Warning: Duplicate entry '127' for key 'PRIMARY' query: INSERT INTO watchdog (uid, type, message, severity, link, location, referer, hostname, timestamp) VALUES (0, 'php', '<em>Function ereg() is deprecated</em> in <em>/home/priandoyo/smashingpasswords.com/includes/file.inc</em> on line <em>649</em>.', 2, '', 'http://www.smashingpasswords.com/nsa-certified-information-security-assessment-methodology-iam', '', '54.166.123.2', 1414787660) in /home/priandoyo/smashingpasswords.com/includes/database.mysql.inc on line 174

Warning: Duplicate entry '127' for key 'PRIMARY' query: INSERT INTO watchdog (uid, type, message, severity, link, location, referer, hostname, timestamp) VALUES (0, 'php', '<em>Function ereg() is deprecated</em> in <em>/home/priandoyo/smashingpasswords.com/includes/file.inc</em> on line <em>649</em>.', 2, '', 'http://www.smashingpasswords.com/nsa-certified-information-security-assessment-methodology-iam', '', '54.166.123.2', 1414787660) in /home/priandoyo/smashingpasswords.com/includes/database.mysql.inc on line 174

Warning: Duplicate entry '127' for key 'PRIMARY' query: INSERT INTO watchdog (uid, type, message, severity, link, location, referer, hostname, timestamp) VALUES (0, 'php', '<em>Function ereg() is deprecated</em> in <em>/home/priandoyo/smashingpasswords.com/includes/file.inc</em> on line <em>649</em>.', 2, '', 'http://www.smashingpasswords.com/nsa-certified-information-security-assessment-methodology-iam', '', '54.166.123.2', 1414787660) in /home/priandoyo/smashingpasswords.com/includes/database.mysql.inc on line 174

Warning: Duplicate entry '127' for key 'PRIMARY' query: INSERT INTO watchdog (uid, type, message, severity, link, location, referer, hostname, timestamp) VALUES (0, 'php', '<em>Function ereg() is deprecated</em> in <em>/home/priandoyo/smashingpasswords.com/includes/file.inc</em> on line <em>649</em>.', 2, '', 'http://www.smashingpasswords.com/nsa-certified-information-security-assessment-methodology-iam', '', '54.166.123.2', 1414787660) in /home/priandoyo/smashingpasswords.com/includes/database.mysql.inc on line 174

Warning: Duplicate entry '127' for key 'PRIMARY' query: INSERT INTO watchdog (uid, type, message, severity, link, location, referer, hostname, timestamp) VALUES (0, 'php', '<em>Function ereg() is deprecated</em> in <em>/home/priandoyo/smashingpasswords.com/includes/file.inc</em> on line <em>649</em>.', 2, '', 'http://www.smashingpasswords.com/nsa-certified-information-security-assessment-methodology-iam', '', '54.166.123.2', 1414787660) in /home/priandoyo/smashingpasswords.com/includes/database.mysql.inc on line 174

Warning: Duplicate entry '127' for key 'PRIMARY' query: INSERT INTO watchdog (uid, type, message, severity, link, location, referer, hostname, timestamp) VALUES (0, 'php', '<em>Function ereg() is deprecated</em> in <em>/home/priandoyo/smashingpasswords.com/includes/file.inc</em> on line <em>649</em>.', 2, '', 'http://www.smashingpasswords.com/nsa-certified-information-security-assessment-methodology-iam', '', '54.166.123.2', 1414787660) in /home/priandoyo/smashingpasswords.com/includes/database.mysql.inc on line 174

Warning: Duplicate entry '127' for key 'PRIMARY' query: INSERT INTO watchdog (uid, type, message, severity, link, location, referer, hostname, timestamp) VALUES (0, 'php', '<em>Function ereg() is deprecated</em> in <em>/home/priandoyo/smashingpasswords.com/includes/file.inc</em> on line <em>649</em>.', 2, '', 'http://www.smashingpasswords.com/nsa-certified-information-security-assessment-methodology-iam', '', '54.166.123.2', 1414787660) in /home/priandoyo/smashingpasswords.com/includes/database.mysql.inc on line 174

Warning: Duplicate entry '127' for key 'PRIMARY' query: INSERT INTO watchdog (uid, type, message, severity, link, location, referer, hostname, timestamp) VALUES (0, 'php', '<em>Function ereg() is deprecated</em> in <em>/home/priandoyo/smashingpasswords.com/includes/file.inc</em> on line <em>649</em>.', 2, '', 'http://www.smashingpasswords.com/nsa-certified-information-security-assessment-methodology-iam', '', '54.166.123.2', 1414787660) in /home/priandoyo/smashingpasswords.com/includes/database.mysql.inc on line 174

