Appendix K: Sample System Security Plan Outline

The following sample system security plan outline is based on guidance contained in National Institute of Standards and Technology Special Publication 800-18.

Security Plan Outline

System Identification

System name

Responsible organization

Information contact(s)

Assignment of security

Operational status

General description/purpose

System environment

Technical description

Principal system components

Security software

System interconnection/information sharing

Applicable laws or regulations affecting the system

General description of information sensitivity

Confidentiality

Integrity

Availability

System risks (summarized from risk assessment)

System Controls

Management controls

Risk assessment

Planning ...

Get Official (ISC)2® Guide to the CAP® CBK®, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Official (ISC)2® Guide to the CAP® CBK®, 2nd Edition by Patrick D. Howard

Appendix K: Sample System Security Plan Outline

Security Plan Outline

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly