Policy 7230A - Department of Administration
Policy 7230A - Department of Administration
Policy 7230A - Department of Administration
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
5.1.1.c System and Component Documentation<br />
• Inventories should include the following documentation<br />
information:<br />
o Implementation documentation.<br />
o Configuration documentation.<br />
o Operations documentation.<br />
o Test and assessment documentation.<br />
5.1.1.d Inventory Update Scheduling and Frequency<br />
• The system inventory should be reviewed and updated on an<br />
at least annual basis.<br />
5.1.2. Perform Systems and Data Classification<br />
In order to most efficiently protect information systems and the information<br />
they store and/or process, Agencies should perform security categorization:<br />
5.1.2.a Security Impact Level Scheme<br />
• High impact indicates significant loss <strong>of</strong> assets or resources,<br />
significant damage to the organizational mission, or serious<br />
human injury or death.<br />
• Medium impact indicates moderate loss <strong>of</strong> assets or<br />
resources, moderate damage to the organizational mission, or<br />
human injury.<br />
• Low impact indicates minimal loss <strong>of</strong> assets or resources, or<br />
minimal damage to the organizational mission.<br />
5.1.2.b Security Categorization Scheme<br />
• Assign a High categorization where at least one <strong>of</strong><br />
confidentiality, integrity or availability is assessed an impact<br />
level <strong>of</strong> high.<br />
• Assign a Moderate categorization where at least one <strong>of</strong><br />
confidentiality, integrity or availability is assessed an impact<br />
level <strong>of</strong> moderate and none are assessed an impact level <strong>of</strong><br />
high.<br />
• Assign a Low categorization where confidentiality, integrity<br />
and availability are all assigned an impact level <strong>of</strong> low.<br />
5.1.3. Follow Process for Change Control<br />
To ensure that the security that is engineered into systems and system<br />
components is maintained long term, organization should perform changes to<br />
those systems and components in a controlled manner:<br />
11