IT Security Plan Template

Download Free IT Security Plan Template
Download Free IT Security Plan Template

The purpose of the system security plan (SSP) is to provide an overview of federal information system security requirements and describe the controls in place or planned to meet those requirements. The SSP also delineates responsibilities and expected behavior of all individuals who access the information system and should be viewed as documentation of the structured process for planning adequate, cost-effective security protection for a major application or general support system. It should reflect input from various managers with responsibilities concerning the information system, including information owner(s), system owner(s), system operator(s), and the information security manager. Additional information may be included in the basic plan, and the structure and format organized according to requirements.

Each SSP is developed in accordance with the guidelines contained in National Institute of Standards and Technology (NIST) Special Publication (SP) 800-18, Guide for Developing Security Plans for Information Technology Systems, and applicable risk mitigation guidance and standards.

This document details the degree to which the conforms to recommended federal security controls and the manner in which those controls are implemented.
Intended Audience
This document is designed to be used by those parties responsible for managing and/or creating the SSP for an individual general support system or major application. System owners are organizationally responsible for conducting these activities; however, guidance and implementation assistance is frequently provided at an organizational level. Within FDIC, guidance to complete the SSP, as well as support for the activities associated with, is provided by the Security Policy and Compliance Section.

SSP Summary

is currently categorized as and is a . The referenced system has a Moderate FIPS 199 impact level and provides connectivity to the . The supports .

System Compliance with Security Controls by Family
The following table provides a high level summary (by control family) of how complies with the security controls articulated in NIST 800-53.
- Access Control (AC)
- Awareness & Training (AT)
- Audit & Accountability (AU)
- Certification, Accreditation, & Security Assessments (CA)
- Configuration Management (CM)
- Contingency Planning (CP)
- Identification and Authentication (IA)
- Incident Response (IR)
- Maintenance (MA)
- Media Protection (MP)
- Physical and Environmental Protection (PE)
- Planning (PL)
- Personnel Security (PS)
- Risk Assessment (RA)
- System and Services Acquisition (SA)
- System and Communications Protection (SC)
- System and Information Integrity (SI)
- Control Population Totals

it-security-plan-template.doc1.07 MB
it-security-plan-template.png91.21 KB

Trackback URL for this post:

User login

Who's new

  • AlanetesPalazola
  • deelpilky
  • SymnVialmyday
  • vandoiyoy
  • revaringins

Who's online

There are currently 0 users and 3 guests online.