Policy 7230A - Department of Administration
Policy 7230A - Department of Administration
Policy 7230A - Department of Administration
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
2.2.1.1 Capture System Identification<br />
Provide information to identify the system that is the target <strong>of</strong> the<br />
plan:<br />
• Specify both system name and a unique system identifier that<br />
will remain consistent for the life <strong>of</strong> the system.<br />
• Specify operational status <strong>of</strong> the system (Operational,<br />
Developmental, or in-Modification).<br />
• Specify system function (Major Application or General Support<br />
System).<br />
• Specify the system environment (physical and logical location).<br />
• Specify existing system interconnections (upstream and<br />
downstream).<br />
2.2.1.2 Identify Individuals with Responsibility for the System<br />
Designate an individual system owner and identify and document all<br />
relevant information about that owner:<br />
• Identify the owner <strong>of</strong> the system.<br />
• Identify the owner(s)/custodian(s) <strong>of</strong> all data stored on and/or<br />
processed by the system<br />
• Identify the individual responsible for authorizing operations<br />
<strong>of</strong> and accepting risk associated with the system.<br />
• Identify the individual responsible for managing and<br />
maintaining the security <strong>of</strong> the system.<br />
2.2.1.3 Determine Applicable Laws and Regulations<br />
List all applicable laws, regulations, or policies that may dictate<br />
and/or affect the security <strong>of</strong> the system:<br />
• Include anything that impacts requirements for<br />
Confidentiality, Integrity and/or Availability.<br />
2.2.1.4 Determine System Categorization<br />
Assess and record the impact <strong>of</strong> the loss <strong>of</strong> the system as per FIPS<br />
199:<br />
• Assess impact against Confidentiality, Integrity and<br />
Availability.<br />
• Assign a value <strong>of</strong> High, Medium or Low (as per established Risk<br />
Assessment processes).<br />
• Perform this task for each system component.<br />
• Aggregate the results <strong>of</strong> each component, recording the<br />
highest value noted for each category across all components.<br />
4