Project: Certification and Accreditation System Security Plan.
The purpose of the system security plan (SSP) is to provide an overview of the security requirements of the system being certified. It describes the controls in place or planned for meeting those requirements. It also delineates the responsibilities and expected behaviors of all individuals who access the system. Throughout the course you will be creating selected appendices that support a system security plan (SSP).
The SSP project will be developed in four parts during the course:
- Module 1: SSP Expanded Outline and Potential Vulnerabilities Report
A template for this assignment is provided using the format in NIST Special Publication 800-18 . In addition to the NIST documentation that is linked throughout the course and in the document sharing area, you can locate SSP information in the Howard text on page 105.
Scenario:
To create the SSP for this project, you will be using your home computer system, as if it were used for a home-based business, whereby it may contain customer data and business applications critical to your operations. Although this is a home computer system, it is not completely shielded from many risks that can impact a large corporate business. Interruptions or breaches would place your business in jeopardy. For the purposes of this project, categorize this system as a Federal System in the “HIGH” risk category as defined in FIPS 199 and FIPS 200.
Project Deliverable 1:SSP Expanded Outline and Potential Vulnerabilities Report
SSP Expanded Outline
Using the SSP template (also found in Doc Sharing), complete the expanded outline by inserting a brief statement below each of the 15 sections which:
- identifies the applicability of the section to your home system
- describes the importance and purpose of the data provided in the section.
Potential Vulnerabilities Report
Utilizing your experience, classroom resources, outside references and industry tools, analyze and generate a comprehensive overview identifying the specific potential vulnerabilities of the system.
Insert this comprehensive overview into the SSP template as Appendix 1.