System Security Plan (ssp) Categorization: Moderate-Low-Low

Systems and Communications Protection (SC)

Yüklə 1,92 Mb.

səhifə	25/29
tarix	16.05.2018
ölçüsü	1,92 Mb.
	#50588

1 ... 21 22 23 24 25 26 27 28 29

10.22Systems and Communications Protection (SC)

10.22.1SC-1 – Systems and Communications Protection Policy and Procedures

Program-specific policies and procedures shall be included in the specific security controls listed below. There is no requirement for the Program to develop additional policy to meet the -1 control.

10.22.2SC-2 – Application Partitioning (+ Classified Overlay) (- Standalone)

After a relevance determination, this control can be tailored out for standalone IS.

Recommended Continuous Monitoring Frequency: Annual		Program Frequency:	Choose an item.
Implementation Status: Implemented Planned Organizational Tailoring: Compensatory Control (Provide justification below) Tailored In (Provide justification below) Tailored Out (Provide justification below) Modified (Provide justification below)
Control Origination (check all that apply): Common System Specific Hybrid (Common and System Specific)
Application partitioning is separating an application physically or logically into components that run on multiple servers. This provides additional security by separating specific IS management from general user functionality, as well as load balancing across the enterprise. The IS separates user functionality (including user interface services) from information system management functionality.
Click here to enter text.
CONTINUOUS MONITORING STRATEGY	Click here to enter text.

10.22.3SC-3 – Security Function Isolation (+ Classified Overlay) – NEW

Recommended Continuous Monitoring Frequency: Annual		Program Frequency:	Choose an item.
Implementation Status: Implemented Planned Organizational Tailoring: Compensatory Control (Provide justification below) Tailored In (Provide justification below) Tailored Out (Provide justification below) Modified (Provide justification below)
Control Origination (check all that apply): Common System Specific Hybrid (Common and System Specific)
The IS isolates security function from non-security functions. The information system isolates security functions from non-security functions by means of an isolation boundary (implemented via partitions and domains). Information systems restrict access to security functions through the use of access control mechanisms and by implementing least privilege capabilities.
Click here to enter text.
CONTINUOUS MONITORING STRATEGY	Click here to enter text.

10.22.4SC-4 – Information in Shared Resources (-Standalone Overlay)

After a relevance determination, this control can be tailored out for standalone IS with a single user.

Recommended Continuous Monitoring Frequency: Annual		Program Frequency:	Choose an item.
Implementation Status: Implemented Planned Organizational Tailoring: Compensatory Control (Provide justification below) Tailored In (Provide justification below) Tailored Out (Provide justification below) Modified (Provide justification below)
Control Origination (check all that apply): Common System Specific Hybrid (Common and System Specific)
This prevents information, including encrypted representations of information, produced by the actions of prior users/roles (or the actions of processes acting on behalf of prior users/roles) from being available to any current users/roles (or current processes) that obtain access to shared system resources (e.g., registers, main memory, hard disks) after those resources have been released back to information systems. The control of information in shared resources is also commonly referred to as object reuse and residual information protection. The IS prevents unauthorized and unintended information transfer via shared system resources.
Click here to enter text.
CONTINUOUS MONITORING STRATEGY	Click here to enter text.

Yüklə 1,92 Mb.

Dostları ilə paylaş:

1 ... 21 22 23 24 25 26 27 28 29