[SOLVED] INFOSEC plan, csia 413 project #3, computer science homework help – Computer Science

I need an INFOSEC plan created using the attached documents plus extended reading.  Proper APA style is required and an originality score of less than 25% is needed.  I appreciate any help with this.  The plan is needed within the next week.CSIA 413: Cybersecurity Policy, Plans, and Programs
Project #3: System Security Plan
Company Background & Operating Environment
The assigned case study and attachments to this assignment provide information about “the
company.”
• Use the Baltimore field office as the target for the System Security Plan
• Use Verizon FiOS as the Internet Services Provider (see
http://www.verizonenterprise.com/terms/us/products/internet/sla/ )
Policy Issue & Plan of Action
A recent risk assessment highlighted the need to formalize the security measures required to
protect information, information systems, and the information infrastructures for the company’s field
offices. This requirement has been incorporated into the company’s risk management plan and the
company’s CISO has been tasked with developing, documenting, and implementing the required security
measures. The IT Governance board also has a role to play since it must review and approve all changes
which affect IT systems under its purview.
The CISO has proposed a plan of action which includes developing system security plans using
guidance from NIST SP-800-18 Guide for Developing Security Plans for Federal Information Systems. The
IT Governance board, after reviewing the CISO’s proposed plan of action, voted and accepted this
recommendation. In its discussions prior to the vote, the CISO explained why the best practices
information for security plans from NIST SP 800-18 was suitable for the company’s use. The board also
accepted the CISO’s recommendation for creating a single System Security Plan for a General Support
System since, in the CISO’s professional judgement, this type of plan would best meet the
“formalization” requirement from the company’s recently adopted risk management strategy.
Your Task Assignment
As a staff member supporting the CISO, you have been asked to research and then draft the
required system security plan for a General Support System. In your research so far, you have learned
that:
• A general support system is defined as “an interconnected set of information resources
under the same direct management control that shares common functionality.” (See
NIST SP 800-18)
• The Field Office manager is the designated system owner for the IT support systems in
his or her field office.
• The system boundaries for the field office General Support System have already been
documented in the company’s enterprise architecture (see the case study).
• The security controls required for the field office IT systems have been documented in a
security controls baseline (see the controls baseline attached to this assignment).
Copyright ©2016 by University of Maryland University College. All Rights Reserved
CSIA 413: Cybersecurity Policy, Plans, and Programs
Research:
1. Review the information provided in the case study and in this assignment, especially the
information about the field offices and the IT systems and networks used in their day to day
business affairs.
2. Review NIST’s guidance for developing a System Security Plan for a general support IT System.
This information is presented in NIST SP 800-18. http://csrc.nist.gov/publications/nistpubs/80018-Rev1/sp800-18-Rev1-final.pdf Pay special attention to the Sample Information System
Security Plan template provided in Appendix A.
3. Review the definitions for IT Security control families as documented in Federal Information
Processing Standard (FIPS) 200: Minimum Security Requirements for Federal Information and
Information Systems (see section 3).
4. Review the definitions for individual controls as listed in Appendix F Security Control Catalog in
NIST SP 800-53 Security and Privacy Controls for Federal Information Systems and Organizations.
http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf You should focus on
those controls listed in the security controls baseline provided with this assignment.
Write:
1. Use the following guidance to complete the System Security Plan using the template from
Appendix A of NIST SP 800-18.
a. Sections 1 through 10 will contain information provided in the assigned case study. You
may need to “interpret” that information when writing the descriptions. “Fill in the
blanks” for information about the company or its managers which is not provided in the
case study, i.e. names, email addresses, phone numbers, etc.). Make sure that your
fictional information is consistent with information provided in the case study (name of
company, locations, etc.).
b. Section 11 should contain information about the field office’s Internet connection Do
not include the table. Use the business Internet Services Provider listed at the top of this
assignment file. Describe the system interconnection type in this section and service
level agreement.
c. Section 12 should contain information derived from the case study. You will need to
identify the types of information processed in the field office and then list the laws and
regulations which apply. For example, if the case study company processes or stores
Protected Health Information, then this section must include information about HIPAA.
