the system-specific security policy (SysSP

profileAACi
SysSP-TEMPLATE3.docx

System-Specific Security Policy (SysSP)

Class: CISS-391 Early Spring 2020

Policy Information

Policy Name: __________________________ ID: ______________ Type: ☐ Internet, ☐ Networks, Systems, ☐ Information

Company/Agency/Organization: ___________________________________ Date: _____________

Team Name: _______________________________ Project Lead: ___________________________

Chief Executive Officer (CEO): ______________________

Role(s): Define your role(s) for this policy

Chief Info Security Officer (CISO): ___________________

Role(s): Define your role(s) for this policy

Senior Security Engineer (SSE): _____________________

Role(s): Define your role(s) for this policy

☒ Systems, ☒ Information

SysSP Details:

1. Access Control list (ACL)

(see pg 189 Fig 4-3)

[Group name, Description, user account type: ADMIN, EMPLOYEE, CONTRACTOR, USER, GUEST]

Group

Description

Account Type

Admin

System and network administrators

2. Access Control matrix

(focus on user access)

[user account type, group, asset, control, time limits] Hint: one user per policy

Account Type

Group

Assert

Control

Time limits

3. Capability table

(Focus on control capabilities: (account office apps, system tools, network tools, policy that applies) (Policy control for above users and groups)

Group

Account Type

Capability tools

Policy that apply

4. Configuration rules

(focus on assets like servers) (server, port, protocol, access rule, time limits)

Server

Port(s)

Protocol

Access Rule

Time limit

5. Technical Specifications SysSP

(Focus on asset hardware both network equipment, servers, and user PCs/Laptop) (Make, model, type, Quantity, cost)

Asset Type

Make

Model

Qty

Cost

References:

Page 2 of 2