NIST SP 800-18r1 Table of Contents

Table of Contents

EXECUTIVE SUMMARY

1. INTRODUCTION

1.1 BACKGROUND

1.2 TARGET AUDIENCE

1.3 ORGANIZATION OF DOCUMENT

1.4 SYSTEMS INVENTORY AND FEDERAL INFORMATION PROCESSING STANDARDS (FIPS 199)

1.5 MAJOR APPLICATIONS, GENERAL SUPPORT SYSTEMS, AND MINOR APPLICATIONS

1.6 OTHER RELATED NIST PUBLICATIONS

1.7 SYSTEM SECURITY PLAN RESPONSIBILITIES

1.7.1 Chief Information Officer

1.7.2 Information System Owner

1.7.3 Information Owner

1.7.4 Senior Agency Information Security Officer (SAISO)

1.7.5 Information System Security Officers

1.7.6 Authorizing Official

1.8 RULES OF BEHAVIOR

1.9 SYSTEM SECURITY PLAN APPROVAL

2. SYSTEM BOUNDARY ANALYSIS AND SECURITY CONTROLS

2.1 SYSTEM BOUNDARIES

2.2 MAJOR APPLICATIONS

2.3 GENERAL SUPPORT SYSTEMSs

2.4 MINOR APPLICATIONS

2.5 SECURITY CONTROLS

2.5.1 Scoping Guidance

2.5.2 Compensating Controls

2.5.3 Common Security Controls

3. PLAN DEVELOPMENT

3.1 SYSTEM NAME AND IDENTIFIER

3.2 SYSTEM CATEGORIZATION

3.3 SYSTEM OWNER

3.4 AUTHORIZING OFFICIAL

3.5 OTHER DESIGNATED CONTACTS

3.6 ASSIGNMENT OF SECURITY RESPONSIBILITY

3.7 SYSTEM OPERATIONAL STATUS

3.8 INFORMATION SYSTEM TYPE

3.9 GENERAL DESCRIPTION/PURPOSE

3.10 SYSTEM ENVIRONMENT

3.11 SYSTEM INTERCONNECTION/INFORMATION SHARING

3.12 LAWS, REGULATIONS, AND POLICIES AFFECTING THE SYSTEM

3.13 SECURITY CONTROL SELECTION

3.14 MINIMUM SECURITY CONTROLS

3.15 COMPLETION AND APPROVAL DATES

3.16 ONGOING SYSTEM SECURITY PLAN MAINTENANCE

APPENDIX A: SAMPLE INFORMATION SYSTEM SECURITY PLAN TEMPLATE

APPENDIX B: GLOSSARY

APPENDIX C: REFERENCES