If the company processes or stores credit card payment information, then this section
must include information about the PCI-DSS requirements.
d. Section 13 of the SSP will take the most editing time. Use the information about
required security controls as provided security controls baseline.
Copyright ©2016 by University of Maryland University College. All Rights Reserved
CSIA 413: Cybersecurity Policy, Plans, and Programs
i. Create 3 sub sections (13.1 Management Controls, 13.2 Operational Controls,
and 13.3 Technical Controls). You must provide a description for each category
(see the definitions provided in Annex 11.B Minimum Security Controls in NIST
SP 800-100 Information Security Handbook: A Guide for Managers).
ii. Using the information provided in the security controls baseline, place the
required control families and controls under the correct sub section.
iii. Use the exact names and designators for the security control families and
individual security controls. BUT, you MUST paraphrase any and all descriptions.
Do NOT cut and paste from NIST documents.
e. Section 14: use the due date for this assignment as the plan complete date.
f. Section 15: leave the approval date blank. You will not have any other text in this
section (since the plan is not yet approved).
2. Use a professional format for your System Security Plan. Your document should be consistently
formatted throughout and easy to read.
3. Common phrases do not require citations. If there is doubt as to whether or not information
requires attribution, provide a footnote with publication information or use APA format
citations and references.
4. You are expected to write grammatically correct English in every assignment that you submit for
grading. Do not turn in any work without (a) using spell check, (b) using grammar check, (c)
verifying that your punctuation is correct and (d) reviewing your work for correct word usage
and correctly structured sentences and paragraphs.
Submit For Grading
Submit your System Security Plan in MS Word format (.docx or .doc file) for grading using your
assignment folder. (Attach the file.)
Copyright ©2016 by University of Maryland University College. All Rights Reserved
Rubric Name: Project 3: System Security Plan
System Security
Plan
Excellent
10 points
Sections 1 – 8
(System
Identification)
Sections 1 – 8 present a
thorough and complete
identification of the system
(Field Office General IT
Support), the responsible
individuals, and the system
status. Key personnel
(Section 5) roster contains
three or
more appropriatedesignated
officials.
Outstanding
Acceptable
N
Impro
8.5 points
Sections 1 – 8 identify the
system (Field Office
General IT Support), the
responsible individuals,
and the system status.
Information was adapted
from the Case Study. Key
personnel (Section 5)
roster contains at least
twoappropriate designated
officials.
7 points
6 poin
Sections 1 – 8 were
completed using
information from the Case
Study. Key personnel
(Section 5) roster contains
at least
one appropriatedesignated
official.
Entere
inform
for 6 o
sectio
Inform
was
incom
incorr
10 points
8.5 points
Section 9: System
Description /
Purpose
Provided an excellent
description of the Field
Office General IT Support
System. Integrated case
study information to
describe the business
operations supported by the
hardware, software, and
networks which comprise
the “General IT Support”
system. Included
information about the types
and sensitivity of
information processed by
this system. Described the
“smart home” and “Internet
of Things” capabilities
which are supported by the
field office IT systems.
Section 10: System 10 points
Environment
7 points
6 poin
Provided an outstanding
description of the Field
Office General IT Support
System. Integrated case
study information to
describe the business
operations including
mention of the types and
sensitivity of information
processed by this system.
Mentioned the “smart
home” and “Internet of
Things” capabilities which
are supported by the field
office IT systems.
Provided an acceptable
description of the Field
Office General IT Support
System. Integrated case
study information to
describe the business
operations, mentioned the
types of information
processed, and the “smart
home” / “Internet of
Things” capabilities
incorporated into the field
offices.
Descr
field o
busine
operat
suppo
the Fi
Office
IT Sup
System
descri
lacked
8.5 points
7 points
6 poin
Provided an excellent
description of the enterprise
architecture for the Field
Office General IT Support
System. Integrated case
study information to clearly
and accurately describe the
hardware, software, and
networks which comprise
the “General IT Support”
system. Included
information about the
devices and controllers used
for the “smart home” and
“Internet of Things”
capabilities which are used
by the field office.
