1 Preparing a System Security Plan. 2 Overview Define a Security Plan Pitfalls to avoid Required...
-
Upload
susan-loren-rogers -
Category
Documents
-
view
215 -
download
0
Transcript of 1 Preparing a System Security Plan. 2 Overview Define a Security Plan Pitfalls to avoid Required...
![Page 1: 1 Preparing a System Security Plan. 2 Overview Define a Security Plan Pitfalls to avoid Required Documents Contents of the SSP The profile Certification.](https://reader034.fdocuments.in/reader034/viewer/2022051516/56649e175503460f94b02ec7/html5/thumbnails/1.jpg)
1
Preparing a System Security Plan
![Page 2: 1 Preparing a System Security Plan. 2 Overview Define a Security Plan Pitfalls to avoid Required Documents Contents of the SSP The profile Certification.](https://reader034.fdocuments.in/reader034/viewer/2022051516/56649e175503460f94b02ec7/html5/thumbnails/2.jpg)
2
Overview
Define a Security Plan
Pitfalls to avoid
Required Documents
Contents of the SSP
The profile
Certification
![Page 3: 1 Preparing a System Security Plan. 2 Overview Define a Security Plan Pitfalls to avoid Required Documents Contents of the SSP The profile Certification.](https://reader034.fdocuments.in/reader034/viewer/2022051516/56649e175503460f94b02ec7/html5/thumbnails/3.jpg)
3
What is a System Security Plan (SSP)?
• The SSP is the user’s guide for operating your system.
• The SSP contains specific procedures and processes.
• Has two parts: Written instructions and a technical information.• The written instruction provides all the explanations and steps necessary for a non-technical user to operate the system.• The profile only list the technical information.
![Page 4: 1 Preparing a System Security Plan. 2 Overview Define a Security Plan Pitfalls to avoid Required Documents Contents of the SSP The profile Certification.](https://reader034.fdocuments.in/reader034/viewer/2022051516/56649e175503460f94b02ec7/html5/thumbnails/4.jpg)
4
Pitfalls to avoid
• Failure to submit a cover letter
• Not providing detailed information
• Use of generic phrases e.g. If feasible, When applicable, If possible, etc
• Referring users to the profile for additional explanations
![Page 5: 1 Preparing a System Security Plan. 2 Overview Define a Security Plan Pitfalls to avoid Required Documents Contents of the SSP The profile Certification.](https://reader034.fdocuments.in/reader034/viewer/2022051516/56649e175503460f94b02ec7/html5/thumbnails/5.jpg)
5
Pitfalls to avoid
• Failure to submit all required documents
• Completely re-writing a plan instead of only making suggested changes
• Failure to verify information in SSP to the profile
![Page 6: 1 Preparing a System Security Plan. 2 Overview Define a Security Plan Pitfalls to avoid Required Documents Contents of the SSP The profile Certification.](https://reader034.fdocuments.in/reader034/viewer/2022051516/56649e175503460f94b02ec7/html5/thumbnails/6.jpg)
6
Required Documents
• Cover Letter
• SSP
• Profile
• Certification
• Network Security Plans or MOA/MOU for outside connections
• Customer letters
• Approved Variance letters
![Page 7: 1 Preparing a System Security Plan. 2 Overview Define a Security Plan Pitfalls to avoid Required Documents Contents of the SSP The profile Certification.](https://reader034.fdocuments.in/reader034/viewer/2022051516/56649e175503460f94b02ec7/html5/thumbnails/7.jpg)
7
Preparing the Security Plan
![Page 8: 1 Preparing a System Security Plan. 2 Overview Define a Security Plan Pitfalls to avoid Required Documents Contents of the SSP The profile Certification.](https://reader034.fdocuments.in/reader034/viewer/2022051516/56649e175503460f94b02ec7/html5/thumbnails/8.jpg)
8
• Cover Page
• Revision Log
![Page 9: 1 Preparing a System Security Plan. 2 Overview Define a Security Plan Pitfalls to avoid Required Documents Contents of the SSP The profile Certification.](https://reader034.fdocuments.in/reader034/viewer/2022051516/56649e175503460f94b02ec7/html5/thumbnails/9.jpg)
9
Cover Page Requirements
• Facility Name and address
• Cage Code
• Type of Plan
• Protection Level
• Operating Environment
• Outside Connections
• Date and Revision number
Revision Log
• Must be completed with each revision.