Warning: Duplicate entry '127' for key 'PRIMARY' query: INSERT INTO watchdog (uid, type, message, severity, link, location, referer, hostname, timestamp) VALUES (0, 'php', '<em>Function ereg() is deprecated</em> in <em>/home/priandoyo/smashingpasswords.com/includes/file.inc</em> on line <em>649</em>.', 2, '', 'http://www.smashingpasswords.com/nsa-certified-information-security-assessment-methodology-iam', '', '54.166.123.2', 1414787660) in /home/priandoyo/smashingpasswords.com/includes/database.mysql.inc on line 174

Warning: Duplicate entry '127' for key 'PRIMARY' query: INSERT INTO watchdog (uid, type, message, severity, link, location, referer, hostname, timestamp) VALUES (0, 'php', '<em>Function ereg() is deprecated</em> in <em>/home/priandoyo/smashingpasswords.com/includes/file.inc</em> on line <em>649</em>.', 2, '', 'http://www.smashingpasswords.com/nsa-certified-information-security-assessment-methodology-iam', '', '54.166.123.2', 1414787660) in /home/priandoyo/smashingpasswords.com/includes/database.mysql.inc on line 174

Warning: Duplicate entry '127' for key 'PRIMARY' query: INSERT INTO watchdog (uid, type, message, severity, link, location, referer, hostname, timestamp) VALUES (0, 'php', '<em>Function ereg() is deprecated</em> in <em>/home/priandoyo/smashingpasswords.com/includes/file.inc</em> on line <em>649</em>.', 2, '', 'http://www.smashingpasswords.com/nsa-certified-information-security-assessment-methodology-iam', '', '54.166.123.2', 1414787660) in /home/priandoyo/smashingpasswords.com/includes/database.mysql.inc on line 174

Warning: Duplicate entry '127' for key 'PRIMARY' query: INSERT INTO watchdog (uid, type, message, severity, link, location, referer, hostname, timestamp) VALUES (0, 'php', '<em>Function ereg() is deprecated</em> in <em>/home/priandoyo/smashingpasswords.com/includes/file.inc</em> on line <em>649</em>.', 2, '', 'http://www.smashingpasswords.com/nsa-certified-information-security-assessment-methodology-iam', '', '54.166.123.2', 1414787660) in /home/priandoyo/smashingpasswords.com/includes/database.mysql.inc on line 174

Warning: Duplicate entry '127' for key 'PRIMARY' query: INSERT INTO watchdog (uid, type, message, severity, link, location, referer, hostname, timestamp) VALUES (0, 'php', '<em>Function ereg() is deprecated</em> in <em>/home/priandoyo/smashingpasswords.com/includes/file.inc</em> on line <em>649</em>.', 2, '', 'http://www.smashingpasswords.com/nsa-certified-information-security-assessment-methodology-iam', '', '54.166.123.2', 1414787660) in /home/priandoyo/smashingpasswords.com/includes/database.mysql.inc on line 174

Warning: Duplicate entry '127' for key 'PRIMARY' query: INSERT INTO watchdog (uid, type, message, severity, link, location, referer, hostname, timestamp) VALUES (0, 'php', '<em>Function ereg() is deprecated</em> in <em>/home/priandoyo/smashingpasswords.com/includes/file.inc</em> on line <em>649</em>.', 2, '', 'http://www.smashingpasswords.com/nsa-certified-information-security-assessment-methodology-iam', '', '54.166.123.2', 1414787660) in /home/priandoyo/smashingpasswords.com/includes/database.mysql.inc on line 174

Warning: Duplicate entry '127' for key 'PRIMARY' query: INSERT INTO watchdog (uid, type, message, severity, link, location, referer, hostname, timestamp) VALUES (0, 'php', '<em>Function ereg() is deprecated</em> in <em>/home/priandoyo/smashingpasswords.com/includes/file.inc</em> on line <em>649</em>.', 2, '', 'http://www.smashingpasswords.com/nsa-certified-information-security-assessment-methodology-iam', '', '54.166.123.2', 1414787660) in /home/priandoyo/smashingpasswords.com/includes/database.mysql.inc on line 174

