Program Review for Information Security Assistance PRISMA
PRISMA Review Option 1
The Program Review for Information Security Assistance (PRISMA) project was last updated in 2007; NIST Interagency Report (IR) 7358 and the corresponding PRISMA tool continue to serve as useful resources for high-level guidance and as a general framework, but may not be fully consistent with changes to requirements, standards and guidelines for securing systems. The PRISMA project is being incorporated into the NIST Cybersecurity Risk Analytics and Measurement project, and research to support updates will begin in FY24. For questions or comments regarding the NIST Cybersecurity Risk Analytics and Measurement project, please contact cyberriskanalytics@nist.gov.
Option one of a PRISMA review focuses on the strategic aspects of the overall information security program. The review identifies the level of maturity of the information security program and the agency's ability to comply with existing requirements in eight areas focus areas:
Information Security Management And Culture
- IT Roles and Responsibilities
- Security Control Review
- Rules of Behavior and Documentation
- Personnel Security
- Risk Management
Information Security Planning
Security Awareness, Training, And Education
- End Users' Security Awareness and Training
- Security and IT Professionals' with Trusted Functions Security Awareness and Training
- Executive and Management Security Awareness and Training
- Security Awareness and Training Infrastructure
- IT Security Part of Capital Planning Process
- Adequate Resources Applied to IT Security
- IT Security Funding Distributed Based Upon a Risk Model
- Cost-effective IT Security Solutions
- Procurement Controls
- Governance Process
- Systems and Projects Inventory
- System Development Life Cycle (SDLC) Methodology
- Changes Controlled and Tested Through SDLC
- Security Requirements Definition
Certification And Accreditation
Critical Infrastructure Protection
- Contingency Planning and Disaster Response
- Incident Identification, Reporting, and Response
Created December 07, 2016, Updated March 18, 2024