
information and information systems that have been categorized in
accordance with FIPS Publication 199. The security controls are orga-
nized into three general classes (management, operational, and tech-
nical), which are intended to correspond to the major sections of a
security plan. Among the three classes there are a total of seventeen fam-
ilies, which represent the minimum security control requirements for
each class. Each family contains a list of specific security controls related
to the security function of the family,
12
shown in Table 5-5.
Facilitating Information Security Compliance
Complying with FISMA regulations is a complex task that r ...