System Security Plan

SPS Home > Dgreath > System Security Plan

SYSTEM SECURITY PLAN (SSP)
The System Security Plan is the primary document that describes the strategy, policy, processes, and procedures provided a specified information System (IS). Specifically, it addresses five factors: availability, integrity, authentication, confidentiality, and non- repudiation in eight chapters: Security Design and Configuration (DC) Identification and Authentication (IA) Enclave and Computing Envirionment (EC) Enclave Boundary Defenses (EB) Physical and Environmental (PE) Personnel (PR) Continuity (CO) Vulnerability and Incident Management (VI) All information systems fall into one of nine security outlines according to the confidentiality of the provided content and the criticality of the information system to the organization's mission. Table 1 below provides guidance into determination of the appropriate category of mission assurance. Table 2 below provides guidance into determination of the appropriate level of confidentiality. The links provided in Table 3 will take you to the appropriate document outline.

SYSTEM SECURITY PLAN (SSP)

The System Security Plan is the primary document that describes the strategy, policy, processes, and procedures provided a specified information System (IS). Specifically, it addresses five factors: availability, integrity, authentication, confidentiality, and non- repudiation in eight chapters:

Security Design and Configuration (DC)
Identification and Authentication (IA)
Enclave and Computing Envirionment (EC)
Enclave Boundary Defenses (EB)
Physical and Environmental (PE)
Personnel (PR)
Continuity (CO)
Vulnerability and Incident Management (VI)

All information systems fall into one of nine security outlines according to the confidentiality of the provided content and the criticality of the information system to the organization's mission. Table 1 below provides guidance into determination of the appropriate category of mission assurance. Table 2 below provides guidance into determination of the appropriate level of confidentiality. The links provided in Table 3 will take you to the appropriate document outline.

Table 1 - Criticality
Mission Assurance Categories (MAC)
MAC I—Mission Essential MAC II—Mission Important MAC III—Routine

Table 2 - Confidentiality
Confidentiality Levels (CL)
Classified—Limited private access Sensitive—Limited Public and/or private access Public—Unlimited public and/or private access