This section should also detail the Management Controls used to ensure that the agency meets its security goals. This includes internal controls used to assure that there is prevention or timely detection of unauthorized acquisition, use or disposition of the agencies’ assets and taking timely and effective action to correct security deficiencies or weaknesses identified by the agency Information Systems Security Program Managers (ISSPM) in their oversight and monitoring responsibilities. Correcting these deficiencies is an integral part of management accountability and must be considered a priority by the agency. Discuss in detail how your agency uses management controls to protect information assets, ensure that systems are certified and accredited, conduct periodic reviews of information security procedures to ensure they work as intended and provide support for the role of the ISSPM in your organization. Security Program: This section should discuss in specific detail the implementation of security policy and program activities. A key element of any successful security program is the evaluation of the sensitivity, confidentiality, integrity and availability of data. System confidentiality provides assurance that the information in an IT system is protected from disclosure to unauthorized persons, processes, or devices. System integrity provides assurance that information in an IT system is protected from unauthorized, unanticipated, or unintentional modification or destruction. System integrity also addresses the quality of an IT system reflecting the logical correctness and reliability of the operating system; the logical completeness of the hardware and software implementing the protection mechanisms; and the consistency of the data structures and occurrence of the stored data. System availability provides assurance that information, services, and IT system resources are accessible to authorized users and/or system-related processes on a timely and reliable basis and are protected from denial of service.
An Application requires special attention to security due to the risk and magnitude of the harm resulting from the loss,