Test 2015-01-15-1052 ([project acronym not provided]) [project id not provided] System Security Plan



Yüklə 1,74 Mb.
səhifə2/26
tarix09.01.2019
ölçüsü1,74 Mb.
#94342
1   2   3   4   5   6   7   8   9   ...   26

Information Categorization


This section summarizes the [project acronym not provided] information security categorization levels as determined by the FIPS 199 Information Security Categorization. The [project acronym not provided] security impact levels for each of the three security objectives of confidentiality, integrity, and availability are identified in Table 1-2.
Table 1.0 Security Categorization

Confidentiality Impact Level:

High

Integrity Impact Level:

High

Availability Impact Level:

High


Table 1.0 System Designations

Chief Financial Officer (CFO) Designated Financial System

No

System Contains Privacy Data or PII




Classification or Sensitivity Level

UNCLASSIFIED//FOUO

Mission Essential System

No

Table 1.0 Information Types




Information Type

Highest Data Classification

Confidentiality impact

Integrity impact

Availability impact

Justification



    1. Responsible Organization/Personnel and Contact Information

The following DHS Component/Personnel are identified as the parties responsible for the system development of Test_2015-01-15-1052, its software maintenance and patch management. Also identified are the roles of system owner, technical information point-of-contact, authorizing official, security control assessor, CISO/ISSM, ISSO and any other role that has a significant responsibility to ensure the system is appropriately secure. It is the functional proponent or advocate for the information system and the activity responsible for identifying the funding for system development, deployment, and maintenance throughout the system's life cycle.


Table 1-5. Responsibility/Accountability Matrix

Responsible Organization

Organization

POC

Name (Include sub-component/department name)

Address

Name

Address

Phone

Email



    1. System Operation




      1. System Operational Status

The information system is in the following life cycle status:



      1. Authorization Status

The information system has the following authorization status:



      1. System Operation (Government or Contractor Operation)

{Identify who owns the system and who operates the system. The values are Government Owned Government Operated (GOGO), Government Owned Commercially Operated (GOCO), Commercially Owned Government Operated (COGO), or Commercially Owned Commercially Operated (COCO).}



    1. General Description/Mission


The following section provides an overview of the [project acronym not provided], and identifies the system’s mission, capabilities, users, and information data flow. It also describes the hardware, software and firmware implemented in support of [project acronym not provided].

      1. Authorization Boundary



{This section should include a description, in text, detailing the external boundary of the information system. The description should address applicable environments other than the primary production environment (i.e., maintenance, testing/development or backup environments). Where required the description should detail lines of responsibility demarcation that exist for any controls inherited from other information systems.}

      1. System Users





System Users Categories

Category Name

Minimum Clearance/Investigation

Foreign Nationals

Category Description

Master Administrator

Confidential

Not Allowed

A master administrator has full access to the entire application and is able to create additional master administrators as well as all other account types. Only master administrators have access to all of the application’s administrative tools.

Administrator

Confidential

Not Allowed

Administrators have permission to view and edit any information to which they have access. Administrator accounts should be given to those who have a need to access, edit, or configure your organization’s projects, continuous assessment settings, and reports.

Security Administrator

Confidential

Not Allowed

Security Administrators are similar to master administrators, but they have read-only access to everything except the application’s Audit page (Administration > Audit). Only security administrators and master administrators can view, export and clear the Audit.

Audit/Executive

Confidential

Not Allowed

Auditor/Executive accounts are similar to administrators, but have read-only access. Executive accounts are intended for managers who need to monitor progress, compliance, and risk levels.

User

Confidential

Not Allowed

User accounts are typically given to analysts who will require basic access to the system. Users typically must be assigned to a project in order to access it. Users do not have administrative rights over their projects.

There are no project personnel roles assigned to your system.



      1. Architecture

The following architectural drawings of Test_2015-01-15-1052 provide a visual depiction of the major system hardware elements that constitute Test_2015-01-15-1052.




      1. Major Applications

The following table(s) identifies the major applications supported by the information system.



Table 1-6. Major Application Supported by Test_2015-01-15-1052

Application Name

Function

Type of Information

FISMA ID

Confidentiality Impact Level

Integrity Impact Level

Availability Impact Level























      1. Subsystems/Minor Applications

The following table(s) identify the subsystems/Minor Applications for Test_2015-01-15-1052.



Table 1-7. Test_2015-01-15-1052 Subsystems/Minor Applications

Application Name

Function

Type of Information

FISMA ID

Location

















      1. Hardware/Virtual Machines/Software/Firmware Description

There is no hardware associated with the project.

There is no software in the project.

      1. Encryption/PKI

{This section should address the types of encryption solutions deployed for the information system.}



Table 1-6. PKI Certificates

Certificate Name

Certificate Type

Certificate Issuer

Expiration Date

Cryptography Algorithm Supported

















      1. Encryption Devices

{Identify any encryption devices used in the system architecture. These should be identified in the system architecture diagram included in section 1.4.5, and described in the following table:}



Table 1-10. Encryption Devices

Hostname

MFR

Model

Version

Location



















    1. Yüklə 1,74 Mb.

      Dostları ilə paylaş:
1   2   3   4   5   6   7   8   9   ...   26




Verilənlər bazası müəlliflik hüququ ilə müdafiə olunur ©muhaz.org 2024
rəhbərliyinə müraciət

gir | qeydiyyatdan keç
    Ana səhifə


yükləyin