Professional Documents
Culture Documents
01 03 12 NOTLOCKED Checklist Enhanced IA Standards Test
01 03 12 NOTLOCKED Checklist Enhanced IA Standards Test
Processed in accordance with provisions H.XX. Requirements for Minimum Level of Enhanced Safeguarding for Unclassified DoD Information, F. . Checklist and Certification for Minimum Level of Enhanced Safeguarding for Unclassified DoD Information, and CDRL A Checklist and Certification for Minimum Level of Enhanced Safeguarding for Unclassified DoD Information, of Contract HT9402---.
Access Control
Ref # AC-2 Nomenclature Account Management Compliance Statement Yes Validation Method I Examine Compliance Date Activity Description IM-G0042- Account and Access Password Guideline IM-G0010- Technical Standards for eDirectory Directory Tree; IM-G0042.doc- Account and Access Password Guideline IM-G0010- Technical Standards for eDirectory Directory Tree; IM-G0042.doc- Account and Access Password Guideline IM-G0023-Local and Wide Area Network Security; IM-G0060-Router Security IM-G0010- Technical Standards for eDirectory Directory Tree; IM-G0042.doc- Account and Access Password Guideline IM-G0042.doc- Account and Access Password Guideline IM-G0028-Secure Computing Guideline IM-G0028-Secure Computing Guideline IM-G0049-Remote Access Guideline IM-G0049-Remote Access Guideline IM-G0017-Wireless Technologies Technical Standard IM-G0017-Wireless Technologies Technical Director Todd
AC-3
Access Enforcement
Yes Yes
Examine
AC-3(4) AC-4 AC-6 AC-7 AC-11 AC-11(1) AC-17 AC-17(2) AC-18 AC-18(1)
Access Enforcement Yes Information Flow Enforcement Yes Least Privilege Unsuccessful Login Attempts Session Lock Session Lock Remote Access Remote Access Wireless Access Wireless Access
Examine Examine Examine Yes Yes Yes Yes Yes Yes Yes Examine Examine Examine Test Test Test Test
Page 1
Standard AC-19 Access Control for Mobile Devices Yes Examine IM-G0028-Secure Computing Guideline
AU-2 AU-3
Examine Examine
AU-6
Audit Review, Analysis & Reporting Yes Audit Review, Analysis & Reporting Yes Audit Reduction & Report Generation
Examine
AU-6(1)
Examine
AU-7
Examine
Page 2
Yes AU-8 AU-9 Time Stamps Protection of Audit Information Examine Yes Examine Yes AU-10 Non-Repudiation Yes AU-10(5) Non-Repudiation Examine Examine
IM-G0027-Information Security Management Plan IM-G0059- Server and Host System Security IM-G0071-Guidelines for Managing Digital (Certification Authority) Certificates; IMG0023-Local and Wide Area Network Security; IM-G0071-Guidelines for Managing Digital (Certification Authority) Certificates; IMG0023-Local and Wide Area Network Security;
Configuration Management
Ref # Nomenclature Compliance Statement Yes Validation Approach Compliance Date Activity Description IM-G0055-Technical Configuration Guideline; IM-G0067-User Policy Levels for Workstations; IM-G0059- Server and Host System Security IM-G0055-Technical Configuration Guideline; IM-G0059- Server and Host System Security; IM-G0067-User Policy Levels for Workstations; IM-G0055-Technical Configuration Guideline IM-G0031-Configuration Management Guideline; IM-G0031D1-Configuration Management Guideline Director BLAKE TODD
CM-2
Examine
12/1/2011
CM-6 CM-7
Yes Yes
Examine Examine
12/1/2011 12/1/2011
CM-8
Examine
12/1/2011
Contingency Planning
Ref # CP-9 Nomenclature Information System Backup Compliance Statement Yes Validation Approach Examine Compliance Date 12/1/2011 Activity Description IM-G0043- Backup and storage management guideline; IM-G0020-Technical Standards for Director BLAKE
Page 3
Data Backup with Bridgehead; IM-P0033- System Data File Backup Request Procedure
Page 4
Incident Response
Ref # Nomenclature Compliance Statement Yes Validation Approach Compliance Date 12/1/2011 Activity Description IM Emergency Response Plan (HealthStream) computer-based training (CBT) course -provides a way to ensure that CHRISTUS IM associates who are responsible for responding, maintaining, and executing the recovery plans have an awareness and understanding of the program. IM-G0053-Incident and Problem Management Guideline; IM-P0120-Incident and Service Request Handling Procedure IM-G0053-Incident and Problem Management Guideline IM-G0053-Incident and Problem Management Guideline; IM-P0120-Incident and Service Request Handling Procedure Director GUY
IR-2
IR-4 IR-5
IR-6
Incident Reporting
Maintenance
Ref # Nomenclature Compliance Statement Yes Validation Approach Compliance Date 12/1/2011 Activity Description IM-G0044-Vendor and Technical Support Access Guideline; IM-G0062-HIPAAS Sec Requirements Vendor Mgt Systems-guideline IM-G0044-Vendor and Technical Support Access Guideline; IM-G0062-HIPAAS Sec Requirements Vendor Mgt Systems-guideline IM-G0046-Physical Security Guideline How to Manage CHRISTUS Service Level Agreement Director BLAKE
MA-4
MA-4(6) MA-5
Yes Yes
12/1/2011 12/1/2011
MA-6
Timely Maintenance
Interview
Ref # MP-4
MP-6
Interview
Activity Description IM-G0043-Backup and storage management IM-G0030-Software Decommissioning Guidelines; IM-P0020- Computing Equipment Disposal/Transfer Procedure; IM-P0020D1- Hard Drive Cleaning; IM-P0020F1- Asset/Transfer/Sale Agreement
Director BLAKE
PE-7
Visitor Control
Examine
12/1/2011
Program Management
Ref # Nomenclature Compliance Statement Validation Approach Compliance Date Activity Description IM-G0047-Logical (Data and Programs) Security Guideline; IM-G0022-Information Ownership, Maintenance and Data Sensitivity Classification; IM-G0055-Technical Configuration Guideline; IM-G0029-Risk Management Guideline Director GUY
PM-10
Yes
Examine
12/1/2011
Page 6
Page 7
Page 8
SI-3
SI-4
CERTIFICATION OF COMPLIANCE: I certify that I am an official representative for [insert name of contractor], that I have authority to sign this document and obligate [insert name of contractor] to the statements made in this document, and that I have personal knowledge of the matters to which this certification applies. I also certify that [insert name of contractor] is in compliance with the enhanced safeguarding requirements identified within the contract clause stated above and this document. Signature: Name: Title: Company: Date:
Page 9