![Page 10: 1 Preparing a System Security Plan. 2 Overview Define a Security Plan Pitfalls to avoid Required Documents Contents of the SSP The profile Certification.](https://reader034.fdocuments.in/reader034/viewer/2022051516/56649e175503460f94b02ec7/html5/thumbnails/10.jpg)
10
1. Introduction
![Page 11: 1 Preparing a System Security Plan. 2 Overview Define a Security Plan Pitfalls to avoid Required Documents Contents of the SSP The profile Certification.](https://reader034.fdocuments.in/reader034/viewer/2022051516/56649e175503460f94b02ec7/html5/thumbnails/11.jpg)
11
Introduction
• Purpose
• Identifies the purpose of the document
• Identifies the purpose of the System
• List of Attachments
![Page 12: 1 Preparing a System Security Plan. 2 Overview Define a Security Plan Pitfalls to avoid Required Documents Contents of the SSP The profile Certification.](https://reader034.fdocuments.in/reader034/viewer/2022051516/56649e175503460f94b02ec7/html5/thumbnails/12.jpg)
12
Introduction
•Scope
• Identifies the range of operations
• Protection Level
• Classification Level
• Confidentiality, Integrity, Availability
• Type of system
• Categories of Information and formal access requirements
• Operating Environment
• Alternate Site Processing
![Page 13: 1 Preparing a System Security Plan. 2 Overview Define a Security Plan Pitfalls to avoid Required Documents Contents of the SSP The profile Certification.](https://reader034.fdocuments.in/reader034/viewer/2022051516/56649e175503460f94b02ec7/html5/thumbnails/13.jpg)
13
2. Personnel Management
![Page 14: 1 Preparing a System Security Plan. 2 Overview Define a Security Plan Pitfalls to avoid Required Documents Contents of the SSP The profile Certification.](https://reader034.fdocuments.in/reader034/viewer/2022051516/56649e175503460f94b02ec7/html5/thumbnails/14.jpg)
14
Personnel Responsibilities
• Contractor Management
• How is the security policy supported by Management
• ISSM Responsibilities
• May be listed exactly from the NISPOM
• ISSO Responsibilities
• May be listed exactly from the NISPOM or may be tailored to what you want this person to do.
• If using the ISSO Delegation Record, compare duties.
![Page 15: 1 Preparing a System Security Plan. 2 Overview Define a Security Plan Pitfalls to avoid Required Documents Contents of the SSP The profile Certification.](https://reader034.fdocuments.in/reader034/viewer/2022051516/56649e175503460f94b02ec7/html5/thumbnails/15.jpg)
15
Personnel Responsibilities
• Users
• Privileged Users
• Other than the ISSM and ISSO.
• What are these users allowed to do on your system.
• General Users
• What are these users allowed to do on your system
![Page 16: 1 Preparing a System Security Plan. 2 Overview Define a Security Plan Pitfalls to avoid Required Documents Contents of the SSP The profile Certification.](https://reader034.fdocuments.in/reader034/viewer/2022051516/56649e175503460f94b02ec7/html5/thumbnails/16.jpg)
16
3. Certification and Accreditation
![Page 17: 1 Preparing a System Security Plan. 2 Overview Define a Security Plan Pitfalls to avoid Required Documents Contents of the SSP The profile Certification.](https://reader034.fdocuments.in/reader034/viewer/2022051516/56649e175503460f94b02ec7/html5/thumbnails/17.jpg)
17
Certification and Accreditation
• Certification
• Explain your certification process
• Accreditation
• Explain the accreditation process
• Reaccreditation
• Explain when reaccreditation is required and the process
![Page 18: 1 Preparing a System Security Plan. 2 Overview Define a Security Plan Pitfalls to avoid Required Documents Contents of the SSP The profile Certification.](https://reader034.fdocuments.in/reader034/viewer/2022051516/56649e175503460f94b02ec7/html5/thumbnails/18.jpg)
18
Certification and Accreditation
• Certification of Similar Systems
• Certification process
• Define a similar system
•Security Testing
• Purpose
• Describe the frequency
• Self Inspections
• Describe the frequency
• Explain what will be inspected
![Page 19: 1 Preparing a System Security Plan. 2 Overview Define a Security Plan Pitfalls to avoid Required Documents Contents of the SSP The profile Certification.](https://reader034.fdocuments.in/reader034/viewer/2022051516/56649e175503460f94b02ec7/html5/thumbnails/19.jpg)
19
4. System Identification and Requirements (SIRS)
![Page 20: 1 Preparing a System Security Plan. 2 Overview Define a Security Plan Pitfalls to avoid Required Documents Contents of the SSP The profile Certification.](https://reader034.fdocuments.in/reader034/viewer/2022051516/56649e175503460f94b02ec7/html5/thumbnails/20.jpg)
20
System Identification and Requirements Specification
• Pure Servers (8-503)
• Provides non interactive service (e.g. messaging service)
• No user access
• No user code
This is the beginning of the technical information and procedures for your system.
