The following artifacts /deliverables are developed at this phase
System Security Plan (SSP)-Most important document (status of control implemented or plan to be implemented)
Configuration Management Plan (CMP)-(System baseline and change control process)
Contingency Plan (CP)- (Plan B if disaster occur)
Contingency Plan Test – (Test to evaluate adequacy)
The implementation and creation of relevant artifact for this phase is normally the responsibility of the system owner
A C&A analyst might be asked to assist in the development of the artifacts (C&A analyst collects information from the system owner or system Point of Contact (POC) and incorporate it into existing templates).
NIST Publications
SP 800-18-Guide for developing SSP
SP 800-53- NIST Recommend security controls
FIPS 200- Minimum Control
SP -800-128- Guide for configuration Management
SP 800-70- National checklist Program for IT Product
SP 800-34-Guide for contingency planning
NIST 800-84-Guide to Test, Training, and Exercise Programs
NIST SP 800-122- Guide to Protecting the Confidentiality of PII
Login
Accessing this course requires a login. Please enter your credentials below!