Summary Q2

  • The following artifacts/deliverables are developed at this phase
    • System Security Plan (SSP)-Most important document
    • Configuration Management Plan (CMP)
    • Contingency Plan (CP)
    • Contingency Plan Test (CPT)
  • The implementation and creation of relevant artifact for this phase is normally the responsibility of the system owner
  • A C&A analyst might be asked to assist in the development of the artifacts(C&A analyst collects information from the system owner or  system Point of Contact (POC) and incorporate  it into existing templates).
  • NIST Publications
    • SP 800-18-Guide for developing SSP
    • SP 800-53- NIST Recommend security controls
    • FIPS 200- Minimum Control
    • SP -800-128- Guide for configuration Management
    • SP 800-70- National checklist Program for IT Product
    • SP 800-34-Guide for contingency planning
    • SP 800-84-Guide to Test, Training, and Exercise Programs
    • SP 800- 47 Interconnecting Information Technology systems
error: Content is protected !!