![Page 21: 1 Preparing a System Security Plan. 2 Overview Define a Security Plan Pitfalls to avoid Required Documents Contents of the SSP The profile Certification.](https://reader034.fdocuments.in/reader034/viewer/2022051516/56649e175503460f94b02ec7/html5/thumbnails/21.jpg)
21
System Identification and Requirements Specification
• Tactical, Embedded, Data Acquisition, and Special Purpose Systems (8-504)
• No General users
• No user code
• Mobile Systems (8-308)
• A system that is used for classified processing outside your facilities cage code.
• May be at another Contractor or a Government site
![Page 22: 1 Preparing a System Security Plan. 2 Overview Define a Security Plan Pitfalls to avoid Required Documents Contents of the SSP The profile Certification.](https://reader034.fdocuments.in/reader034/viewer/2022051516/56649e175503460f94b02ec7/html5/thumbnails/22.jpg)
22
5. Protection Measures
![Page 23: 1 Preparing a System Security Plan. 2 Overview Define a Security Plan Pitfalls to avoid Required Documents Contents of the SSP The profile Certification.](https://reader034.fdocuments.in/reader034/viewer/2022051516/56649e175503460f94b02ec7/html5/thumbnails/23.jpg)
23
Protection Measures
• Accounts and Logons
• Identification and Management
• Are logons being used
• Explain how you create unique user IDs
• Explain how authenticators (passwords) are created and passed to the user
![Page 24: 1 Preparing a System Security Plan. 2 Overview Define a Security Plan Pitfalls to avoid Required Documents Contents of the SSP The profile Certification.](https://reader034.fdocuments.in/reader034/viewer/2022051516/56649e175503460f94b02ec7/html5/thumbnails/24.jpg)
24
Protection Measures
• Accounts and Logons
• Requirements for Passwords
• Identify password length
• Password lifetime
• Password complexity
• Guidelines for User Generated Passwords
• Explain the requirements users are to follow
![Page 25: 1 Preparing a System Security Plan. 2 Overview Define a Security Plan Pitfalls to avoid Required Documents Contents of the SSP The profile Certification.](https://reader034.fdocuments.in/reader034/viewer/2022051516/56649e175503460f94b02ec7/html5/thumbnails/25.jpg)
25
Protection Measures
• Accounts and Logons
• Generic or Group Accounts
• Are these accounts authorized
• Explain the purpose
• Explain the access procedures
![Page 26: 1 Preparing a System Security Plan. 2 Overview Define a Security Plan Pitfalls to avoid Required Documents Contents of the SSP The profile Certification.](https://reader034.fdocuments.in/reader034/viewer/2022051516/56649e175503460f94b02ec7/html5/thumbnails/26.jpg)
26
Protection Measures
• Session Controls
• Logon Banner Requirements
• Are you using the most current banner
• How is the banner displayed
• Action to remove the banner
![Page 27: 1 Preparing a System Security Plan. 2 Overview Define a Security Plan Pitfalls to avoid Required Documents Contents of the SSP The profile Certification.](https://reader034.fdocuments.in/reader034/viewer/2022051516/56649e175503460f94b02ec7/html5/thumbnails/27.jpg)
27
Protection Measures
• Session Controls
• Successive Logon Attempt Controls
• Are they controlled?