Provided an outstanding
description of the
enterprise architecture for
the Field Office General
IT Support System.
Integrated case study
information to describe the
hardware, software, and
networks which comprise
the “General IT Support”
system. Included
information about the
devices and controllers
used for the “smart home”
and “Internet of Things”
capabilities which are used
by the field office.
Provided an acceptable
description of the Field
Office General IT Support
System. Integrated case
study information to
describe the business
operations, mentioned the
types of information
processed, and the “smart
home” / “Internet of
Things” capabilities
incorporated into the field
offices.
Descr
field o
busine
operat
suppo
the Fi
Office
IT Sup
System
descri
lacked
7 points
6 poin
Used information from the
case study to identify
(name) 3 or more
interconnected systems
and networks (including
the LAN/WAN network
connections between the
field office and the
operations center).
Provided an acceptable
description for each.
Named the “owning”
organization.
Sectio
identi
interc
system
includ
LAN
netwo
conne
Provid
inform
about
system
netwo
8.5 points
10 points
Used information from the
case study to identify
(name) 5 or more
interconnected systems and
networks (including the
LAN/WAN network
connections between the
Section 11: System
field office and the
Interconnections /
operations center). Provided
Information Sharing an excellent description for
each that included the types
and sensitivity levels of
information transmitted
over the connection (e.g.
company proprietary
information, customer
information, public Internet
information). Named the
“owning” organization and
responsible ISSO.
Used information from the
case study to identify
(name) 4 or more
interconnected systems
and networks (including
the LAN/WAN network
connections between the
field office and the
operations center).
Provided an outstanding
description for each that
included the types and
sensitivity levels of
information transmitted
over the connection (e.g.
company proprietary
information, customer
information, public
Internet information).
Named the “owning”
organization and
responsible ISSO.
10 points
Provided an excellent
overview of laws,
regulations, and policies
which establish specific
requirements for the
confidentiality, integrity,
Section 12: Related
and availability of the data
Laws / Regulations /
collected, processed, and/or
Policies
stored in the Field Office
General IT Support System.
Named and described the
applicability of 5 or more
federal or state laws and
regulations. Identified and
described at least one
internal policy which
applies to the use of this
system.
8.5 points
7 points
Provided an outstanding
overview of laws,
regulations, and policies
which establish specific
requirements for the
confidentiality, integrity,
and availability of the data
collected, processed,
and/or stored in the Field
Office General IT Support
System. Named and
described the applicability
of 4 or more federal or
state laws and regulations.
Identified and described at
least one internal policy
which applies to the use of
this system.
Provided an acceptable list
of laws, regulations, and
policies which establish
specific requirements for
the confidentiality,
integrity, and availability
of the data collected,
processed, and/or stored in
the Field Office General
IT Support System.
Named and described the
applicability of 3 or more
federal or state laws and
regulations. Identified and
described at least one
internal policy which
applies to the use of this
system.
6 poin
Name
descri
least t
legal (
regula
(regul
“rules
and/or
source
securi
requir
which
the Fi
Office
Gener
Suppo
System
2 poin
5 points
Section 13:
Introduction for
Minimum Security
Controls
Section 13 (a)
Minimum Security
Controls:
Management
Controls Category
4 points
3 points
Provid
introd
Provided an excellent
Provided an outstanding Provided an acceptable
for Se
introduction for Section 13: introduction for Section
introduction for Section
Minim
Minimum Security
13: Minimum security
13: Minimum Security
Secur
Controls. Discussed the
controls. Discussed the
Controls. Mentioned the Contr
differences between
use of management,
three categories
Introd
management, operational, operational, and technical (management, operational, used
and technical categories of categories of security
technical). Used
inform
security controls. Used
controls. Used information information from the case from t
information from the case from the case study and
study and NIST SP 800- study
study and NIST SP 800-53. NIST SP 800-53.
