System 安全 Plan
A System 安全 Plan (SSP) is a document that describes the security controls associated with a given system. Each SSP shall be developed in accordance with the guidelines contained in the National Institute of 标准 and Technology (NIST) Special Publication (SP) 800-18, Guide for Developing 安全 Plans for Information Technology Systems, and applicable risk mitigation guidance and standards. As such, the Information 安全 Office has developed a System 安全 Plan Template.
The SSP documents the following elements of a given system:
- A description of the system’s purpose and operational function.
- The classification of sensitivity of the data that will be stored, 加工过的, or transmitted via the system.
- The point of contact, roles, and responsibilities associated with a system and its security controls.
- The current state of a given security control (for example: non-existent, 计划, partially implemented, or fully implemented).
- The detailed description of the implementation of a given security control including any technical, administrative, or physical requirements.
- Identification and description of any dependencies and connections between the information system and any other systems.
- Each SSP shall be developed in accordance with the guidelines contained in National Institute of 标准 and Technology (NIST) Special Publication (SP) 800-18, Guide for Developing 安全 Plans for Information Technology Systems, and applicable risk mitigation guidance and standards.