•Define the number of unsuccessful logon attempts before the account is locked
• Explain your procedures for unlocking an account
• System Entry Conditions
• Explain how a user accesses the system
![Page 28: 1 Preparing a System Security Plan. 2 Overview Define a Security Plan Pitfalls to avoid Required Documents Contents of the SSP The profile Certification.](https://reader034.fdocuments.in/reader034/viewer/2022051516/56649e175503460f94b02ec7/html5/thumbnails/28.jpg)
28
Protection Measures
• Access Controls
• Explain what technical and physical controls are in place to protect the system.
• BIOS Protection
• Boot Sequence
• Seals
• Removable Hard drive protection
![Page 29: 1 Preparing a System Security Plan. 2 Overview Define a Security Plan Pitfalls to avoid Required Documents Contents of the SSP The profile Certification.](https://reader034.fdocuments.in/reader034/viewer/2022051516/56649e175503460f94b02ec7/html5/thumbnails/29.jpg)
29
Protection Measures
• Audit Requirements
• Frequency of Audits
• Audit Configuration and Settings
• Audit Management Overflow
• Manual Logs required to be audited
• List procedures if a variance is approved
![Page 30: 1 Preparing a System Security Plan. 2 Overview Define a Security Plan Pitfalls to avoid Required Documents Contents of the SSP The profile Certification.](https://reader034.fdocuments.in/reader034/viewer/2022051516/56649e175503460f94b02ec7/html5/thumbnails/30.jpg)
30
Protection Measures
• System Recovery and Assurances
• Explain how you are going to recover and certify your system in a controlled manner
• Virus and Malicious Code Detection
• Explain how you will detect malicious code
• Explain procedures for updating antivirus definition files
• Data Transmission Protection
• Explain how data is transmitted
![Page 31: 1 Preparing a System Security Plan. 2 Overview Define a Security Plan Pitfalls to avoid Required Documents Contents of the SSP The profile Certification.](https://reader034.fdocuments.in/reader034/viewer/2022051516/56649e175503460f94b02ec7/html5/thumbnails/31.jpg)
31
Protection Measures
• Clearance and Sanitization
• Clearing
• Authorized
• Method used
• Sanitization
• Authorized
• Method used
![Page 32: 1 Preparing a System Security Plan. 2 Overview Define a Security Plan Pitfalls to avoid Required Documents Contents of the SSP The profile Certification.](https://reader034.fdocuments.in/reader034/viewer/2022051516/56649e175503460f94b02ec7/html5/thumbnails/32.jpg)
32
Protection Measures
• Protection Measure Variances
• Identify any approved variances
• Include a copy of the letter in the profile
![Page 33: 1 Preparing a System Security Plan. 2 Overview Define a Security Plan Pitfalls to avoid Required Documents Contents of the SSP The profile Certification.](https://reader034.fdocuments.in/reader034/viewer/2022051516/56649e175503460f94b02ec7/html5/thumbnails/33.jpg)
33
6. Personnel Security
![Page 34: 1 Preparing a System Security Plan. 2 Overview Define a Security Plan Pitfalls to avoid Required Documents Contents of the SSP The profile Certification.](https://reader034.fdocuments.in/reader034/viewer/2022051516/56649e175503460f94b02ec7/html5/thumbnails/34.jpg)
34
Personnel Security
• Personnel Access to IS
• Identify specific requirements users must meet before accessing the system
• Security Education
• Initial Training Requirements
• Explain your training requirements
• Ongoing IS Security Education Programs
• Describe your ongoing security education program
![Page 35: 1 Preparing a System Security Plan. 2 Overview Define a Security Plan Pitfalls to avoid Required Documents Contents of the SSP The profile Certification.](https://reader034.fdocuments.in/reader034/viewer/2022051516/56649e175503460f94b02ec7/html5/thumbnails/35.jpg)
35
7. Physical Security
![Page 36: 1 Preparing a System Security Plan. 2 Overview Define a Security Plan Pitfalls to avoid Required Documents Contents of the SSP The profile Certification.](https://reader034.fdocuments.in/reader034/viewer/2022051516/56649e175503460f94b02ec7/html5/thumbnails/36.jpg)
36
Physical Security
• Operating Environment
• You cannot identify multiple operating environments.