53.
lacked
impor
details
10 points
8.5 points
7 points
6 poin
Used the provided security
controls baseline for the
case study company.
Named and described each
Used the provided security
controls baseline for the
case study company.
Named and described each
Used the provided security
controls baseline for the
case study company.
Named and described each
Listed
descri
three o
manag
of the required control
families (e.g. CA) listed
under the “management
controls” category (in the
baseline) using information
from NIST SP 800-53. For
each “family” listed in the
baseline under this
category, identified (listed)
the specific controls (e.g.
CA-1) and provided a
excellent description of how
the controls in each family
work together to mitigate
threats and vulnerabilities.
10 points
Section 13 (b)
Minimum Security
Controls:
Operational
Controls Category
Used the provided security
controls baseline for the
case study company.
Named and described each
of the required control
families (e.g. AT) listed
under the “operational
controls” category (in the
baseline) using information
from NIST SP 800-53. For
each “family” listed in the
baseline under this
category, identified (listed)
the specific controls (e.g.
AT-1) and provided a
excellent description of how
the controls in each family
work together to mitigate
threats and vulnerabilities.
10 points
Section 13 (c)
Minimum Security
Controls: Technical Used the provided security
Controls Category controls baseline for the
case study company.
of the required control
families (e.g. CA) listed
under the “management
controls” category (in the
baseline) using
information from NIST SP
800-53. For each “family”
listed in the baseline under
this category, identified
(listed) the specific
controls (e.g. CA-1) and
provided an outstanding
description of how the
controls in each family
work together to mitigate
threats and vulnerabilities.
of the required control
families (e.g. CA) listed
under the “management
controls” category (in the
baseline) using
information from NIST SP
800-53. Provided a brief
description of how the
controls in each family
work together to mitigate
threats and vulnerabilities.
contro
NIST
53) w
should
imple
for the
Office
Gener
Suppo
System
8.5 points
Used the provided security
controls baseline for the
case study company.
Named and described each
of the required control
families (e.g. AT) listed
under the “operational
controls” category (in the
baseline) using
information from NIST SP
800-53. For each “family”
listed in the baseline under
this category, identified
(listed) the specific
controls (e.g. AT-1) and
provided an outstanding
description of how the
controls in each family
work together to mitigate
threats and vulnerabilities.
8.5 points
7 points
6 poin
Used the provided security
controls baseline for the
case study company.
Named and described each
of the required control
families (e.g. AT) listed
under the “operational
controls” category (in the
baseline) using
information from NIST SP
800-53. Provided a brief
description of how the
controls in each family
work together to mitigate
threats and vulnerabilities.
Listed
descri
three o
operat
contro
NIST
53) w
should
imple
for the
Office
Gener
Suppo
System
7 points
6 poin
Used the provided security Used the provided security Listed
controls baseline for the
controls baseline for the descri
case study company.
case study company.
three o
Sections 14-15:
Completion &
Approval Dates
Named and described each
of the required control
families (e.g. AC) listed
under the “technical
controls” category (in the
baseline) using information
from NIST SP 800-53. For
each “family” listed in the
baseline under this
category, identified (listed)
the specific controls (e.g.
AC-1) and provided a
excellent description of how
the controls in each family
work together to mitigate
threats and vulnerabilities.
Named and described each
of the required control
families (e.g. AC) listed
under the “technical
controls” category (in the
baseline) using
information from NIST SP
800-53. For each “family”
listed in the baseline under
this category, identified
(listed) the specific
controls (e.g. AC-1) and
provided an outstanding
description of how the
controls in each family
work together to mitigate
threats and vulnerabilities.
5 points
3 points
Included both sections from
the template file (14 & 15)
and entered the completion
date for the plan.
