [[security control]]s that address such matters as [[policy]] and procedures at the management and operational elements within organizations, again at differing levels of detail. It is important to define the context for each use of the term security requirement so the respective communities (including individuals responsible for [[policy]], [[architecture]], [[acquisition]], [[engineering]], and mission/business protection) can clearly [[communicate]] their [[intent]]. |
+ | Security requirements are also reflected in various non technical [[security control]]s that address such matters as [[policy]] and procedures at the management and operational elements within organizations, again at differing levels of detail. It is important to define the context for each use of the term security requirement so the respective communities (including individuals responsible for [[policy]], [[architecture]], [[acquisition]], [[engineering]], and mission/business protection) can clearly [[communicate]] their [[intent]].<ref>''Id.'' at x.</ref> |
== References == |
== References == |
||
<references /> |
<references /> |
||
| − | |||
| − | == Source == |
||
| − | |||
| − | * "Overview" section: [[NIST Special Publication 800-53]], Rev. 4, at X. |
||
== See also == |
== See also == |
||