Service Description
NITC provides information and assurance that NITC services comply with mandatory security controls.
What is Included
- FISMA compliance for NITC-provided services
- Standards and guidelines, including minimum requirements, for providing adequate information security for all agency operations and assets
- Supervision and oversight of NITC activity to ensure enforcement and monitor usage of information system access controls
- Security controls review to enable more consistent, comparable, and repeatable assessments
- Annual internal and 3rd party audits and assessments of security controls to determine overall control effectiveness
- Risk Management Framework for security categorization, security control selection and implementation, control assessment, information system authorization, and control monitoring
- More complete, reliable, and trustworthy information for organizational officials, to support security accreditation decisions, information sharing, and FISMA compliance
How We Charge
This critical value-added service is included with NITC Hosting Services.
Hosting services that include Security Governance:
Service Level Metrics
Measure | Service Level Targets |
---|---|
Inquiry Response | 8 x 5 |
Audit Results | Annual |
Control Inheritance Matrix | Upon Request* |
Control Descriptions | Upon Request* |
* Documentation provided is controlled and For Official use Only (FOUO)
Cost Saving Tips
- Utilize a full complement of NITC services to obtain the most inheritable management controls
Relative Control Inheritance
NITC Service |
NITC Network |
NITC Storage |
Inheritable Controls |
---|---|---|---|
Managed Hosting | No | No | xxxx |
Managed Hosting | Yes | No | xxxxx |
Managed Hosting | Yes | Yes | xxxxxx |
Infrastructure as a Service | Yes | Yes | xxxxxxx |
Platform as a Service | Yes | Yes | xxxxxxxx |
Additional Information
A full matrix of inheritable management controls that identifies which controls are potentially inheritable as part of NITC’s other hosting services is available upon request.