SRR Findings to IA Controls

Published : Friday, August 7th, 2009

From Reader:

I stumbled upon your site and am new to security working for a contractor. I’m attempting to complete a DIACAP POA&M and need to map SRR findings to IA controls – any idea where I might find this information?

The SRR finding reference the DOD Unix STIG and NIPR STIG. It doesn’t seem to completely match up the the DIACAP IA Controls, but that is where a good system security engineer/ IA analyst comes in.

Once you’ve got your SRR results, IA Control compliance and mitigation depends on your situation. There are a few that map directly (like Screen Saver) but most of the SRR findings will fall under one or two of the IA Controls.

Hope this helps.

  • Facebook Like Box

    • eNews & Updates
    Sign up to receive the latest breaking news, as well as all of your other favorite headlines
    Connect with Us
    Twitter
    FB
    You Tube
    RSS
    Digg
    Login
    Most Emailed
    Commented