NSA InfoSec Assessment Methodology

Only after understanding the goals and criticality of organizational resources can we prioritize security efforts. The NSA IAM process delivers a report with customized priorities and detailed recommendations. It emphasizes the assessment of the security of the organization as a whole and does not include any technical scans or technical analysis. The process is a three phased approach, beginning with the pre-assessment phase, then the on-site assessment phase, and ending with the post-assessment phase which is compilation of this report.