System Security Plan (ssp) Categorization: Moderate-Low-Low

PL-2(3) – System Security Plan: Coordinate with Organization Entities

Program Frequency:



CONTINUOUS MONITORING STRATEGY

Click here to enter text.

3. PL-4 – Rules of Behavior

Program Frequency:



1. 
   Receives a signed acknowledgment from such individuals, indicating that they have read, understand, and agree to abide by the rules of behavior, before authorizing access to information and the information system;
   

2. 
   Reviews and updates the rules of behavior at least annually;
   

3. 
   Requires individuals who have signed a previous version of the rules of behavior to read and re-sign when the rules of behavior are revised/updated.
   

CONTINUOUS MONITORING STRATEGY

Click here to enter text.

PL-4(1) – Rules of Behavior: Social Media and Networking Restrictions

Program Frequency:



CONTINUOUS MONITORING STRATEGY

Click here to enter text.

4. PL-8 – Information Security Architecture

Program Frequency:



1. 
   Reviews and updates the information security at least annually or when changes to the IS or its environment warrant to reflect updates in the enterprise architecture;
   

2. 
   Ensures that planned information security architecture changes are reflected in the security plan, the security Concept of Operations (CONOPS) (if appropriate), and organizational procurements/acquisitions;
   

3. 
   Requires individuals who have signed a previous version of the rules of behavior to read and re-sign when the rules of behavior are revised/updated.
   

CONTINUOUS MONITORING STRATEGY

Click here to enter text.

PL-8(1) – Information Security Architecture: Defense in Depth

Program Frequency:



CONTINUOUS MONITORING STRATEGY

Click here to enter text.

PL-8(2) – Information Security Architecture: Supplier Diversity

Program Frequency:



CONTINUOUS MONITORING STRATEGY

Click here to enter text.

14. Personnel Security (PS)

    1. PS-1 – Personnel Security Policy and Procedures

Program Frequency:



1. 
   Rescreens individuals according to personnel security guidelines defined.
   

CONTINUOUS MONITORING STRATEGY

Click here to enter text.

PS-3(1) – Personnel Screening: Classified Information

Program Frequency:



CONTINUOUS MONITORING STRATEGY

Click here to enter text.

2. PS-4 – Personnel Termination

Program Frequency:



1. 
   Terminates/revokes any authenticators/credentials associated with the individual;
   

2. 
   Conducts exit interviews that include a discussion of any prohibitions regarding the information obtained during the employment;
   

3. 
   Retrieves all security-related organizational information system-related property;
   

4. 
   Retains access to organizational information and information systems formerly controlled by terminated individual;
   

5. 
   Notifies the ISSM immediately upon termination.
   

CONTINUOUS MONITORING STRATEGY

Click here to enter text.

PS-4(1) – Personnel Termination: Post-Termination Requirements

Program Frequency:



CONTINUOUS MONITORING STRATEGY

Click here to enter text.

3. PS-5 – Personnel Transfer

Program Frequency:



1. 
   Initiates reassignment actions to ensure all system access no longer required (need to know) are removed or disabled within 10 working days;
   

2. 
   Modifies access authorization as needed to correspond with any changes in operational need due to reassignment or transfer;
   

3. 
   Notifies the ISSM as soon as possible.
   

CONTINUOUS MONITORING STRATEGY

Click here to enter text.

4. PS-6 – Access Agreements

Program Frequency:



1. 
   Reviews and updates access agreements at least annually;
   

2. 
   Ensures that individuals requiring access to organization information and IS: sign appropriate access agreements prior to being granted access; re-sign access agreements to maintain access to organization IS when access agreements have been update or at least annually.
   

CONTINUOUS MONITORING STRATEGY

Click here to enter text.

PS-6(2) – Access Agreements: Classified Information Requiring Special Protection

Program Frequency:



CONTINUOUS MONITORING STRATEGY

Click here to enter text.

PS-6(3) – Access Agreements: Post-Employment Requirements

Program Frequency:



CONTINUOUS MONITORING STRATEGY

Click here to enter text.

5. PS-7 – Third-Party Personnel Security

Program Frequency:



1. 
   Requires third-party providers to comply with personnel security policies and procedures established by the organization;
   

2. 
   Documents personnel security requirements;
   

3. 
   Requires third-party providers to notify the organization of any personnel transfers or terminations of third-party personnel who possess organizational credentials and/or badges, or who have information system privileges as soon as possible, but not to exceed 1 working day;
   

4. 
   Monitors provider compliance.
   

CONTINUOUS MONITORING STRATEGY

Click here to enter text.

6. PS-8 - Personnel Sanctions

Program Frequency:



1. 
   Notifies the appropriate organizations as soon as possible when a formal employee sanctions process is initiated, identifying the individual sanctioned and the reason for the sanction.
   

CONTINUOUS MONITORING STRATEGY

Click here to enter text.

15. 
    
    Directory: documents
    documents -> Concept stage
    documents -> Concept stage
    documents -> The great global switch-off
    documents -> Nonprofit grant application
    documents -> The Truth about the Rwandan Genocide
    documents -> Annual InStructional unit plan
    documents -> Chaos equipment included
    
    
    
    Download 0.65 Mb.
    
    Share with your friends: