Information Assurance Standards (2020)

The intent of the IA Standards Knowledge Unit is to provide students with an understanding of the common standards related to information assurance.

Outcomes[edit]

After completing the KU, students will be able to:

1. Compare and contrast different types of standards including: laws, regulations, policies, voluntary, and framework-based standards.
2. Map the processes for the creation and/or changes to different types of standards.
3. Describe the impact of legal/regulatory standards on a given system.
4. Describe how standards may be applied and assessed for a sub-contractor or customer.
5. List and describe key provisions of common standards.

Topics[edit]

1. Laws
   1. HIPAA
   2. FERPA
   3. Sarbanes-Oxley
   4. FISMA
   5. Data breach disclosure laws
2. Regulations
   1. FIPS 199, 200
   2. NIST SP Series, including 800-53
   3. FDA 21 CFR parts 806 and 820
   4. NERC CIP
   5. Rainbow Series
3. Commercial Standards
   1. PCI/DSS
4. Open Standards
   1. OWASP

Skills[edit]

NICE Framework Categories[edit]

CSEC 2017 Categories[edit]

Specialization Areas[edit]

• Health Care Security
• Security Policy Development and Compliance
• Systems Security Engineering, Specialization Area

See also[edit]

Related Knowledge Units

• IA Standards (2014)

Further reading[edit]

Suggested textbooks[edit]

Suggested academic readings[edit]

The Rainbow Series http://uh.edu/tech/cisre/resources/ia-resources/rainbow-series/

Sample knowledge test[edit]

Sample skills test[edit]

Sample abilities test[edit]

Additional notes or materials[edit]

Contacts[edit]

Reference ID[edit]

IAS