Service Description

NITC provides information and assurance that NITC services comply with mandatory security controls.

What is Included

• FISMA compliance for NITC-provided services
• Standards and guidelines, including minimum requirements, for providing adequate information security for all agency operations and assets
• Supervision and oversight of NITC activity to ensure enforcement and monitor usage of information system access controls
• Security controls review to enable more consistent, comparable, and repeatable assessments
• Annual internal and 3rd party audits and assessments of security controls to determine overall control effectiveness
• Risk Management Framework for security categorization, security control selection and implementation, control assessment, information system authorization, and control monitoring
• More complete, reliable, and trustworthy information for organizational officials, to support security accreditation decisions, information sharing, and FISMA compliance

How We Charge

This critical value-added service is included with NITC Hosting Services.

Hosting services that include Security Governance:

• Platform as a Service
• Infrastructure as a Service
• Managed Hosting services

Service Level Metrics

* Documentation provided is controlled and For Official use Only (FOUO)

Cost Saving Tips

• Utilize a full complement of NITC services to obtain the most inheritable management controls

Relative Control Inheritance

Additional Information

A full matrix of inheritable management controls that identifies which controls are potentially inheritable as part of NITC’s other hosting services is available upon request.