SRR Findings to IA Controls

by Bruce Brown | 1 Comment

From Reader:

I stumbled upon your site and am new to security working for a contractor. I’m attempting to complete a DIACAP POA&M and need to map SRR findings to IA controls – any idea where I might find this information?

The SRR finding reference the DOD Unix STIG and NIPR STIG. It doesn’t seem to completely match up the the DIACAP IA Controls, but that is where a good system security engineer/ IA analyst comes in.

Once you’ve got your SRR results, IA Control compliance and mitigation depends on your situation. There are a few that map directly (like Screen Saver) but most of the SRR findings will fall under one or two of the IA Controls.

Hope this helps.

1 Comment on SRR Findings to IA Controls

  1. Ordis
    September 1, 2009 at 1:07 pm (8 years ago)

    The SRR finding reference the DOD Unix STIG and NIPR STIG?

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

Comment *