Which of the following controls do NOT come under technical class of control?
A.
Program management control
B.
System and Communications Protection control
C.
Identification and Authentication control
D.
Access Control
Explanation:
Program Management control comes under management class of controls, not technical.
Program Management control is driven by the Federal Information Security Management Act
(FISMA). It provides controls to ensure compliance with FISMA. These controls complement other
controls. They don’t replace them.
The Technical class of controls includes four families. These families include over 75 individual
controls. Following is a list of each of the families in the Technical class:
Access Control (AC): This family of controls helps an organization implement effective access
control. They ensure that users have the rights and permissions they need to perform their jobs,
and no more. It includes principles such as least privilege and separation ofduties.
Audit and Accountability (AU): This family of controls helps an organization implement an effective
audit program. It provides details on how to determine what to audit. It provides details on how to
protect the audit logs. It also includes information on using auditlogs for non-repudiation.
Identification and Authentication (IA): These controls cover different practices to identify and
authenticate users. Each user should be uniquely identified. In other words, each user has one
account. This account is only used by one user. Similarly, device identifiers uniquely identify
devices on the network.
System and Communications Protection (SC): The SC family is a large group of controls that
cover many aspects of protecting systems and communication channels. Denial of serviceprotection and boundary protection controls are included. Transmission integrity and confidentiality
controls are also included.