System Security Plan (ssp) Categorization: Moderate-Low-Low



Download 0.65 Mb.
Page15/16
Date02.05.2018
Size0.65 Mb.
#47206
1   ...   8   9   10   11   12   13   14   15   16

Planning (PL)

  1. PL-1 – Security Planning Policy and Procedures


Program-specific policies and procedures shall be included in the specific security controls listed below. There is no requirement for the Program to develop additional policy to meet the -1 control.

Recommended Continuous Monitoring Frequency: Annual

Program Frequency:





CONTINUOUS MONITORING STRATEGY

Click here to enter text.

      1. PL-2 – System Security Plan


Recommended Continuous Monitoring Frequency: Annual

Program Frequency:




  1. Distributes copies of the plan and communicates subsequent changes to the plan to all required stakeholders, to include the AO



  1. Reviews the security plan at least annually or when required due to system changes or modifications



  1. Updates the plan to address changes to the IS/operations environment or problems identified during plan implementation or security control assessments



  1. Protects the security plan from unauthorized disclosure and modification

CONTINUOUS MONITORING STRATEGY

Click here to enter text.


PL-2(3) – System Security Plan: Coordinate with Organization Entities


Recommended Continuous Monitoring Frequency: Annual

Program Frequency:



CONTINUOUS MONITORING STRATEGY

Click here to enter text.

      1. PL-4 – Rules of Behavior


Recommended Continuous Monitoring Frequency: Annual

Program Frequency:




  1. Receives a signed acknowledgment from such individuals, indicating that they have read, understand, and agree to abide by the rules of behavior, before authorizing access to information and the information system;

Click here to enter text.

  1. Reviews and updates the rules of behavior at least annually;

Click here to enter text.

  1. Requires individuals who have signed a previous version of the rules of behavior to read and re-sign when the rules of behavior are revised/updated.

Click here to enter text.

CONTINUOUS MONITORING STRATEGY

Click here to enter text.

PL-4(1) – Rules of Behavior: Social Media and Networking Restrictions


Recommended Continuous Monitoring Frequency: Annual

Program Frequency:



CONTINUOUS MONITORING STRATEGY

Click here to enter text.

      1. PL-8 – Information Security Architecture


Recommended Continuous Monitoring Frequency: Annual

Program Frequency:




  1. Reviews and updates the information security at least annually or when changes to the IS or its environment warrant to reflect updates in the enterprise architecture;

Click here to enter text.

  1. Ensures that planned information security architecture changes are reflected in the security plan, the security Concept of Operations (CONOPS) (if appropriate), and organizational procurements/acquisitions;

Click here to enter text.

  1. Requires individuals who have signed a previous version of the rules of behavior to read and re-sign when the rules of behavior are revised/updated.

Click here to enter text.

CONTINUOUS MONITORING STRATEGY

Click here to enter text.

PL-8(1) – Information Security Architecture: Defense in Depth


Recommended Continuous Monitoring Frequency: Annual

Program Frequency:



CONTINUOUS MONITORING STRATEGY

Click here to enter text.

PL-8(2) – Information Security Architecture: Supplier Diversity


Recommended Continuous Monitoring Frequency: Annual

Program Frequency:



CONTINUOUS MONITORING STRATEGY

Click here to enter text.

    1. Personnel Security (PS)

      1. PS-1 – Personnel Security Policy and Procedures


Program-specific policies and procedures shall be included in the specific security controls listed below. There is no requirement for the Program to develop additional policy to meet the -1 control.

Recommended Continuous Monitoring Frequency: Annual

Program Frequency:




  1. Rescreens individuals according to personnel security guidelines defined.

Click here to enter text.

CONTINUOUS MONITORING STRATEGY

Click here to enter text.

PS-3(1) – Personnel Screening: Classified Information


Recommended Continuous Monitoring Frequency: Annual

Program Frequency:



CONTINUOUS MONITORING STRATEGY

Click here to enter text.

      1. PS-4 – Personnel Termination


Recommended Continuous Monitoring Frequency: Annual

Program Frequency:




  1. Terminates/revokes any authenticators/credentials associated with the individual;

Click here to enter text.

  1. Conducts exit interviews that include a discussion of any prohibitions regarding the information obtained during the employment;

Click here to enter text.

  1. Retrieves all security-related organizational information system-related property;

Click here to enter text.

  1. Retains access to organizational information and information systems formerly controlled by terminated individual;

Click here to enter text.

  1. Notifies the ISSM immediately upon termination.

Click here to enter text.

CONTINUOUS MONITORING STRATEGY

Click here to enter text.

PS-4(1) – Personnel Termination: Post-Termination Requirements


Recommended Continuous Monitoring Frequency: Annual

Program Frequency:



CONTINUOUS MONITORING STRATEGY

Click here to enter text.

      1. PS-5 – Personnel Transfer



Recommended Continuous Monitoring Frequency: Annual

Program Frequency:




  1. Initiates reassignment actions to ensure all system access no longer required (need to know) are removed or disabled within 10 working days;

Click here to enter text.

  1. Modifies access authorization as needed to correspond with any changes in operational need due to reassignment or transfer;

Click here to enter text.

  1. Notifies the ISSM as soon as possible.

Click here to enter text.

CONTINUOUS MONITORING STRATEGY

Click here to enter text.

      1. PS-6 – Access Agreements


Recommended Continuous Monitoring Frequency: Annual

Program Frequency:




  1. Reviews and updates access agreements at least annually;

Click here to enter text.

  1. Ensures that individuals requiring access to organization information and IS: sign appropriate access agreements prior to being granted access; re-sign access agreements to maintain access to organization IS when access agreements have been update or at least annually.

Click here to enter text.

CONTINUOUS MONITORING STRATEGY

Click here to enter text.

PS-6(2) – Access Agreements: Classified Information Requiring Special Protection


Recommended Continuous Monitoring Frequency: Annual

Program Frequency:



CONTINUOUS MONITORING STRATEGY

Click here to enter text.

PS-6(3) – Access Agreements: Post-Employment Requirements


Recommended Continuous Monitoring Frequency: Annual

Program Frequency:



CONTINUOUS MONITORING STRATEGY

Click here to enter text.

      1. PS-7 – Third-Party Personnel Security


Recommended Continuous Monitoring Frequency: Annual

Program Frequency:




  1. Requires third-party providers to comply with personnel security policies and procedures established by the organization;

Click here to enter text.

  1. Documents personnel security requirements;

Click here to enter text.

  1. Requires third-party providers to notify the organization of any personnel transfers or terminations of third-party personnel who possess organizational credentials and/or badges, or who have information system privileges as soon as possible, but not to exceed 1 working day;

Click here to enter text.

  1. Monitors provider compliance.

Click here to enter text.

CONTINUOUS MONITORING STRATEGY

Click here to enter text.

      1. PS-8 - Personnel Sanctions


Recommended Continuous Monitoring Frequency: Annual

Program Frequency:




  1. Notifies the appropriate organizations as soon as possible when a formal employee sanctions process is initiated, identifying the individual sanctioned and the reason for the sanction.

Click here to enter text.

CONTINUOUS MONITORING STRATEGY

Click here to enter text.



    1. Download 0.65 Mb.

      Share with your friends:
1   ...   8   9   10   11   12   13   14   15   16




The database is protected by copyright ©ininet.org 2024
send message

    Main page