FEA Security and Privacy Profile, Version 2.0†
- CIO Council
- PDF リンク切れ
The Federal Chief Information Officers Council published initial versions of the Federal Enterprise Architecture Security and Privacy Profile (FEA SPP) in July 2004 and July 2005. The current version of the methodology (Version 2.0) was modified based on validation exercises and an assessment of related documents. Validation testing was conducted at two Federal agencies1 to verify the methodology’s utility. Validation consisted of abbreviated applications of the FEA SPP methodology. An assessment of relatively new standards and documents such as Federal Information Processing Standards Publication (FIPS PUB) 199, Standards for Security Categorization of Federal Information and Information Systems; FIPS PUB 200, Minimum Security Requirements for Federal Information and Information Systems; and Data Reference Model (DRM) Version 2.0 have added to the utility of this document. FEA SPP Version 2.0 supersedes previous FEA SPP releases.
The FEA SPP is voluntary guidance applicable to any Federal government agency; it does not supersede or modify any law, regulation, or executive branch policy. Rather than providing a comprehensive discussion of requirements, the FEA SPP provides best practices and recommendations to promote the successful incorporation of security and privacy into an organization’s enterprise architecture and to ensure appropriate consideration of security and privacy requirements in agencies’ strategic planning and investment decision processes.