• Briefly describe your environment
![Page 37: 1 Preparing a System Security Plan. 2 Overview Define a Security Plan Pitfalls to avoid Required Documents Contents of the SSP The profile Certification.](https://reader034.fdocuments.in/reader034/viewer/2022051516/56649e175503460f94b02ec7/html5/thumbnails/37.jpg)
37
8. Maintenance
![Page 38: 1 Preparing a System Security Plan. 2 Overview Define a Security Plan Pitfalls to avoid Required Documents Contents of the SSP The profile Certification.](https://reader034.fdocuments.in/reader034/viewer/2022051516/56649e175503460f94b02ec7/html5/thumbnails/38.jpg)
38
Maintenance
• Facility Maintenance Policy
• Describe how maintenance will be performed and by whom
• Cleared Maintenance Personnel
• Uncleared Maintenance Personnel
• Explain procedures for using uncleared personnel
![Page 39: 1 Preparing a System Security Plan. 2 Overview Define a Security Plan Pitfalls to avoid Required Documents Contents of the SSP The profile Certification.](https://reader034.fdocuments.in/reader034/viewer/2022051516/56649e175503460f94b02ec7/html5/thumbnails/39.jpg)
39
9. Media Controls
![Page 40: 1 Preparing a System Security Plan. 2 Overview Define a Security Plan Pitfalls to avoid Required Documents Contents of the SSP The profile Certification.](https://reader034.fdocuments.in/reader034/viewer/2022051516/56649e175503460f94b02ec7/html5/thumbnails/40.jpg)
40
Media Controls
• Classified Media
• Define and provide examples
• Protected Media
• Define and provide examples
• Unclassified or Lower Classified Media
• Define and explain its use
• Media Destruction
• Explain how media is destroyed.
![Page 41: 1 Preparing a System Security Plan. 2 Overview Define a Security Plan Pitfalls to avoid Required Documents Contents of the SSP The profile Certification.](https://reader034.fdocuments.in/reader034/viewer/2022051516/56649e175503460f94b02ec7/html5/thumbnails/41.jpg)
41
10. Output Procedures
![Page 42: 1 Preparing a System Security Plan. 2 Overview Define a Security Plan Pitfalls to avoid Required Documents Contents of the SSP The profile Certification.](https://reader034.fdocuments.in/reader034/viewer/2022051516/56649e175503460f94b02ec7/html5/thumbnails/42.jpg)
42
Output Procedures
• Hardcopy Output Review
• Define and provide procedures for review
• Verify with hardware list to ensure you have a printer identified
• Media Review and Trusted Downloading
• Authorized
• Method used
• DSS Approved procedures
• Non Approved procedures
![Page 43: 1 Preparing a System Security Plan. 2 Overview Define a Security Plan Pitfalls to avoid Required Documents Contents of the SSP The profile Certification.](https://reader034.fdocuments.in/reader034/viewer/2022051516/56649e175503460f94b02ec7/html5/thumbnails/43.jpg)
43
11. Upgrade and Downgrade Procedures
![Page 44: 1 Preparing a System Security Plan. 2 Overview Define a Security Plan Pitfalls to avoid Required Documents Contents of the SSP The profile Certification.](https://reader034.fdocuments.in/reader034/viewer/2022051516/56649e175503460f94b02ec7/html5/thumbnails/44.jpg)
44
Upgrade and Downgrade Procedures
• These procedures are required if operating in a Restricted Area, MPF, when using removable hard drives, or when performing periods processing
• Procedures are specific to each system
• Upgrade/Startup Procedure• Compare to your Upgrade Log
• Downgrade/Shutdown Procedure• Compare to your Downgrade Log
• Periods Processing• Authorized
![Page 45: 1 Preparing a System Security Plan. 2 Overview Define a Security Plan Pitfalls to avoid Required Documents Contents of the SSP The profile Certification.](https://reader034.fdocuments.in/reader034/viewer/2022051516/56649e175503460f94b02ec7/html5/thumbnails/45.jpg)
45
12. Markings
![Page 46: 1 Preparing a System Security Plan. 2 Overview Define a Security Plan Pitfalls to avoid Required Documents Contents of the SSP The profile Certification.](https://reader034.fdocuments.in/reader034/viewer/2022051516/56649e175503460f94b02ec7/html5/thumbnails/46.jpg)
46
Marking
• IS Hardware Components
• List the documents that govern marking
• Classified marking requirements
• Markings for co-located systems
![Page 47: 1 Preparing a System Security Plan. 2 Overview Define a Security Plan Pitfalls to avoid Required Documents Contents of the SSP The profile Certification.](https://reader034.fdocuments.in/reader034/viewer/2022051516/56649e175503460f94b02ec7/html5/thumbnails/47.jpg)
47
Marking
• Media
• Unclassified Media Markings
• Classified Media Markings
• Overall classification level
• Applicable special markings e.g. NATO,
• Unclassified Title
• Creation date
• Derived from
• Declassify on
![Page 48: 1 Preparing a System Security Plan. 2 Overview Define a Security Plan Pitfalls to avoid Required Documents Contents of the SSP The profile Certification.](https://reader034.fdocuments.in/reader034/viewer/2022051516/56649e175503460f94b02ec7/html5/thumbnails/48.jpg)
