System 安全 Plan

A System 安全 Plan (SSP) is a document that describes the security controls associated with a given system. Each SSP shall be developed in accordance with the guidelines contained in the National Institute of 标准 and Technology (NIST) Special Publication (SP) 800-18, Guide for Developing 安全 Plans for Information Technology Systems, and applicable risk mitigation guidance and standards. As such, the Information 安全 Office has developed a System 安全 Plan Template.

The SSP documents the following elements of a given system:

• A description of the system’s purpose and operational function.
• The classification of sensitivity of the data that will be stored, 加工过的, or transmitted via the system.
• The point of contact, roles, and responsibilities associated with a system and its security controls.
• The current state of a given security control (for example: non-existent, 计划, partially implemented, or fully implemented).
• The detailed description of the implementation of a given security control including any technical, administrative, or physical requirements.
• Identification and description of any dependencies and connections between the information system and any other systems.
• Each SSP shall be developed in accordance with the guidelines contained in National Institute of 标准 and Technology (NIST) Special Publication (SP) 800-18, Guide for Developing 安全 Plans for Information Technology Systems, and applicable risk mitigation guidance and standards.