System Security Plan (ssp) Categorization: Moderate-Low-Low


Security Assessment and Authorization (CA)



Download 0.65 Mb.
Page8/16
Date02.05.2018
Size0.65 Mb.
#47206
1   ...   4   5   6   7   8   9   10   11   ...   16

Security Assessment and Authorization (CA)

  1. CA-1 – Security Assessment and Authorization Policies & Procedures


Program-specific policies and procedures shall be included in the specific security controls listed below. There is no requirement for the Program to develop additional policy to meet the -1 control.

Recommended Continuous Monitoring Frequency: Quarterly

Program Frequency:




  1. Assesses the security controls in the information system and its environment of operation at least annually, or as stipulated in the organization's continuous monitoring program to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting established security requirements

Click here to enter text.

  1. Produces a security assessment report that documents the results of the assessment

Click here to enter text.

  1. Provides the results of the security control assessment to the ISSP/SCA and the AO/AO REPRESENTATIVE

Click here to enter text.

CONTINUOUS MONITORING STRATEGY

Click here to enter text.

CA-2(1) – Security Assessments: Independent Assessors



Recommended Continuous Monitoring Frequency: Annual

Program Frequency:



CONTINUOUS MONITORING STRATEGY

Click here to enter text.

      1. CA-3 – Information System Connections


After a relevance determination, this control can be tailored out for standalone IS.

Recommended Continuous Monitoring Frequency: Annual

Program Frequency:




  1. Documents, for each interconnection, the interface characteristics, security requirements, and the nature of the information communicated

Click here to enter text.

  1. Reviews and updates Interconnection Security Agreements annually.

Click here to enter text.

CONTINUOUS MONITORING STRATEGY

Click here to enter text.

CA-3(2) – Information System Connections: Classified National Security System Connections


After a relevance determination, this control can be tailored out for standalone IS and closed restricted networks.

Recommended Continuous Monitoring Frequency: Annual

Program Frequency:



CONTINUOUS MONITORING STRATEGY

Click here to enter text.

CA-3(5) – Information System Connections: Restrictions on External Network Connections



Recommended Continuous Monitoring Frequency: Annual

Program Frequency:



CONTINUOUS MONITORING STRATEGY

Click here to enter text.

      1. CA-5 – Plan of Action & Milestones


Recommended Continuous Monitoring Frequency: Quarterly

Program Frequency:




  1. Updates existing plan of action and milestones at least quarterly based on the findings from security controls assessments, security impact analyses, and continuous monitoring activities.

Click here to enter text.

CONTINUOUS MONITORING STRATEGY

Click here to enter text.

      1. CA-7 – Continuous Monitoring


Recommended Continuous Monitoring Frequency: Annual

Program Frequency:




  1. Establishment of monitoring frequency for each security control.

Click here to enter text.

  1. Ongoing security control assessments in accordance with the organizational continuous monitoring strategy.

Click here to enter text.

  1. Ongoing security status monitoring of organization-defined metrics in accordance with the organizational continuous monitoring strategy.

Click here to enter text.

  1. Correlation and analysis of security-related information generated by assessments and monitoring

Click here to enter text.

  1. Response actions to address results of the analysis of security-related information



  1. Reporting the security status of the organization and the information system to appropriate organizational officials at least annually, or whenever there is a significant change to the system or the environment in which the system operates

Click here to enter text.

CONTINUOUS MONITORING STRATEGY

Click here to enter text.

CA-7(1) – Continuous Monitoring: Independent Assessment


After a relevance determination, this control can be tailored out for standalone IS.

Recommended Continuous Monitoring Frequency: Annual

Program Frequency:



CONTINUOUS MONITORING STRATEGY

Click here to enter text.

      1. CA-9 – Internal System Connections


Recommended Continuous Monitoring Frequency: Quarterly

Program Frequency:




  1. Documents, for each internal connection, the interface characteristics, security requirements, and the nature of the information communicated

Click here to enter text.

CONTINUOUS MONITORING STRATEGY

Click here to enter text.



    1. Download 0.65 Mb.

      Share with your friends:
1   ...   4   5   6   7   8   9   10   11   ...   16




The database is protected by copyright ©ininet.org 2024
send message

    Main page