Department of Homeland Security Headquarters (DHS HQ)
16 January 2015
(Content Version – 2012-01)
THE ATTACHED MATERIALS CONTAIN DEPARTMENT OF HOMELAND SECURITY INFORMATION THAT IS UNCLASSIFIED UNTIL FILLED IN (FOR OFFICIAL USE ONLY) INFORMATION REQUIRING PROTECTION AGAINST UNAUTHORIZED DISCLOSURE. THE ATTACHED MATERIALS MUST BE HANDLED AND SAFEGUARDED IN ACCORDANCE WITH PUBLIC LAW, EXECUTIVE ORDERS, DHS MANAGEMENT DIRECTIVES, AND OTHER REGULATIONS GOVERNING PROTECTION AND DISSEMINATION OF SUCH INFORMATION.
AT A MINIMUM, THE ATTACHED MATERIALS WILL BE DISSEMINATED ONLY ON A "NEED-TO-KNOW" BASIS AND WHEN UNATTENDED, MUST BE STORED IN AN APPROPRIATE MANNER AS DIRECTED BY PUBLIC LAW, EXECUTIVE ORDERS, DHS MANAGEMENT DIRECTIVES, AND OTHER REGULATIONS REGARDING PROTECTION AGAINST THEFT, COMPROMISE, INADVERTENT ACCESS, AND UNAUTHORIZED DISCLOSURE.
This system security plan (SSP) was developed by Department of Homeland Security Headquarters (DHS HQ) under the direction of the Department of Homeland Security Headquarters (DHS HQ) for use on designated National Security Systems.
This plan is based upon a review of the environment, documentation, DHS regulations/guidance, and interviews with the information system personnel conducted between dates. In addition to this plan, Risk Assessment (RA), Security Assessment Report (SAR), and Plan of Action and Milestones (POA&M)] have been developed under this task.
This SSP documents the current and planned controls for the system and addresses security concerns that may affect the system’s operating environment.
12.0 Physical and Environmental Protection (PE) 155
13.0 Planning (PL) 168
14.0 Personnel Security (PS) 175
15.0 Risk Assessment (RA) 181
16.0 System and Services Acquisition (SA) 188
17.0 System and Communications Protection (SC) 204
18.0 System and Information Integrity (SI) 229
19.0 Program Management (PM) 246
20.0 Privacy 256
21.0 Plan Approval 275
LIST OF TABLES
This system security plan (SSP) provides an overview of security requirements for Test_2015-01-15-1052([project acronym not provided]) and describes controls in place or planned for implementation to provide a level of security appropriate for the information processed. The SSP includes user responsibilities, roles and limitations, and general security procedures for users and security personnel. This section describes the implementation status security controls.
Security safeguards for the system shall meet the policy requirements set forth in this SSP. All systems are subject to monitoring consistent with applicable laws, regulations, agency policies, procedures, and practices.