48
13. Configuration Management Plan and System Configuration
![Page 49: 1 Preparing a System Security Plan. 2 Overview Define a Security Plan Pitfalls to avoid Required Documents Contents of the SSP The profile Certification.](https://reader034.fdocuments.in/reader034/viewer/2022051516/56649e175503460f94b02ec7/html5/thumbnails/49.jpg)
49
Configuration Management Plan and System Configuration
• Configuration Management (CM)
• The Configuration Management Program ensures that protection features are implemented and maintained on the system. This includes a formal change control process of all security relevant aspects of the system.
• Specify who is responsible for authorizing security relevant changes
• Explain how changes are documented
• Explain how the CM process is evaluated and frequency
![Page 50: 1 Preparing a System Security Plan. 2 Overview Define a Security Plan Pitfalls to avoid Required Documents Contents of the SSP The profile Certification.](https://reader034.fdocuments.in/reader034/viewer/2022051516/56649e175503460f94b02ec7/html5/thumbnails/50.jpg)
50
Configuration Management Plan and System Configuration
• System Configuration
• Hardware Description
• Provide a generic description of your hardware e.g. Desktops, laptops, networked, non networked, etc.
• List only the equipment that applies to your system
• Hardware Requirements
• Identify requirements that must be met prior to processing
![Page 51: 1 Preparing a System Security Plan. 2 Overview Define a Security Plan Pitfalls to avoid Required Documents Contents of the SSP The profile Certification.](https://reader034.fdocuments.in/reader034/viewer/2022051516/56649e175503460f94b02ec7/html5/thumbnails/51.jpg)
51
Configuration Management Plan and System Configuration
Change Control Procedures for Hardware
• Addition of Hardware
• List procedures to be followed when adding hardware
• Removal of Hardware
• List procedures to be followed when adding software
• Reconfiguration of Hardware
• List procedures to be followed when reconfiguring hardware
• Who is authorized to reconfigure the system
![Page 52: 1 Preparing a System Security Plan. 2 Overview Define a Security Plan Pitfalls to avoid Required Documents Contents of the SSP The profile Certification.](https://reader034.fdocuments.in/reader034/viewer/2022051516/56649e175503460f94b02ec7/html5/thumbnails/52.jpg)
52
Configuration Management Plan and System Configuration
• Software Description
• Provide a generic description of the software authorized for use on the system
• Software Requirements
• Identify limitations on the type of software that can be used
• Identify protection requirements
• Explain how software is introduced to the system
• Address software development
• Address malicious code
![Page 53: 1 Preparing a System Security Plan. 2 Overview Define a Security Plan Pitfalls to avoid Required Documents Contents of the SSP The profile Certification.](https://reader034.fdocuments.in/reader034/viewer/2022051516/56649e175503460f94b02ec7/html5/thumbnails/53.jpg)
53
Configuration Management Plan and System Configuration
• Change Control Procedures for Software
• Addition of Software
• Identify who authorizes the addition of software
• Identify what types of software can be added and by whom
• Explain the documentation requirements for adding software
![Page 54: 1 Preparing a System Security Plan. 2 Overview Define a Security Plan Pitfalls to avoid Required Documents Contents of the SSP The profile Certification.](https://reader034.fdocuments.in/reader034/viewer/2022051516/56649e175503460f94b02ec7/html5/thumbnails/54.jpg)
54
Configuration Management Plan and System Configuration
• Change Control Procedures for Software
• Removal of Software
• Identify who authorizes the removal of the software
• Identify what types of software can be removed and by whom
• Explain the documentation requirements for removing software
• Other SSP Changes
• Who is authorized to make changes to the security plan
![Page 55: 1 Preparing a System Security Plan. 2 Overview Define a Security Plan Pitfalls to avoid Required Documents Contents of the SSP The profile Certification.](https://reader034.fdocuments.in/reader034/viewer/2022051516/56649e175503460f94b02ec7/html5/thumbnails/55.jpg)
55
14. System Specific Risks and Vulnerabilities
![Page 56: 1 Preparing a System Security Plan. 2 Overview Define a Security Plan Pitfalls to avoid Required Documents Contents of the SSP The profile Certification.](https://reader034.fdocuments.in/reader034/viewer/2022051516/56649e175503460f94b02ec7/html5/thumbnails/56.jpg)
56
System Specific Risks and Vulnerabilities
• Risk Assessment
• Risk assessment is the process of analyzing threats and vulnerabilities of an IS and potential impact resulting from the loss of information or capabilities of a system.
