Secure Provisioning
Unlock the complete study guide + 1,040 practice questions across 16 full exams.
Bundled into the existing Certified Information Systems Security Professional premium course — no separate purchase.
Included in this chapter:
- The asset-management loop: own it, build it to baseline, inventory it
- Ownership as a provisioning control: owner decides, custodian implements
- Provisioning to a baseline: harden first, least functionality, change control
- Asset inventory and the CMDB: you cannot protect what you cannot see
- Exam-pattern recognition: how secure-provisioning questions are framed
Asset-security roles: who decides versus who implements
| Aspect | Information owner | System owner | Custodian |
|---|---|---|---|
| Altitude | Senior business / data steward | Senior business / system manager | IT / operations |
| Core responsibility | Sets controls and classification for specified information | Develops, operates, maintains, and disposes of the system | Implements and runs the controls the owner specifies |
| Accountable or responsible | Accountable (cannot be delegated) | Accountable (cannot be delegated) | Responsible for performing the work |
| Provisioning decision | What protection the data requires | How the system is built and maintained to deliver it | Applies the hardened baseline and keeps it current |
| Inventory role | Owns the data assets recorded | Owns the system components recorded (CM-8) | Maintains inventory accuracy on install/removal |
Cheat sheet
Unlock with Premium — includes all practice exams and the complete study guide.
References
- NIST glossary: asset (NIST SP 800-160 Vol. 2 Rev. 1) Whitepaper
- NIST glossary: information owner (FIPS 200 / SP 800-37 / SP 800-53) Whitepaper
- NIST glossary: system owner (CNSSI 4009-2015) Whitepaper
- NIST glossary: baseline configuration (NIST SP 800-128) Whitepaper
- NIST SP 800-53 Rev. 5 (CM-2, CM-6, CM-7, CM-8 Configuration Management family) Whitepaper