Appendix K: Sample System Security Plan Outline
The following sample system security plan outline is based on guidance contained in National Institute of Standards and Technology Special Publication 800-18.
Security Plan Outline
System Identification
System name
Responsible organization
Information contact(s)
Assignment of security
Operational status
General description/purpose
System environment
Technical description
Principal system components
Security software
System interconnection/information sharing
Applicable laws or regulations affecting the system
General description of information sensitivity
Confidentiality
Integrity
Availability
System risks (summarized from risk assessment)
System Controls
Management controls
Risk assessment
Planning ...
Get Official (ISC)2® Guide to the CAP® CBK®, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.