The Memphis Office of Information and Technology (OI &T) develops, disseminates, and updates VA directives, VA handbooks, Standard Operating Procedures (SOP), memoranda, notes, and best practices, as required, to implement these policies, or institutes additional requirements to maintain the information assurance program. The first control of NIST request family policy and procedures. This document serves as the facility policy stating that we MVAMC follows VA 6500 Directive and NIST for the standard operating procedures are in place where applicable. This document serves as the facility policy stating that MVAMC follow VA 6500 Directive, Handbook and the standard operating procedures are in place, where applicable. This policy applies to the following controls: MP-1; MP-2; MP-3; MP-4; MP-5; MP- 6 …show more content…
The security program for the facilities listed is for MVAMC is designed to protect all Information Technology (IT), systems, information, and telecommunications resources from unauthorized access, disclosure, modification, destruction, or misuse. The MVAMC outline complies with VA Directive 6500, Managing Information Security Risk: VA Information Security Program, and VA Handbook 6500. Risk Management Framework of VA Information Systems – Tier 3: VA information Security program, Federal IT security laws and regulations, including Computer Security Act of 1987 (PL 100-235), Office of Management and Budget (OMB) Circular A-1 30 its appendices, Federal Information Security Management Act of 2002 (FISMA), and NIST guidance for MVAMC, this includes the add Health Insurance Portability and Accountability Act