Test 2015-01-15-1052 ([project acronym not provided]) [project id not provided] System Security Plan
Yüklə 1,74 Mb.
|
- Bu səhifədəki naviqasiya:
- Preface
- TABLE OF CONTENTS
- System Identification
- Definition
| [Document classification not provided] Test_2015-01-15-1052 ([project acronym not provided]) [project ID not provided] System Security Plan (SSP) Prepared for Department of Homeland Security Headquarters (DHS HQ) 16 January 2015 (Content Version – 2012-01) THE ATTACHED MATERIALS CONTAIN DEPARTMENT OF HOMELAND SECURITY INFORMATION THAT IS UNCLASSIFIED UNTIL FILLED IN (FOR OFFICIAL USE ONLY) INFORMATION REQUIRING PROTECTION AGAINST UNAUTHORIZED DISCLOSURE. THE ATTACHED MATERIALS MUST BE HANDLED AND SAFEGUARDED IN ACCORDANCE WITH PUBLIC LAW, EXECUTIVE ORDERS, DHS MANAGEMENT DIRECTIVES, AND OTHER REGULATIONS GOVERNING PROTECTION AND DISSEMINATION OF SUCH INFORMATION. AT A MINIMUM, THE ATTACHED MATERIALS WILL BE DISSEMINATED ONLY ON A "NEED-TO-KNOW" BASIS AND WHEN UNATTENDED, MUST BE STORED IN AN APPROPRIATE MANNER AS DIRECTED BY PUBLIC LAW, EXECUTIVE ORDERS, DHS MANAGEMENT DIRECTIVES, AND OTHER REGULATIONS REGARDING PROTECTION AGAINST THEFT, COMPROMISE, INADVERTENT ACCESS, AND UNAUTHORIZED DISCLOSURE. DOCUMENT CHANGE HISTORY
PrefaceThis system security plan (SSP) was developed by Department of Homeland Security Headquarters (DHS HQ) under the direction of the Department of Homeland Security Headquarters (DHS HQ) for use on designated National Security Systems. This plan is based upon a review of the environment, documentation, DHS regulations/guidance, and interviews with the information system personnel conducted between dates. In addition to this plan, Risk Assessment (RA), Security Assessment Report (SAR), and Plan of Action and Milestones (POA&M)] have been developed under this task.
Preface 2 1.0System Identification 4 1.1Definition 4 1.2System Name 4 1.3Information Categorization 4 1.4Responsible Organization/Personnel and Contact Information 5 1.5System Operation 6 1.5.1 System Operational Status 6 1.5.2Authorization Status 6 1.5.3System Operation (Government or Contractor Operation) 6 1.6General Description/Mission 6 1.6.1Authorization Boundary 6 1.6.2System Users 6 1.6.3Architecture 7 1.6.4Major Applications 8 1.6.5Subsystems/Minor Applications 8 1.6.6Hardware/Virtual Machines/Software/Firmware Description 8 1.6.7Encryption/PKI 10 1.6.8Encryption Devices 10 1.7System Environment 10 1.8NSS Physical Environment Considerations 11 1.9System Interconnection/Information Sharing 11 1.9.1Information Flow 11 1.9.2System Interconnections 11 1.9.3Cross Domain Solutions 12 1.9.4Cloud Service Layers 12 1.9.5Mobile Code 12 1.9.6Ports, Protocols, & Services 12 1.10Privacy Considerations 12 1.11Overlays 13 1.12Applicable Laws/ Regulations/Policies Affecting the System 13 1.12.1Sensitive Systems Laws, Regulations, and Policies 13 (with 800-53 Rev 4) 14 1.12.2National Security Systems Laws, Regulations, and Policies 14 2.0 Access Control (AC) 15 3.0 Awareness and Training (AT) 39 4.0 Audit and Accountability (AU) 42 5.0 Security Assessment and Authorization (CA) 57 6.0 Configuration Management (CM) 71 7.0 Contingency Planning (CP) 93 8.0 Identification and Authentication (IA) 112 9.0 Incident Response (IR) 128 10.0 Maintenance (MA) 136 11.0 Media Protection (MP) 144 12.0 Physical and Environmental Protection (PE) 155 13.0 Planning (PL) 168 14.0 Personnel Security (PS) 175 15.0 Risk Assessment (RA) 181 16.0 System and Services Acquisition (SA) 188 17.0 System and Communications Protection (SC) 204 18.0 System and Information Integrity (SI) 229 19.0 Program Management (PM) 246 20.0 Privacy 256 21.0 Plan Approval 275 Acronyms 276
LIST OF TABLES
This system security plan (SSP) provides an overview of security requirements for Test_2015-01-15-1052([project acronym not provided]) and describes controls in place or planned for implementation to provide a level of security appropriate for the information processed. The SSP includes user responsibilities, roles and limitations, and general security procedures for users and security personnel. This section describes the implementation status security controls. Security safeguards for the system shall meet the policy requirements set forth in this SSP. All systems are subject to monitoring consistent with applicable laws, regulations, agency policies, procedures, and practices.
Table 1.0 System Name
|