Test 2015-01-15-1052 ([project acronym not provided]) [project id not provided] System Security Plan



Yüklə 1,74 Mb.
səhifə1/26
tarix09.01.2019
ölçüsü1,74 Mb.
#94342
  1   2   3   4   5   6   7   8   9   ...   26

[Document classification not provided]


Test_2015-01-15-1052

([project acronym not provided])

[project ID not provided]

System Security Plan

(SSP)

Prepared for


Department of Homeland Security Headquarters (DHS HQ)

16 January 2015

(Content Version – 2012-01)


THE ATTACHED MATERIALS CONTAIN DEPARTMENT OF HOMELAND SECURITY INFORMATION THAT IS UNCLASSIFIED UNTIL FILLED IN (FOR OFFICIAL USE ONLY) INFORMATION REQUIRING PROTECTION AGAINST UNAUTHORIZED DISCLOSURE. THE ATTACHED MATERIALS MUST BE HANDLED AND SAFEGUARDED IN ACCORDANCE WITH PUBLIC LAW, EXECUTIVE ORDERS, DHS MANAGEMENT DIRECTIVES, AND OTHER REGULATIONS GOVERNING PROTECTION AND DISSEMINATION OF SUCH INFORMATION.
AT A MINIMUM, THE ATTACHED MATERIALS WILL BE DISSEMINATED ONLY ON A "NEED-TO-KNOW" BASIS AND WHEN UNATTENDED, MUST BE STORED IN AN APPROPRIATE MANNER AS DIRECTED BY PUBLIC LAW, EXECUTIVE ORDERS, DHS MANAGEMENT DIRECTIVES, AND OTHER REGULATIONS REGARDING PROTECTION AGAINST THEFT, COMPROMISE, INADVERTENT ACCESS, AND UNAUTHORIZED DISCLOSURE.

DOCUMENT CHANGE HISTORY




Version

Date

Author

Description



























Preface

This system security plan (SSP) was developed by Department of Homeland Security Headquarters (DHS HQ) under the direction of the Department of Homeland Security Headquarters (DHS HQ) for use on designated National Security Systems.

This plan is based upon a review of the environment, documentation, DHS regulations/guidance, and interviews with the information system personnel conducted between dates. In addition to this plan, Risk Assessment (RA), Security Assessment Report (SAR), and Plan of Action and Milestones (POA&M)] have been developed under this task.
This SSP documents the current and planned controls for the system and addresses security concerns that may affect the system’s operating environment.

TABLE OF CONTENTS





Preface 2

1.0System Identification 4

1.1Definition 4

1.2System Name 4

1.3Information Categorization 4

1.4Responsible Organization/Personnel and Contact Information 5

1.5System Operation 6

1.5.1 System Operational Status 6

1.5.2Authorization Status 6

1.5.3System Operation (Government or Contractor Operation) 6

1.6General Description/Mission 6

1.6.1Authorization Boundary 6

1.6.2System Users 6

1.6.3Architecture 7

1.6.4Major Applications 8

1.6.5Subsystems/Minor Applications 8

1.6.6Hardware/Virtual Machines/Software/Firmware Description 8

1.6.7Encryption/PKI 10

1.6.8Encryption Devices 10

1.7System Environment 10

1.8NSS Physical Environment Considerations 11

1.9System Interconnection/Information Sharing 11

1.9.1Information Flow 11

1.9.2System Interconnections 11

1.9.3Cross Domain Solutions 12

1.9.4Cloud Service Layers 12

1.9.5Mobile Code 12

1.9.6Ports, Protocols, & Services 12

1.10Privacy Considerations 12

1.11Overlays 13

1.12Applicable Laws/ Regulations/Policies Affecting the System 13

1.12.1Sensitive Systems Laws, Regulations, and Policies 13

(with 800-53 Rev 4) 14

1.12.2National Security Systems Laws, Regulations, and Policies 14

2.0 Access Control (AC) 15

3.0 Awareness and Training (AT) 39

4.0 Audit and Accountability (AU) 42

5.0 Security Assessment and Authorization (CA) 57

6.0 Configuration Management (CM) 71

7.0 Contingency Planning (CP) 93

8.0 Identification and Authentication (IA) 112

9.0 Incident Response (IR) 128

10.0 Maintenance (MA) 136

11.0 Media Protection (MP) 144

12.0 Physical and Environmental Protection (PE) 155

13.0 Planning (PL) 168

14.0 Personnel Security (PS) 175

15.0 Risk Assessment (RA) 181

16.0 System and Services Acquisition (SA) 188

17.0 System and Communications Protection (SC) 204

18.0 System and Information Integrity (SI) 229

19.0 Program Management (PM) 246

20.0 Privacy 256

21.0 Plan Approval 275

Acronyms 276



LIST OF TABLES

  1. System Identification


This system security plan (SSP) provides an overview of security requirements for Test_2015-01-15-1052([project acronym not provided]) and describes controls in place or planned for implementation to provide a level of security appropriate for the information processed.  The SSP includes user responsibilities, roles and limitations, and general security procedures for users and security personnel. This section describes the implementation status security controls.

Security safeguards for the system shall meet the policy requirements set forth in this SSP. All systems are subject to monitoring consistent with applicable laws, regulations, agency policies, procedures, and practices.



    1. Definition


    1. System Name



Table 1.0 System Name

FISMA ID:




System Name:

Test_2015-01-15-1052

System Abbreviation:

[project acronym not provided]

Version:

[project version not provided]





    1. Yüklə 1,74 Mb.

      Dostları ilə paylaş:
  1   2   3   4   5   6   7   8   9   ...   26




Verilənlər bazası müəlliflik hüququ ilə müdafiə olunur ©muhaz.org 2022
rəhbərliyinə müraciət

    Ana səhifə