Warning: Duplicate entry '127' for key 'PRIMARY' query: INSERT INTO watchdog (uid, type, message, severity, link, location, referer, hostname, timestamp) VALUES (0, 'php', '<em>Function ereg() is deprecated</em> in <em>/home/priandoyo/smashingpasswords.com/includes/file.inc</em> on line <em>649</em>.', 2, '', 'http://www.smashingpasswords.com/nsa-certified-information-security-assessment-methodology-iam', '', '54.166.123.2', 1414787660) in /home/priandoyo/smashingpasswords.com/includes/database.mysql.inc on line 174
NSA Certified Information Security Assessment Methodology (IAM) | SmashingPasswords.com

NSA Certified Information Security Assessment Methodology (IAM)

  • : Function ereg() is deprecated in /home/priandoyo/smashingpasswords.com/includes/file.inc on line 649.
  • : Function ereg() is deprecated in /home/priandoyo/smashingpasswords.com/includes/file.inc on line 649.
  • : Function ereg() is deprecated in /home/priandoyo/smashingpasswords.com/includes/file.inc on line 649.
  • : Function ereg() is deprecated in /home/priandoyo/smashingpasswords.com/includes/file.inc on line 649.
  • : Function ereg() is deprecated in /home/priandoyo/smashingpasswords.com/includes/file.inc on line 649.
  • : Function ereg() is deprecated in /home/priandoyo/smashingpasswords.com/includes/file.inc on line 649.
  • : Function ereg() is deprecated in /home/priandoyo/smashingpasswords.com/includes/file.inc on line 649.
  • : Function ereg() is deprecated in /home/priandoyo/smashingpasswords.com/includes/file.inc on line 649.
  • : Function ereg() is deprecated in /home/priandoyo/smashingpasswords.com/includes/file.inc on line 649.
  • : Function ereg() is deprecated in /home/priandoyo/smashingpasswords.com/includes/file.inc on line 649.
  • : Function ereg() is deprecated in /home/priandoyo/smashingpasswords.com/includes/file.inc on line 649.
  • : Function ereg() is deprecated in /home/priandoyo/smashingpasswords.com/includes/file.inc on line 649.
  • : Function ereg() is deprecated in /home/priandoyo/smashingpasswords.com/includes/file.inc on line 649.
  • : Function ereg() is deprecated in /home/priandoyo/smashingpasswords.com/includes/file.inc on line 649.
  • : Function ereg() is deprecated in /home/priandoyo/smashingpasswords.com/includes/file.inc on line 649.
  • : Function ereg() is deprecated in /home/priandoyo/smashingpasswords.com/includes/file.inc on line 649.

The NSA Certified Information Security Assessment Methodology (NSA IAM) is an information security assessment methodology that baselines assessment activities. It breaks information security assessments into three phases: pre-assessment, on-site activities, and post-assessment. Each of these phases contains mandatory activities to ensure information security assessment consistency. It is important to note, however, that NSA IAM assessments consist of only documentation review, interviews, and observation. There is no testing done during an NSA IAM assessment. The NSA released the INFOSEC Evaluation Methodology to baseline testing activities.

I. Pre-assessment Phase
The purpose of the pre-assessment phase is to define customer requirements, set the assessment scope and determine assessment boundaries, gain an understanding of the criticality of the customer's information, and create the assessment plan. The NSA IAM measures both organizational information criticality and system information criticality. Organizational information consists of the information required to perform major business functions. System information then is identified by analyzing the information that is processed by the systems that support the major business functions.

On-Site Activities Phase
The on-site activities phase consists of validating pre-assessment-phase conclusions, gathering assessment data, and providing initial feedback to customer stakeholders. There are 18 baseline areas that are evaluated during an IAM assessment:

1. Information security documentation such as policies, procedures, and baselines
2. Roles and responsibilities
3. Contingency planning
4. Configuration management
5. Identification and authentication
6. Account management
7. Session controls
8. Auditing
9. Malicious code protection
10. System maintenance
11. System assurance
12. Networking/connectivity
13. Communications security
14. Media controls
15. Information classification and labeling
16. Physical environment
17. Personnel security
18. Education, training, and awareness

Post-assessment Phase
Once the assessment information is gathered, it is analyzed and consolidated into a report in the final post-assessment phase. The final report includes an executive summary, recognition of good security practices, and a statement regarding the overall information security posture of the organization

Trackback URL for this post:

http://www.smashingpasswords.com/trackback/128

User login

Who's online

There are currently 0 users and 20 guests online.

Who's new

  • yLeambz2
  • Carelver
  • Evigougrorp
  • brenna18xrzggfs
  • rory1050fufmizrnpkt