The IT Law Wiki

Operational controls

32,068pages on
this wiki
Add New Page
Add New Page Talk0

Definition Edit

Operational controls (OPCON) are

[t]he security controls (i.e., safeguards or countermeasures) for an information system that are primarily implemented and executed by people (as opposed to systems).[1]

Overview Edit

"These controls are established to improve the security of a group, a specific system, or group of systems. Operational controls require technical or specialized expertise and often rely on management and technical controls. Operational control families include personnel security, contingency planning, configuration management, maintenance, system and information integrity, incident response, and awareness and training."[2]

References Edit

  1. FIPS 200. See also NIST Special Publication 800-53; NIST Special Publication 800-37.
  2. Tax Information Security Guidelines For Federal, State and Local Agencies, at 154.

Also on Fandom

Random Wiki