Subscribe by RSS
Federal Enterprise Architecture Security and Privacy Profile, version 3
Issued By: AIC - Effective Date: 09.30.2010, 4199.658K, doc
Abstract: The Federal Chief Information Officers Council published initial versions of the Federal Enterprise Architecture Security and Privacy Profile (FEA-SPP) in July 2004, and July 2005. The prior version of the methodology (Version 2.0) that was published in June 2006 modified steps in the methodology based on validation exercises and an assessment of related documents. Validation testing was conducted at two Federal agencies to verify the methodology's utility. Validation consisted of abbreviated applications of the FEA-SPP methodology. An assessment of relatively new standards and documents such as Federal Information Processing Standards Publication (FIPS PUB) 199, Standards for Security Categorization of Federal Information and Information Systems; FIPS PUB 200, Minimum Security Requirements for Federal Information and Information Systems; and Data Reference Model (DRM) added to the utility of this document. FEA-SPP Version 3.0 supersedes previous FEA SPP releases and incorporates updates to IT security and risk management practices contained in the National Institute for Standards and Technology (NIST) Special Publication (SP) 800-37, SP-800-39, and SP-800-53A, as well as the concepts contained in the CIO Council's document on the Federal Segment Architecture Methodology (FSAM) and concepts from OMB Line of Business initiatives such as the Information Sharing Environment (ISE). Version 3.0 also incorporates a security and privacy control assessment tool, which is intended to be a non-proprietary software product that can be used to identify security controls at the enterprise, segment, and system levels of an architecture and illustrate how concepts in this document can be put into practice.
