Which of the following controls do NOT come under technical class of control?

Which of the following controls do NOT come under technical class of control?

A. Program management control

B. System and Communications Protection control

C. Identification and Authentication control

D. Access Control

View Answer

Answer: A

Explanation:

Program Management control comes under management class of controls, not technical.

Program Management control is driven by the Federal Information Security Management Act (FISMA). It provides controls to ensure compliance with FISMA. These controls complement other controls. They don’t replace them.

Incorrect Answers:

B, C, D: These controls comes under technical class of control.

The Technical class of controls includes four families. These families include over 75 individual controls.

Following is a list of each of the families in the Technical class:

– Access Control (AC): This family of controls helps an organization implement effective access control. They ensure that users have the rights and permissions they need to perform their jobs, and no more. It includes principles such as least privilege and separation of duties.

– Audit and Accountability (AU): This family of controls helps an organization implement an effective audit program. It provides details on how to determine what to audit. It provides details on how to protect the audit logs. It also includes information on using audit logs for non-repudiation.

– Identification and Authentication (IA): These controls cover different practices to identify and authenticate users. Each user should be uniquely identified. In other words, each user has one account. This account is only used by one user. Similarly, device identifiers uniquely identify devices on the network.

– System and Communications Protection (SC): The SC family is a large group of controls that cover many aspects of protecting systems and communication channels. Denial of service protection and boundary protection controls are included. Transmission integrity and confidentiality controls are also included.