Security Control Implementation Phase 3 Q2-2023

  • The following artifacts /deliverables are developed at this phase
    • System Security Plan (SSP)-Most important document (status of control implemented or plan to be implemented)
    • Configuration Management Plan (CMP)-(System baseline and change control process)
    • Contingency Plan (CP)- (Plan B if disaster occur)
    • Contingency Plan Test – (Test to evaluate adequacy)
    • The implementation and creation of relevant artifact for this phase is normally the responsibility of the system owner
  • A C&A analyst might be asked to assist in the development of the artifacts (C&A analyst collects information from the system owner or system Point of Contact (POC) and incorporate        it into existing templates).

NIST Publications

  • SP 800-18-Guide for developing SSP
  • SP 800-53- NIST Recommend security controls
  • FIPS 200- Minimum Control
  • SP -800-128- Guide for configuration Management
  • SP 800-70- National checklist Program for IT Product
  • SP 800-34-Guide for contingency planning
  • NIST 800-84-Guide to Test, Training, and Exercise Programs
  • NIST SP 800-122- Guide to Protecting the Confidentiality of PII
error: Content is protected !!