ABSTRACT
This chapter focuses on the operational controls or those controls that govern the ongoing operational processes impacting security spanning multiple departments. The awareness and training control family serves to ensure that individuals within the organization have the appropriate level of training. The configuration management control family controls provide control of the configuration setting baselines and their ongoing integrity. Once the baseline is decided upon, there should be a periodic review to ensure that the baselines are being kept up with the latest changes by the issuing agency. The contingency planning control family ensures that the systems can be brought up in a reasonable amount of time in the event of a disaster. The incident response control family ensures that the organization has a predefined mechanism in place to respond to an incident. The maintenance control family ensures that the equipment is properly maintained by having contracts in place, service level agreements, spare parts available, and routine maintenance performed.