Professionalism
Excellent
Named and described each
of the required control
families (e.g. AC) listed
under the “technical
controls” category (in the
baseline) using
information from NIST SP
800-53. Provided a brief
description of how the
controls in each family
work together to mitigate
threats and vulnerabilities.
techni
contro
NIST
53) w
should
imple
for the
Office
Gener
Suppo
System
0 points
0 poin
Included section 14 from
the template file and
N/A
entered a completion date
for the plan.
Outstanding
8.5 points
N/A
Acceptable
7 points
N
Impro
6 poin
10 points
Submit
has num
Work is professional in
errors i
appearance and organization
format
(appropriate and consistent use
organiz
of fonts, headings, color).
word u
Work contains minor errors
spelling
in word usage,grammar,
gramm
No word usage, grammar,
spelling or punctuation which Errors in word usage, spelling,
punctu
spelling, or punctuation errors.
do not significantly impact
grammar, or punctuation
which d
All quotations (copied text) are
professional appearance. All
which detract from
from re
properly marked and cited using
quotations (copied text) are
professional appearance of the
and pro
a professional format (APA
properly marked and cited
submitted work. All quotations
appear
format recommended but not
using a professional format
(copied text) are properly
Punctu
required.)
(APA format recommended but marked and cited using a
errors m
not required.)
professional format (APA
include
Work is professional in
appearance and organization
(appropriate and consistent use
of fonts, headings, color).
Execution
Work is professional in
appearance and organization
(minor issues allowable but
overall the work contains
appropriate and consistent use
of fonts, headings, color).
format recommended but not
required.)
Overall Score
Excellent
90 or more
Outstanding
80 or more
Acceptable
70 or more
proper
quoted
materia
attemp
origina
require
N
Impro
56 o
Information System Security Plan
1. Information System Name/Title:
• Unique identifier and name given to the system. [use information from the case study]
2. Information System Categorization:
• Identify the appropriate system categorization [use the information from the case study].
3. Information System Owner:
• Name, title, agency, address, email address, and phone number of person who owns the system.
[Use the field office manager]
4. Authorizing Official:
• Name, title, agency, address, email address, and phone number of the senior management
official designated as the authorizing official. [Use the company’s Chief Information
Officer.]
5. Other Designated Contacts:
• List other key personnel, if applicable; include their title, address, email address, and phone
number. [include the CISO, the ISSO, and other individuals from the case study, if
appropriate]
6. Assignment of Security Responsibility:
• Name, title, address, email address, and phone number of person who is responsible for the
security of the system. [use the case study information]
7. Information System Operational Status:
• Indicate the operational status of the system. If more than one status is selected, list which part
of the system is covered under each status. [Use the case study information.]
8.0 Information System Type:
• Indicate if the system is a major application or a general support system. If the system contains
minor applications, list them in Section 9. General System Description/Purpose. [use the case
study information]
9.0 General System Description/Purpose
• Describe the function or purpose of the system and the information processes. [use the case
study information]
10. System Environment
• Provide a general description of the technical system. Include the primary hardware, software,
and communications equipment.
[use the case study information and diagrams. Add brand names, equipment types as required (if
not provided in the case study)]
11. System Interconnections/Information Sharing
1
Information System Security Plan
• List interconnected systems and system identifiers (if appropriate), provide the system name,
owning or providing organization, system type (major application or general support system)
… add a fictional date of agreement to interconnect, and the name of the authorizing official.
12. Related Laws/Regulations/Policies
• List any laws or regulations that establish specific requirements for the confidentiality,
integrity, or availability of the data in the system.
13. Minimum Security Controls
Use the security controls baseline as provided for this assignment. Include descriptive paragraphs for
each section. Cut and paste the tables from the provided security controls baseline to add the
individual security controls under each section. Use the sections and sub-sections as listed below.
13.1 Management Controls
[provide a descriptive paragraph]
13.1.1 [first control family]
[provide a descriptive paragraph]
13.1.2 [second control family]
…………
13.2 Operational Controls
[provide a descriptive paragraph]
13.2.1 [first control family]
13.2.2 [second control family]
…………..
