State Safety Oversight Program: Audit of the Tri-State Oversight Committee and the Washington Metropolitan Area Transit Authority

The following overview illustrates the main set of criteria and standards for the IS audit. The IS audit checks the effectiveness of the security organisation as well as the appropriateness and implementation of the organisation’s security concept. The security strategy and the implementations of technical, organisational, and personal safeguards are examined (see [BMI2]). IS audits should be performed regularly. Federal agencies are obligated by the Federal Implementation Plan to perform a comprehensive IS audit at least every 3 years. This audit must always examine all aspects of the organisation taking all IT-Grundschutz layers into account....