Re: [Fed-Talk] DISA Information Impact Levels?
Re: [Fed-Talk] DISA Information Impact Levels?
- Subject: Re: [Fed-Talk] DISA Information Impact Levels?
- From: "Miller, Timothy J." <email@hidden>
- Date: Tue, 20 May 2014 20:13:55 +0000
- Thread-topic: [Fed-Talk] DISA Information Impact Levels?
That guidance is only operative for cloud service contracts. DoD guidance on impact analysis for authentication is in DoDI 8520.03, and for information systems generally is in DoDI 8510.01. Controls come from NIST SP 800-53 and appropriate overlays (e.g., CNSSI 1253F and attachments).
-- T
>-----Original Message-----
>From: fed-talk-bounces+tmiller=email@hidden [mailto:fed-talk-
>bounces+tmiller=email@hidden] On Behalf Of Marcus, Allan B
>Sent: Tuesday, May 20, 2014 2:26 PM
>To: Marcus, Allan B; Apple Fed-Talk
>Subject: Re: [Fed-Talk] DISA Information Impact Levels?
>
>I've received a few requests to share the info Eryk pointed me to.
>
>http://iase.disa.mil/cloud_security/downloads/dod_ecsb_security_model_1-
>2.pdf
>Page 6, Figure 3 - Security Model
>Note in the "Maximum Data Type and C-I_a column the x-y-z, where x =
>confidentiality, y = integrity, and z = availability.
>
>--
>Thanks,
>
>Allan Marcus
>Chief IT Architect
>Los Alamos National Laboratory
>505-667-5666
>email@hidden
>
>If you always do what you always did, you will always get what you always got.
>[Albert Einstein]
>
>From: <Marcus>, Allan Marcus <email@hidden>
>Date: Monday, May 19, 2014 3:20 PM
>To: Allan Marcus <email@hidden>, Apple Fed-Talk <email@hidden>
>Subject: Re: [Fed-Talk] DISA Information Impact Levels?
>
>
>
> Thanks to Erik van Bronkhorst I got the info!
>
> --
> Thanks,
>
> Allan Marcus
> Chief IT Architect
> Los Alamos National Laboratory
> 505-667-5666
> email@hidden
>
> If you always do what you always did, you will always get what you
>always got. [Albert Einstein]
>
>
> From: <Marcus>, Allan Marcus <email@hidden>
> Date: Monday, May 19, 2014 3:02 PM
> To: Apple Fed-Talk <email@hidden>
> Subject: [Fed-Talk] DISA Information Impact Levels?
>
>
>
> I'm trying to learn more about DISA Impact Levels. From what I
>understand the levels are 1-5, and are based on NIST and FIPS documents, but
>I cannot find any explanation of how DISA determines impact levels, and how
>they came up with 1 to 5. If you have any DISA contacts, can you please see if
>you can find out about these "impact levels", specifically on an explanation of
>what 1-5 mean and how they are calculated?
>
> --
> Thanks,
>
> Allan Marcus
> Chief IT Architect
> Los Alamos National Laboratory
> 505-667-5666
> email@hidden
>
> If you always do what you always did, you will always get what
>you always got. [Albert Einstein]
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden