Dss electronic communications plan template



Download 196.03 Kb.
Page1/12
Date conversion02.06.2016
Size196.03 Kb.
  1   2   3   4   5   6   7   8   9   ...   12



Defense Security Service

Office of the Designated

Approving Authority
Defense Security Service

Defense Security Service

Defense Security Service


DSS ELECTRONIC COMMUNICATIONS PLAN TEMPLATE

September 2011




Defense Security Service

Electronic Communications Plan TEMPLATE

Date:

Company:





Address:




Cage Code:




ODAA Unique Identifier:




Table of Contents

1. INTRODUCTION 6

1. INTRODUCTION 6

2. PURPOSE 6

2. PURPOSE 6

3. ROLES/PERSONNEL SECURITY 7

3. ROLES/PERSONNEL SECURITY 7

4. DETAILED SYSTEM DESCRIPTION/TECHNICAL OVERVIEW 7

4. DETAILED SYSTEM DESCRIPTION/TECHNICAL OVERVIEW 7

5. IDENTIFICATION AND AUTHENTICATION POLICY AND PROCEDURES 7

5. IDENTIFICATION AND AUTHENTICATION POLICY AND PROCEDURES 7

5.1 USER IDENTIFICATION AND AUTHENTICATION 7

5.2 DEVICE IDENTIFICATION AND AUTHENTICATION 7

5.3 IDENTIFIER MANAGEMENT 7

5.4 AUTHENTICATOR MANAGEMENT 8

5.5 ACCESS CONTROL POLICY AND PROCEDURES 8

5.6 ACCOUNT MANAGEMENT 9

5.7 ACCESS ENFORCEMENT 10

5.8 INFORMATION FLOW ENFORCEMENT 10

5.9 SEPARATION OF DUTIES 11

5.10 LEAST PRIVILEGE 11

5.11 UNSUCCESSFUL LOGIN ATTEMPTS 11

5.12 SYSTEM USE NOTIFICATION 12

5.13 SESSION LOCK 12

5.15 SUPERVISION AND REVIEW — ACCESS CONTROL 13

5.16 REMOTE ACCESS 13

5.17 USE OF EXTERNAL INFORMATION SYSTEMS 14

6. SECURITY AWARENESS AND TRAINING POLICY AND PROCEDURES 15

6. SECURITY AWARENESS AND TRAINING POLICY AND PROCEDURES 15

6.1 SECURITY TRAINING 15

7. AUDIT AND ACCOUNTABILITY POLICY AND PROCEDURES 16

7. AUDIT AND ACCOUNTABILITY POLICY AND PROCEDURES 16

7.1 AUDITABLE EVENTS 16

7.2 CONTENT OF AUDIT RECORDS 16

7.3 AUDIT STORAGE CAPACITY 16

7.4 AUDIT MONITORING, ANALYSIS, AND REPORTING 16

7.5 TIME STAMPS 17

7.6 PROTECTION OF AUDIT INFORMATION 17

7.7 CONTINUOUS MONITORING 17

8. CONFIGURATION MANAGEMENT POLICY AND PROCEDURES 17

8. CONFIGURATION MANAGEMENT POLICY AND PROCEDURES 17

8.1 MONITORING CONFIGURATION CHANGES 18

8.2 ACCESS RESTRICTIONS FOR CHANGE 18

8.3 LEAST FUNCTIONALITY 19

9. INCIDENT RESPONSE 19

9. INCIDENT RESPONSE 19

9.1 INCIDENT RESPONSE POLICY AND PROCEDURES 19

9.2 INCIDENT RESPONSE TRAINING 19

9.3 INCIDENT RESPONSE TESTING AND EXERCISES 19

9.4 INCIDENT HANDLING 20

9.5 INCIDENT MONITORING 20

9.6 INCIDENT REPORTING 20

9.7 INCIDENT RESPONSE ASSISTANCE 20

10. PHYSICAL AND ENVIRONMENTAL PROTECTION 20

10. PHYSICAL AND ENVIRONMENTAL PROTECTION 20

10.1 PHYSICAL AND ENVIRONMENTAL PROTECTION POLICY AND PROCEDURES 20

10.2 PHYSICAL ACCESS AUTHORIZATIONS 21

10.3 PHYSICAL ACCESS CONTROL 21

10.4 MONITORING PHYSICAL ACCESS 21

11. CONTINGENCY PLANNING AND OPERATION 22

11. CONTINGENCY PLANNING AND OPERATION 22

11.1 CONTINGENCY PLANNING POLICY AND PROCEDURES 22

11.2 CONTINGENCY PLAN 22

11.3 INFORMATION SYSTEM RECOVERY AND RECONSTITUTION 22

12. SYSTEM AND COMMUNICATIONS PROTECTIONS 22

12. SYSTEM AND COMMUNICATIONS PROTECTIONS 22

12.1 SYSTEM AND COMMUNICATIONS PROTECTION POLICY AND PROCEDURES 22

13. APPLICATION PARTITIONING (IF APPLICABLE) 22

13. APPLICATION PARTITIONING (IF APPLICABLE) 22

13.1 INFORMATION REMNANCE 23

13.2 DENIAL OF SERVICE PROTECTION 23

13.3 BOUNDARY PROTECTION 23

13.4 TRANSMISSION INTEGRITY 24

13.5 TRANSMISSION CONFIDENTIALITY 24

13.6 NETWORK DISCONNECT 25

13.7 CRYPTOGRAPHIC KEY ESTABLISHMENT AND MANAGEMENT 25

13.8 COLLABORATIVE COMPUTING 25

13.9 MOBILE CODE 25

13.10 VOICE OVER INTERNET PROTOCOL 25

13.12 ARCHITECTURE AND PROVISIONING FOR NAME / ADDRESS RESOLUTION SERVICE 26

13.13 SESSION AUTHENTICITY 26

13.14 MALICIOUS CODE PROTECTION 26

13.15 INFORMATION SYSTEM MONITORING TOOLS AND TECHNIQUES 27

14. MAINTENANCE 28

14. MAINTENANCE 28

14.1 SYSTEM MAINTENANCE POLICY AND PROCEDURES 28

14.2 CONTROLLED MAINTENANCE 29

14.3 MAINTENANCE TOOLS 29

14.4 REMOTE MAINTENANCE 29

14.5 MAINTENANCE PERSONNEL 30

15. MEDIA PROTECTION 31

15. MEDIA PROTECTION 31

15.1 MEDIA PROTECTION POLICY AND PROCEDURES 31

15.2 MEDIA ACCESS 31

15.3 MEDIA SANITIZATION AND DISPOSAL 31

16. EXPORT CONTROL PROCEDURES 31

16. EXPORT CONTROL PROCEDURES 31

17. ADDITIONAL FOCI PROCEDURES 31

17. ADDITIONAL FOCI PROCEDURES 31

17.1 TELEPHONE PROCEDURES 31

17.2 FACSIMILE PROCEDURES 32

17.3 COMPUTER COMMUNICATIONS 32

ATTACHMENT 1 – NETWORK DIAGRAM 34

ATTACHMENT 1 – NETWORK DIAGRAM 34

ATTACHMENT 2 – EXPORT RELEASE FORMS 35

ATTACHMENT 2 – EXPORT RELEASE FORMS 35

ATTACHMENT 3 – USER ACKNOWLEDGEMENT 36



ATTACHMENT 3 – USER ACKNOWLEDGEMENT 36


  1   2   3   4   5   6   7   8   9   ...   12


The database is protected by copyright ©essaydocs.org 2016
send message

    Main page