System Security Plan (ssp) Categorization: Moderate-Low-Low

Facility/System Layout Insert diagram or include as an attachment. 6.3Personnel Authorizations

Yüklə 1,92 Mb.

səhifə	4/29
tarix	16.05.2018
ölçüsü	1,92 Mb.
	#50588

1 2 3 4 5 6 7 8 9 ... 29

6.2Facility/System Layout

Insert diagram or include as an attachment.

6.3Personnel Authorizations

NIST 800-53, Rev. 4/DAA PM Reference:

AC-2

Minimum Clearance

Minimum Access

Citizenship

Foreign National

Top Secret

Secret

SAP

SCI

Both

Yes

6.4System Classification Level(s) & Compartment(s)

Classification

Caveats

Compartments

Secret

Top Secret

None

NATO

6.5Unique Data Handling Requirements

Instruction (DELETE IN FINAL DOCUMENT): Identify any unique handling requirements, e.g. NATO, NOFORN, NOCONTR, etc.>

Identify handling requirements/caveats.

6.6Information Access Policies

NIST 800-53, Rev. 4/DAA PM Reference:

AC-2, 3

Instruction (DELETE IN FINAL DOCUMENT): Insert or reference organizational or system-specific user access policies relevant to information types maintained on the information system. If appropriate, policies may be included in or placed in an appendix to the SSP. Access controls will be enforced or adjudicated through technical means to protect the information types (e.g. DAC/MAC).

Insert any additional organizational or system-specific user access policies.

7General System Description/Purpose

7.1System Description

Instruction (DELETE IN FINAL DOCUMENT): Provide a summary description of the system, its purpose and function; include high level description of the data flow, interconnected systems, operating system(s), key components, perimeter, information system boundary, and user(s). Ensure appropriate classification guidance is provided.

NIST 800-53, Rev. 4/DAA PM Reference:

PL-2

Enter System Description.

7.2System Architecture

Instruction (DELETE IN FINAL DOCUMENT): Describe the system architecture. As needed, show the architecture within the authorization boundary (e.g. servers, workstations, printers, etc.) in diagram form and place it in Appendix A. Either reference the location of the hardware and software lists or insert in Appendices B and C.

Describe System Architecture.

7.3Functional Architecture

Instruction (DELETE IN FINAL DOCUMENT): Describe or provide a diagram of the functional architecture of the system, e.g. Data Flow.

Describe functional architecture; e.g., data flow. Insert diagram if appropriate.

7.4User Roles and Access Privileges

Instruction (DELETE IN FINAL DOCUMENT): List roles and privileges (e.g. Privileged User, General User, Database Administrator, and Data Transfer Agent).

Role	Name	Authorized Privileges and Functions Performed
Click here to enter text.	Click here to enter text.	Click here to enter text.
Click here to enter text.	Click here to enter text.	Click here to enter text.
Click here to enter text.	Click here to enter text.	Click here to enter text.
Click here to enter text.	Click here to enter text.	Click here to enter text.

8Interconnections

8.1Direct Network Connections

**NOTE: Direct network connections with external organizations, whether internal or external to the facility must be addressed in an MOU/MOA and/or ISA. Indicate in Section 5.3.

NIST 800-53, Rev. 4/DAA PM Reference:			PL-2, AC-17, CA-3
This system does not connect to any other system.
This system connects to following system(s):
SYSTEM NAME	ORGANIZATION	CLASSIFICATION/ COMPARTMENTS		ATO ISSUED BY	DATE OF ATO
Click here to enter text.	Click here to enter text.	Click here to enter text.		Click here to enter text.	Click here to enter text.
Click here to enter text.	Click here to enter text.	Click here to enter text.		Click here to enter text.	Click here to enter text.
Click here to enter text.	Click here to enter text.	Click here to enter text.		Click here to enter text.	Click here to enter text.
Click here to enter text.	Click here to enter text.	Click here to enter text.		Click here to enter text.	Click here to enter text.

Yüklə 1,92 Mb.

Dostları ilə paylaş:

1 2 3 4 5 6 7 8 9 ... 29