13.3 Technical Controls
[provide a descriptive paragraph]
13.3.1 [ first control family]
13.3.2 [ second control family]
…………
Example:
2
Information System Security Plan
14. Information System Security Plan Completion Date: _____________________
• Enter the completion date of the plan.
15. Information System Security Plan Approval Date: _______________________
• Enter the date the system security plan was approved and indicate if the approval
documentation is attached or on file.
3
Project #3: IT Security Controls Baseline for Red Clay Renovations
Red Clay Renovations’ IT Security policies, plans, and procedures shall use the following security control
classes (management, operational, technical), as defined in NIST SP 800-53 rev 3 (p. 6).
Security Controls Baseline
Red Clay Renovations Security Controls Baseline shall include the following controls.
1. AC: Access Controls (Technical Controls Category)
AC-1
AC-2
AC-3
AC-4
AC-5
AC-6
AC-7
AC-8
AC-11
AC-12
AC-14
AC-17
AC-18
AC-19
AC-20
AC-21
AC-22
Access Control Policy and Procedures
Account Management
Access Enforcement
Information Flow Enforcement
Separation of Duties
Least Privilege
Unsuccessful Logon Attempts
System Use Notification
Session Lock
Session Termination
Permitted Actions without Identification or Authentication
Remote Access
Wireless Access
Access Control for Mobile Devices
Use of External Information Systems
Information Sharing
Publicly Accessible Content
AC-1
AC-2 (1) (2) (3) (4)
AC-3
AC-4
AC-5
AC-6 (1) (2) (5) (9) (10)
AC-7
AC-8
AC-11 (1)
AC-12
AC-14
AC-17 (1) (2) (3) (4)
AC-18 (1)
AC-19 (5)
AC-20 (1) (2)
AC-21
AC-22
2. AT: Awareness and Training (Operational Controls Category)
AT-1
AT-2
AT-3
AT-4
Security Awareness and Training Policy and Procedures
Security Awareness Training
Role-Based Security Training
Security Training Records
AT-1
AT-2 (2)
AT-3
AT-4
3. AU: Audit and Accountability (Technical Controls Category)
AU-1
AU-2
AU-3
AU-4
AU-5
AU-6
AU-7
AU-8
AU-9
AU-10
AU-11
AU-12
Audit and Accountability Policy and Procedures
Audit Events
Content of Audit Records
Audit Storage Capacity
Response to Audit Processing Failures
Audit Review, Analysis, and Reporting
Audit Reduction and Report Generation
Time Stamps
Protection of Audit Information
Non-repudiation
Audit Record Retention
Audit Generation
AU-1
AU-2 (3)
AU-3 (1)
AU-4
AU-5
AU-6 (1) (3)
AU-7 (1)
AU-8 (1)
AU-9 (4)
Not Selected
AU-11
AU-12
4. CA: Security Assessment and Authorization (Management Controls Category)
CA-1
CA-2
CA-3
CA-5
CA-6
CA-7
CA-9
Security Assessment and Authorization Policies and
Procedures
Security Assessments
System Interconnections
Plan of Action and Milestones
Security Authorization
Continuous Monitoring
Internal System Connections
CA-1
CA-2 (1)
CA-3 (5)
CA-5
CA-6
CA-7 (1)
CA-9
5. CM: Configuration Management (Operational Controls Category)
CM-1
CM-2
CM-3
CM-4
CM-5
CM-6
CM-7
CM-8
CM-9
CM-10
CM-11
Configuration Management Policy and Procedures
Baseline Configuration
Configuration Change Control
Security Impact Analysis
Access Restrictions for Change
Configuration Settings
Least Functionality
Information System Component Inventory
Configuration Management Plan
Software Usage Restrictions
User-Installed Software
CM-1
CM-2 (1) (3) (7)
CM-3 (2)
CM-4
CM-5
CM-6
CM-7 (1) (2) (4)
CM-8 (1) (3) (5)
CM-9
CM-10
CM-11
