Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Using the Computer Security Expert Assist Team (CSEAT) Methodology to Improve IT Security

Published

Author(s)

K L. Lyons-Burke

Abstract

CSEAT provides an independent review of an organization¿s IT security program. The CSEAT review is not an audit or an inspection. The CSEAT review is an assessment of the state of the organization¿s IT security maturity and the IT security policies, procedures, and security controls implementation and integration across all business areas. The CSEAT review provides a consistent and comparable approach to IT security through consistent application of security control objectives and IT security effectiveness criteria. CSEAT performs a comparable review of the organization¿s structure, culture, and business mission. CSEAT utilizes extensive criteria containing specific control objectives against which an unclassified system or group of interconnected systems can be tested and measured. CSEAT has developed and maintains a computerized toolset to support the reviews. NIST¿s CSEAT does not establish new security requirements. The CSEAT security control objectives are abstracted directly from long-standing requirements found in federal government regulations, statutes, policies, and guidance on IT security. NIST IT security statutory responsibilities include: developing technical, management, physical, and administrative cost effective standards and guidance for IT security of Federal computer systems; and developing validation procedures for evaluating the effectiveness of standards and guidelines. The CSEAT review is based upon five stages of maturity: policy, procedures, implementation, test, and integration. Following the review, a prioritized action plan that can be implemented to improve agency or program IT security is provided to the organization.
Proceedings Title
Thirty-Sixth Hawaii International Conference on System Sciences (HICSS-36)

Keywords

Computer security, IT security, maturity level, review, security control objectives

Citation

Lyons-Burke, K. (2003), Using the Computer Security Expert Assist Team (CSEAT) Methodology to Improve IT Security, Thirty-Sixth Hawaii International Conference on System Sciences (HICSS-36) (Accessed October 3, 2024)

Issues

If you have any questions about this publication or are having problems accessing it, please contact reflib@nist.gov.

Created January 1, 2003, Updated February 17, 2017