Security Control Implementation Phase 3 Q3
- The following artifacts /deliverables are developed at this phase
- System Security Plan (SSP)-Most important document (status of control implemented or plan to be implemented)
- Configuration Management Plan (CMP)-(System baseline and change control process)
- Contingency Plan (CP)- (Plan B if disaster occur)
- Contingency Plan Test – (Test to evaluate adequacy)
- The implementation and creation of relevant artifact for this phase is normally the responsibility of the system owner
- A C&A analyst might be asked to assist in the development of the artifacts (C&A analyst collects information from the system owner or system Point of Contact (POC) and incorporate it into existing templates).
NIST Publications
- SP 800-18-Guide for developing SSP
- SP 800-53- NIST Recommend security controls
- FIPS 200- Minimum Control
- SP -800-128- Guide for configuration Management
- SP 800-70- National checklist Program for IT Product
- SP 800-34-Guide for contingency planning
- NIST 800-84-Guide to Test, Training, and Exercise Programs
- NIST SP 800-122- Guide to Protecting the Confidentiality of PII
error: Content is protected !!
Login
Accessing this course requires a login. Please enter your credentials below!