6. Contingency Planning (Operational Controls Category)
CP-1
CP-2
CP-3
CP-4
CP-5
CP-6
CP-7
CP-8
CP-9
CP-10
Contingency Planning Policy and Procedures
Contingency Plan
Contingency Training
Contingency Plan Testing
Withdrawn
Alternate Storage Site
Alternate Processing Site
Telecommunications Services
Information System Backup
Information System Recovery and Reconstitution
CP-1
CP-2 (1) (3) (8)
CP-3
CP-4 (1)
–CP-6 (1) (3)
CP-7 (1) (2) (3)
CP-8 (1) (2)
CP-9 (1)
CP-10 (2)
7. IA: Identification and Authentication (Technical Controls Category)
IA-1
IA-2
Identification and Authentication Policy and Procedures
Identification and Authentication (Organizational Users)
IA-1
IA-2 (1) (2) (3) (8) (11) (12)
IA-3
IA-4
IA-5
IA-6
IA-7
IA-8
Device Identification and Authentication
Identifier Management
Authenticator Management
Authenticator Feedback
Cryptographic Module Authentication
Identification and Authentication (Non-Organizational
Users)
IA-3
IA-4
IA-5 (1) (2) (3) (11)
IA-6
IA-7
IA-8 (1) (2) (3) (4)
8. IR: Incident Response (Operational Controls Category)
IR-1
IR-2
IR-3
IR-4
IR-5
IR-6
IR-7
IR-8
Incident Response Policy and Procedures
Incident Response Training
Incident Response Testing
Incident Handling
Incident Monitoring
Incident Reporting
Incident Response Assistance
Incident Response Plan
IR-1
IR-2
IR-3 (2)
IR-4 (1)
IR-5
IR-6 (1)
IR-7 (1)
IR-8
9. MA: Maintenance (Operational Controls Category)
MA-1
MA-2
MA-3
MA-4
MA-5
System Maintenance Policy and Procedures
Controlled Maintenance
Maintenance Tools
Nonlocal Maintenance
Maintenance Personnel
MA-1
MA-2
MA-3 (1) (2)
MA-4 (2)
MA-5
10. MP: Media Protection (Operational Controls Category)
MP-1
MP-2
MP-3
MP-4
MP-5
MP-6
MP-7
Media Protection Policy and Procedures
Media Access
Media Marking
Media Storage
Media Transport
Media Sanitization
Media Use
MP-1
MP-2
MP-3
MP-4
MP-5 (4)
MP-6
MP-7 (1)
11. PE: Physical and Environmental Protection (Operational Controls Category)
PE-1
PE-2
PE-3
PE-4
PE-5
PE-6
PE-8
PE-9
PE-10
PE-11
PE-12
PE-13
PE-14
PE-15
PE-16
PE-17
Physical and Environmental Protection Policy and
Procedures
Physical Access Authorizations
Physical Access Control
Access Control for Transmission Medium
Access Control for Output Devices
Monitoring Physical Access
Visitor Access Records
Power Equipment and Cabling
Emergency Shutoff
Emergency Power
Emergency Lighting
Fire Protection
Temperature and Humidity Controls
Water Damage Protection
Delivery and Removal
Alternate Work Site
PE-1
PE-2
PE-3
PE-4
PE-5
PE-6 (1)
PE-8
PE-9
PE-10
PE-11
PE-12
PE-13 (3)
PE-14
PE-15
PE-16
PE-17
12. PL: Planning (Management Controls Category)
PL-1
PL-2
PL-4
PL-8
Security Planning Policy and Procedures
System Security Plan
Rules of Behavior
Information Security Architecture
PL-1
PL-2 (3)
PL-4 (1)
PL-8
13. PS: Personnel Security (Operational Controls Category)
PS-1
PS-2
PS-3
PS-4
PS-5
PS-6
PS-7
PS-8
Personnel Security Policy and Procedures
Position Risk Designation
Personnel Screening
Personnel Termination
Personnel Transfer
Access Agreements
Third-Party Personnel Security
Personnel Sanctions
PS-1
PS-2
PS-3
PS-4
PS-5
PS-6
PS-7
PS-8
14. RA: Risk Assessment (Management Controls Category)
RA-1
RA-2
RA-3
RA-5
Risk Assessment Policy and Procedures
Security Categorization
Risk Assessment
Vulnerability Scanning
RA-1
RA-2
RA-3
RA-5 (1) (2) (5)
