This system security plan (SSP) was developed by Department of Homeland Security Headquarters (DHS HQ) under the direction of the Department of Homeland Security Headquarters (DHS HQ) for use on designated National Security Systems.
This plan is based upon a review of the environment, documentation, DHS regulations/guidance, and interviews with the information system personnel conducted between dates. In addition to this plan, Risk Assessment (RA), Security Assessment Report (SAR), and Plan of Action and Milestones (POA&M)] have been developed under this task.
This SSP documents the current and planned controls for the system and addresses security concerns that may affect the system’s operating environment.
TABLE OF CONTENTS
Preface 2
1.0System Identification 4
1.1Definition 4
1.2System Name 4
1.3Information Categorization 4
1.4Responsible Organization/Personnel and Contact Information 5
1.5System Operation 6
1.5.1 System Operational Status 6
1.5.2Authorization Status 6
1.5.3System Operation (Government or Contractor Operation) 6
1.6General Description/Mission 6
1.6.1Authorization Boundary 6
1.6.2System Users 6
1.6.3Architecture 7
1.6.4Major Applications 8
1.6.5Subsystems/Minor Applications 8
1.6.6Hardware/Virtual Machines/Software/Firmware Description 8
1.6.7Encryption/PKI 10
1.6.8Encryption Devices 10
1.7System Environment 10
1.8NSS Physical Environment Considerations 11
1.9System Interconnection/Information Sharing 11
1.9.1Information Flow 11
1.9.2System Interconnections 11
1.9.3Cross Domain Solutions 12
1.9.4Cloud Service Layers 12
1.9.5Mobile Code 12
1.9.6Ports, Protocols, & Services 12
1.10Privacy Considerations 12
1.11Overlays 13
1.12Applicable Laws/ Regulations/Policies Affecting the System 13
1.12.1Sensitive Systems Laws, Regulations, and Policies 13
(with 800-53 Rev 4) 14
1.12.2National Security Systems Laws, Regulations, and Policies 14
2.0 Access Control (AC) 15
3.0 Awareness and Training (AT) 39
4.0 Audit and Accountability (AU) 42
5.0 Security Assessment and Authorization (CA) 57
6.0 Configuration Management (CM) 71
7.0 Contingency Planning (CP) 93
8.0 Identification and Authentication (IA) 112
9.0 Incident Response (IR) 128
10.0 Maintenance (MA) 136
11.0 Media Protection (MP) 144
12.0 Physical and Environmental Protection (PE) 155
13.0 Planning (PL) 168
14.0 Personnel Security (PS) 175
15.0 Risk Assessment (RA) 181
16.0 System and Services Acquisition (SA) 188
17.0 System and Communications Protection (SC) 204
18.0 System and Information Integrity (SI) 229
19.0 Program Management (PM) 246
20.0 Privacy 256
21.0 Plan Approval 275
Acronyms 276
Security safeguards for the system shall meet the policy requirements set forth in this SSP. All systems are subject to monitoring consistent with applicable laws, regulations, agency policies, procedures, and practices.