Part I - Introduction
1. Purpose
This standard defines baseline security requirements that federal departments must fulfill to ensure the security of information and information technology (IT) assets under their control.
2. Scope and Application
The
Government Security Policy states requirements for protecting government assets, including information, and directs the federal departments and agencies to which it applies to have an IT security strategy. The
Policy on the Management of Government Information requires that departments protect information throughout its life cycle. This standard expands upon the requirements of both these policies. It also replaces the
Information Technology Security Standard (1995), Chapter 2-3 of the Treasury Board Information and Administrative Management Security Manual.
The
Government Security Policy defines IT security as the "safeguards to preserve the confidentiality, integrity, availability, intended use and value of electronically stored, processed or transmitted information." For the purposes of this standard, the term 'IT security' will also include the safeguards applied to the assets used to gather, process, receive, display, transmit, reconfigure, scan, store or destroy information electronically.