Model Preview
21 CFR Part 11
C4ISP Framework
CMM-SW
Computer Security - Self Assessment
Ditscap
DitscapAbridged
HIPAA Compliance Checklist
HIPAA Security
Hippa
Information Security Certification and Accreditation (NIST 800-37)
ISO 17799 Compliance
JFMIP
Medical Device GMP
People CMM
Sample Facility EHS Model
Sample General EHS Model
Sample ISO 14001 Model
Sample Landfill EHS
Sample Landfill EHS Model
Sample PPAP Model
Sample Safety (General Industry Standards - 1910) Model
Sarbanes-Oxley Act of 2002
Sarbanes-Oxley Rules
Six Sigma
Small Business Demo
SoftwareCertification
SoftwareCMM
System Security Authorization Agreement
SECTION 1. MISSION DESCRIPTION AND SYSTEM IDENTIFICATION
1.1 System Name and Identification
1.2 Mission
1.3 Functional Architecture
1.3.1 Functional Description
1.3.2 System Capabilities and Interfaces with Other Systems
1.3.3 System Criticality
1.3.4 Classification and Sensitivity of Data Processed
1.3.5 System User Description and Clearance Levels
1.4 System Concept of Operations Summary
SECTION 2. ENVIRONMENT DESCRIPTION
2.1 Operating Environment Overview
2.1.1 ERC Building
2.1.2 ERC Alarms
2.1.3 ACC Guards and Visitor Controls
2.1.4 Custodial Personnel
2.2 System Development, Integration and Maintenance Environment
2.2.1 Configuration Management of Software
2.2.2 Configuration Management of Hardware
2.3 Threat Description and Environment
2.3.1 Threat Description
2.3.2 Threat Environment and Points of Failure.
2.4 Continuity of Support
SECTION 3. SYSTEM ARCHITECTURAL DESCRIPTION
3.1 Overview
3.1.1 Tier I Architecture
3.1.2 Tier II Architecture
3.1.3 Tier III Architecture
3.2 Certification and Accreditation Boundary
SECTION 4. SYSTEM SECURITY REQUIREMENTS
4.1 Overview
4.2 National Level Security Requirements
4.3 Assignment of Responsibilities
4.4 USGA Information Security Policy
4.5 Security Plan
4.6 Review of Security Controls
4.7 Authorization of Processing
4.8 USGA Security Requirements
4.9 System Security Concept of Operations
4.10 Network Connection Rules
SECTION 5. ORGANIZATIONS AND RESOURCES
5.1 Identification of Organizations
5.1.1 USGA ETSD Staff
5.1.2 The DISA C&A Team
5.2 DISA C&A Team Organizational Structure and Management Approach
5.3 Organizational Interfaces
5.4 Resources and Roles
5.5 Certification Team
5.6 Other Supporting Organizations or Working Groups
5.7 Administrative Issues
SECTION 6. DITSCAP PLAN
6.1 Evaluation Approach
6.2 TASK 1: PROGRAM AND PROJECT MANAGEMENT
6.2.1 C&A Task Order Management Plan
6.2.2 Monthly Status Report
6.2.3 Trip Reports
6.3 TASK 2: USGA C&A Support
6.3.1 SUBTASK 2.1: Definition Phase
6.3.2 SUBTASK 2.2: Verification Phase
6.3.3 SUBTASK 2.3: Validation
6.4 Schedule summary
APPENDICES
Appendix A: Acronym List
Appendix B: Glossary of Terms
Appendix C: Reference List
Appendix D: Requirement Traceability Matrix
Appendix E: USGA - ACC Certification and Accreditation Work Plan
Appendix F: Risk Assessment
Appendix G: Security Test and Evaluation Test Plan and Procedures
Appendix H: Security Test and Evaluation Test Evaluation Report
Appendix I: System Security Evaluation Report
Appendix J: Certification Statement
Appendix K: ACC Security Operating Procedures Guide
Appendix L: Approval to Operate
Appendix M: Rules of Behavior
Appendix N: Security Awareness and Training Program
Appendix O: Incident Response Program
Appendix P: Continuity of Support
Appendix Q: Interagency Agreements
FIGURES
Figure 1-1 Enterprise Technology Services Division
Figure 1-2 ACC Layered Architecture
Figure 3-1 Major USGA Circuits from Our Town
Figure 3-2 Tier I Topology
Figure 3-3 Tier II Topology
Figure 3-4 Tier III Topology
Figure 5-1 USGA Certification and Accreditation Task Organization
TABLES
Table 3-1 Regional WAN Router Locations
Table 3-2 UNIX Production Systems
Table 3-3 UNIX Non-Production Systems
Table 5-1 USGA ETSD Staff
Table 6-1 Deliverable Schedule
SECTION 1. MISSION DESCRIPTION AND SYSTEM IDENTIFICATION
