Term:Defense-In-Depth

From FISMApedia
Jump to: navigation, search

CNSSI 4009

Defense-In-Depth - IA strategy integrating people, technology, and operations capabilities to establish variable barriers across multiple layers and dimensions of networks. Synonymous with security-in-depth.

DoDD 8500.01E

Defense-In-Depth - The DoD approach for establishing an adequate IA posture in a shared-risk environment that allows for shared mitigation through: the integration of people, technology, and operations; the layering of IA solutions within and among IT assets; and, the selection of IA solutions based on their relative level of robustness. E2.1.11.

DoDD 8581.01

Defense-In-Depth - The DoD approach for establishing an adequate IA posture in a shared risk environment that allows for shared mitigation through the integration of people, technology, and operations; the layering of IA solutions within and among IT assets; and the selection of IA solutions based on their relative level of robustness ( reference (d)). (Footnote: See the Information Assurance Technical Framework available at http://www.iatf.net for technical guidance with respect to defining defense-in-depth requirements and to identify potential approaches to meet those requirements) E2.1.11.

DoDI 8500.02

Defense-In-Depth - The DoD approach for establishing an adequate IA posture in a shared-risk environment that allows for shared mitigation through: the integration of people, technology, and operations; the layering of IA solutions within and among IT assets; and the selection of IA solutions based on their relative level of robustness ( reference (a)). E2.1.11.

DSS Glossary

Defense-In-Depth - Department of Defense approach for establishing an adequate Information Assurance posture in a shared-risk environment that allows for shared mitigation through the integration of people, technology, and operations; the layering of Information Assurance solutions within and among information technology assets; and, the selection of Information Assurance solutions based on their relative level of robustness.

GAO-09-232G

Defense-In-Depth - A commonly accepted "best practice" for implementing computer security controls in today's networked environments. Integrates people, operations, and technology capabilities to protect information systems across multiple layers.

NIST SP 800-39 Draft 2

Defense-In-Depth - Information security strategy integrating people, processes, technology, and operations capabilities to establish variable barriers across multiple layers and dimensions of information systems. [CNSS Inst. 4009, Adapted]

NIST SP 800-53r3

Defense-In-Depth - Information security strategy integrating people, technology, and operations capabilities to establish variable barriers across multiple layers and missions of the organization.