Security Control Inheritance and Requirements Traceability (E02a)
This talk will discuss how identifying the inheritance of security controls in your operating environment can increase the efficiency of your system security design by allowing you to inherit functionality that has previously been validated and help you to ensure coverage and traceability of compliance requirements. A key aspect of security programs is mapping requirements from compliance frameworks to the system components that must address the requirements. The security design and architecture of information systems is developed to identify how system requirements will be satisfied; this may include Common Controls or Hybrid Controls provided by an enterprise system or from an external service provider that can be inherited by multiple information systems.