• You must identify if there are any unique local threats
![Page 57: 1 Preparing a System Security Plan. 2 Overview Define a Security Plan Pitfalls to avoid Required Documents Contents of the SSP The profile Certification.](https://reader034.fdocuments.in/reader034/viewer/2022051516/56649e175503460f94b02ec7/html5/thumbnails/57.jpg)
57
15. Network Security
![Page 58: 1 Preparing a System Security Plan. 2 Overview Define a Security Plan Pitfalls to avoid Required Documents Contents of the SSP The profile Certification.](https://reader034.fdocuments.in/reader034/viewer/2022051516/56649e175503460f94b02ec7/html5/thumbnails/58.jpg)
58
Network Security
• Network Description
• Describe your network
• Unified
• Interconnected
• Network Management Protections
• Describe any physical or logical protections for network devices and cabling
![Page 59: 1 Preparing a System Security Plan. 2 Overview Define a Security Plan Pitfalls to avoid Required Documents Contents of the SSP The profile Certification.](https://reader034.fdocuments.in/reader034/viewer/2022051516/56649e175503460f94b02ec7/html5/thumbnails/59.jpg)
59
System Profile
![Page 60: 1 Preparing a System Security Plan. 2 Overview Define a Security Plan Pitfalls to avoid Required Documents Contents of the SSP The profile Certification.](https://reader034.fdocuments.in/reader034/viewer/2022051516/56649e175503460f94b02ec7/html5/thumbnails/60.jpg)
60
• Profile
• Contains specific technical information about the system
• Must be compared to appropriate paragraph in the SSP
• Does not contain routine procedures
• Does contain special procedures
![Page 61: 1 Preparing a System Security Plan. 2 Overview Define a Security Plan Pitfalls to avoid Required Documents Contents of the SSP The profile Certification.](https://reader034.fdocuments.in/reader034/viewer/2022051516/56649e175503460f94b02ec7/html5/thumbnails/61.jpg)
61
System Certification
![Page 62: 1 Preparing a System Security Plan. 2 Overview Define a Security Plan Pitfalls to avoid Required Documents Contents of the SSP The profile Certification.](https://reader034.fdocuments.in/reader034/viewer/2022051516/56649e175503460f94b02ec7/html5/thumbnails/62.jpg)
62
• Certification
• Physical inspection of your system
• Written documentation to DSS that the system meets all NISPOM requirements
• Certification Test Guide
• NISP Tool
![Page 63: 1 Preparing a System Security Plan. 2 Overview Define a Security Plan Pitfalls to avoid Required Documents Contents of the SSP The profile Certification.](https://reader034.fdocuments.in/reader034/viewer/2022051516/56649e175503460f94b02ec7/html5/thumbnails/63.jpg)
63
Summary
• Required Documentation
• Requirements of the SSP
• Requirements of the profile
• Certification
![Page 64: 1 Preparing a System Security Plan. 2 Overview Define a Security Plan Pitfalls to avoid Required Documents Contents of the SSP The profile Certification.](https://reader034.fdocuments.in/reader034/viewer/2022051516/56649e175503460f94b02ec7/html5/thumbnails/64.jpg)
64
Questions