Return to the USDOJ/OIG Home Page

Independent Evaluation Pursuant to the Government Information Security Reform Act
Fiscal Year 2002

The Federal Bureau of Prisons' Inmate Telephone System II

Report No. 03-04
November 2002
Office of the Inspector General


APPENDIX I

NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY
GENERAL CONTROL AREAS

The review focused on evaluating the adequacy of management, operational and technical controls over the following specific control areas:

  1. MANAGEMENT CONTROLS. Management controls focus on the management of the IT security system and the management of risk for a system. They are techniques and concerns that are normally addressed by management.


  2. OPERATIONAL CONTROLS.
  3. Operational controls address security controls that are implemented and executed by people. These controls are put in place to improve the security of a particular system. They often require technical or specialized expertise and rely upon management activities as well as technical controls.

  4. TECHNICAL CONTROLS.
  5. Technical controls focus on security controls that the computer system executes and depend upon the proper functioning of the system to be effective. Technical controls require significant operational considerations and should be consistent with the management of security within the organization.