Text version of Figure 2: IT Security Program -- Process of Continual Evaluation and Improvement

GISRA
Systems Security Program Plan, FY 2001
IT Security Architecture, July 2001
Security Infrastructure Working Group

Configuration and Change Management:
-- Baselines
-- IT CCB
-- Centralized Administration (SMS)

flows to

Certification and Accreditation:
-- NIACAP
-- SSPP
-- OpenNet Plus CAP
-- C&A Document

flows to

Penetration Testing and Site Surveys:
-- Automated Tools
-- Firewalls

flows to Remediation of Vulnerabilities

flows back to Configuration and Change Management.

[end]