The IT Law Wiki

System security plan

32,077pages on
this wiki
Add New Page
Add New Page Talk0

Definition Edit

A system security plan is a

[f]ormal document that provides an overview of the security requirements for an information system and describes the security controls in place or planned for meeting those requirements.[1]
formal document listing the tasks necessary to meet system security requirements, a schedule for their accomplishments, and to whom responsibilities for each task are assigned.[2]

Overview Edit

OMB Circular No. A-130 requires that agencies develop system security plans for major applications and general support systems, and that these plans address policies and procedures for providing management, operational, and technical controls. NIST Special Publication 800-53 states that the security plan should be updated to address changes to the system, its environment of operation, or problems identified during plan implementation or security control assessments.

One of the controls recommended by NIST Special Publication 800-53 is the development of an inventory of an information system’s components. This inventory should, among other things, accurately reflect the current information system, be consistent with the authorized boundary of the system, and be available for review.

References Edit

  1. FIPS 200.
  2. Practices for Securing Critical Information Assets, Glossary, at 58.

See also Edit

Also on Fandom

Random Wiki