INTERIM POLICY DOCUMENT
| | | | | |Network Security Management | |
1. Purpose. This Interim Policy Document (IPD) establishes XX Agency (XXA) procedures for managing network security.
2. Objective. The objective is to comply with the federal guidelines to maintain a proper level of network security commensurate with risk and threat assessment.
A. Computer Security Act of 1987 (PL 100-235)
B. OMB Circular A-130, Appendix III, Security of Federal Automated Information Resources
C. NIST Special Publication 800-18, Guide for Developing Security Plans for Information Technology Systems
4. Policy. It is XXA policy to protect information and corporate assets.
A. The Council of Management Officials (CIMO) are responsible for:
Ensuring coordination among Program area offices on IRM issues (including the Network) and activities
B. The Security Working Group (SWG)
Approving documents prepared by the Chief Information Systems Security Manager for the purpose of maintaining network security and/or for Director XX Agency.
C. Chief, Information Resources Management (IRM) is responsible for:
Approving documents prepared by the Information Technology Security Manager for the purpose of maintaining network security and/or for Director, XX Agency.
D. Information Technology Security Manager (ITSM) is responsible for:
1) Ensure IT resources are adequately safeguarded throughout theAgency.
2) Developing and implementing an overall network security plan for XXA systems.
(3) Issuing guidelines and procedures.
(4) Providing oversight for XXA network security.
5) Maintain current inventory of sensitive systems and a schedule for testing systems Contingency Plans.
Policies, Procedures, and Guidance. The ITSM has the overall responsibility for the security of the XXA network. It is his/her responsibility to ensure that all of the federal rules, regulations, Public Law/statutes, policy, procedures, and guidelines applicable to network security are implemented and enforced.
Delegations of Authority. Every system will have someone identified as being responsible for its security. This person, who will be referred to as the Systems Administrator may be a civil service or contractor employee as provided by the terms and conditions of the contract. The Systems Administrator must know the nature of the information processed by the system (or an application on the system) and be able to apply and manage appropriate security controls. The Installation Information Technology Security Manger (IITSM) provides oversight and direction to the Systems Administrator for network security purposes. The appointment must be in writing and given to both the individual appointed and the organizational Program Information Technology Security Manager (PITSM), who will report the appointment to the ITSM.
Security Plans. Every system will have an IT Security Plan that documents the security posture at a particular point in time. The ITSM or his appointee will have the overall responsibility for the general support system (network), and the system owner will have the responsibility for the respective application. The IT Security Plan reports the outcome of the IT security planning process, which is described in NIST Special Publication SP 800-18, Guide for Developing Security Plans for Information Technology Systems. IT Security Plans are considered sensitive...
Please join StudyMode to read the full document