15. SA: System and Services Acquisition (Management Controls Category)
SA-1
SA-2
SA-3
SA-4
SA-5
SA-8
SA-9
SA-10
SA-11
System and Services Acquisition Policy and Procedures
Allocation of Resources
System Development Life Cycle
Acquisition Process
Information System Documentation
Security Engineering Principles
External Information System Services
Developer Configuration Management
Developer Security Testing and Evaluation
SA-1
SA-2
SA-3
SA-4 (1) (2) (9) (10)
SA-5
SA-8
SA-9 (2)
SA-10
SA-11
16. SC: System and Communications Protection (Technical Controls Category)
SA-1
SA-2
SA-3
SA-4
SA-5
SA-8
SA-9
SA-10
SA-11
SC-28
SC-39
System and Services Acquisition Policy and Procedures
Allocation of Resources
System Development Life Cycle
Acquisition Process
Information System Documentation
Security Engineering Principles
External Information System Services
Developer Configuration Management
Developer Security Testing and Evaluation
Protection of Information at Rest
Process Isolation
SA-1
SA-2
SA-3
SA-4 (1) (2) (9) (10)
SA-5
SA-8
SA-9 (2)
SA-10
SA-11
SC-28
SC-39
17. SI: System and Information Integrity (Operational Controls Category)
SI-1
SI-2
SI-3
SI-4
SI-5
SI-7
SI-8
SI-10
SI-11
SI-12
SI-16
System and Information Integrity Policy and Procedures
Flaw Remediation
Malicious Code Protection
Information System Monitoring
Security Alerts, Advisories, and Directives
Software, Firmware, and Information Integrity
Spam Protection
Information Input Validation
Error Handling
Information Handling and Retention
Memory Protection
SI-1
SI-2 (2)
SI-3 (1) (2)
SI-4 (2) (4) (5)
SI-5
SI-7 (1) (7)
SI-8 (1) (2)
SI-10
SI-11
SI-12
SI-16
18. PM: Program Management (Management Controls Family)
PM-1
PM-2
PM-3
PM-4
PM-5
PM-6
PM-7
PM-8
PM-9
PM-10
PM-11
PM-12
PM-13
PM-14
PM-15
PM-16
Information Security Program Plan
Senior Information Security Officer
Information Security Resources
Plan of Action and Milestones Process
Information System Inventory
Information Security Measures of Performance
Enterprise Architecture
Critical Infrastructure Plan
Risk Management Strategy
Security Authorization Process
Mission/Business Process Definition
Insider Threat Program
Information Security Workforce
Testing, Training, and Monitoring
Contacts with Security Groups and Associations
Threat Awareness Program
all
all
all
all
all
all
all
all
all
all
all
all
all
all
all
all

Purchase answer to see full
attachment

Why Choose Us

• 100% non-plagiarized Papers
• 24/7 /365 Service Available
• Affordable Prices
• Any Paper, Urgency, and Subject
• Will complete your papers in 6 hours
• On-time Delivery
• Money-back and Privacy guarantees
• Unlimited Amendments upon request
• Satisfaction guarantee

How it Works

• Click on the “Place Order” tab at the top menu or “Order Now” icon at the bottom and a new page will appear with an order form to be filled.
• Fill in your paper’s requirements in the "PAPER DETAILS" section.
• Fill in your paper’s academic level, deadline, and the required number of pages from the drop-down menus.
• Click “CREATE ACCOUNT & SIGN IN” to enter your registration details and get an account with us for record-keeping and then, click on “PROCEED TO CHECKOUT” at the bottom of the page.
• From there, the payment sections will show, follow the guided payment process and your order will be available for our writing team to work on it.