ITS-HBK-00016C, IT SECURITY PLAN TEMPLATE, REQUIREMENTS, GUIDANCE, AND EXAMPLES (05 MAR 2010
ITS-HBK-00016C, IT SECURITY PLAN TEMPLATE, REQUIREMENTS, GUIDANCE, AND EXAMPLES (05 MAR 2010)., This IT Security Handbook (lTS-HBK) defines the information system security plan (SSP) template and provides procedures, guidance and examples for the completion of these plans. The information captured in the SSP template is critical for the assessment and authorization of the system and the granting of an authorization to operate (A TO) for that system. The template acts as an outline to capture information regarding the system's function, operational concept, the type and category of information processed or stored on the system, risk assessment results, and the implementation of National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 controls. The SSP template defined in this ITS-HBK is based on Federal Information Processing Standard (FIPS) 199, FIPS 200, NIST SP 800-18 and otherNIST 800 series guidance. Additionally, ITS-HBK-0030 and ITS-HBK-0031 define the procedures for the assessment and authorization o fNASA IT Systems. ITS-HBK-0007, System Security Plan Numbering Schema, provides the procedures for establishing the Security Plan Number.