The purpose of this paper is to take the wide variety of federal government laws, regulations, and guidance combined with industry best practices to determine the proper security policies, procedures, guidelines, and standards are put into place to ensure adequate security controls are implemented. The ONR Networking Team utilized security documentation published by the National Institute of Standards and Technology (NIST), the Office of Management and Budget (OMB), the National Security Agency (NSA), and the General Accounting Office (GAO), to help implement an effective ONR security program:

(FISCAM) Federal Information Systems Audit Management

  1. Periodically Access Risk
  2. Document an entity-wide security program plan
  3. Establish a security management structure and clearly assign security responsibilities
  4. Implement effective security- related personnel policies
  5. Monitor the security