Test 2015-01-15-1052 ([project acronym not provided]) [project id not provided] System Security Plan
Yüklə 1,74 Mb.
|
- Bu səhifədəki naviqasiya:
- NSS Physical Environment Considerations
- System Interconnection/Information Sharing
- System Interconnections
- Cloud Service Layers
- Mobile Code
- Privacy Considerations
System Environment{This section should discuss the physical environment of the information system including any special circumstances that may increase the risk of the operating the system - For example: The system does not not reside in a DHS Datacenter (DC1 or DC2). This section should also detail any system elements, hardware or software that mitigates the security risks of operating the system. }
{This section should address the types of encryption solutions deployed for the information system.} Table 1-11 NSS Physical Environment Considerations
{This section should discuss how data flows across each interconnection listed in the tables above as well as describe the flow of data across key internal system boundaries.}
There is no system interconnection/information sharing associated with your project. {Is there a Cross Domain Solution associated with the system? A CDS is required for any information that crosses a security domain electronically. Manual (i.e., sneaker-net) transfers must also be identified. If there is a cross domain system associated with the system a table like the one below should be completed. } Table 1-13: Cross Domain Solutions
Information systems, particularly those based on cloud architecture models, are made up of different service layers. The layers of the Test_2015-01-15-1052 that are defined in this SSP, and are not leveraged by any other Provisional Authorizations, are indicated in the table that follows. Table 1-14: Cloud Service Layers Represented in this SSP
{This section should declare the use and approval of any mobile code deployed within the boundaries of the information system.}
{Section 208 of the E-Government Act of 2002 and Section 522 of the Consolidated Appropriations Act of 2005 require that when developing or procuring IT systems or projects that collect, use, store, and/or disclose information in identifiable form from or about members of the public or organization employees (the latter prescribed by sect. 522), to identify potential privacy risks and implement appropriate privacy controls and compliance requirements. Insert the system "does" or "does not" contain privacy information. Determine and document if the Privacy Act applies to this system. If the Privacy Act applies and the system contains privacy information, insert a reference to privacy-related documentation (e.g., A Privacy Impact Assessment (PIA), Privacy Threshold Analysis (PTA) was conducted as part of the current authorization process), and the date the documentation was submitted.}
| |||||||||||||||||||||||||||||||||||||||