20 Nov Module 02 Course Project Part I: Teamwork Skills For this week, you will take the security controls that you picked last week from the?Plan of Actions and Milestones (POAM) and review th
Module 02 Course Project – Part I: Teamwork Skills
For this week, you will take the security controls that you picked last week from the Plan of Actions and Milestones (POAM) and review the controls along with any notes you made last week.
This week, your project consists of two parts. For Part I, you will address the skills and methodologies that your audit team needs to be successful. In preparation for filling out the Security Assessment Plan (SAP), put yourself in the position of a team lead. Assume you are going to form a 3-person team for auditing these controls. Once you consider the needed skills and team members, address the following in a brief report:
- Assume, for this project, that you are working with a multinational team. How would you go about ensuring that you have appropriate awareness and empathy while working collaboratively with people of diverse backgrounds and perspectives?
- Discuss what skills would you expect out of each person on your team and how your team presents a good mix of skills that can address your security control audit
- Discuss two methodologies (this includes both tools, and investigative actions like an interview) you would use to perform this SAP.
Submit your completed assignment by following the directions linked below. Please check the Course Calendar for specific due dates.
Module 02 Course Project – Part II: Begin the SAP
Module 02 Content
For this week, you will take the security controls that you picked last week from the Plan of Actions and Milestones (POAM) and review the controls along with any notes you made last week.
This week, your project consists of two parts. For Part II, you will begin developing your Security Assessment Plan (SAP).
FedRAMP Security Assessment Plan (SAP)
Third Party Assessment
Prepared by <Your Name>
for
Country Roads Space Systems
&
NASA
CRSS Information Systems. Administration and Classified Networks
Version #.#
<DATE>
MOCK Plan
CRSS Information Systems. Administration and Classified Networks | Version #.# Date
Controlled Unclassified Information Page | 10
|
Identification of Organization that Prepared this Document |
||
|
Student Name |
Enter Your Name | |
|
Rasmussen Email Address |
Enter Rasmussen Email Address | |
|
Class |
Enter Class Name | |
|
Course and Semester |
Enter Section Number and Semester |
|
Identification of Cloud Service Provider |
||
|
Organization Name |
NASA | |
|
Street Address |
300 E St. SW | |
|
Suite/Room/Building |
IA Office Floor 2 | |
|
City, State Zip |
Washington DC 20546 |
Revision History
|
Date |
Description |
Version of SSP |
Author |
| <Date> | <Revision Description> | <Version> | <Author> |
| <Date> | <Revision Description> | <Version> | <Author> |
Table of Contents
1.1 Laws, Regulations, Standards, and Guidance 1
2.1 Information System Name/Title 2
2.2 Internet Protocol (IP) Addresses, WeB APPLICATIONS, and DATABASES Slated for Testing 2
2.3 Roles Slated for Testing 2
5.1 Security Assessment Team 4
5.2 NASA /CRSS Provider Testing Points of Contact 5
5.3 Testing Performed Using Automated Tools 5
5.4 Testing Performed Through Manual Methods 6
6.3 Communication of Test Results 8
6.4 Limitation of Liabilities………………………………………………………………………………………………….…………..8
6.5 Signatures 10
List of Tables
Table 2 1 Information System Name and Title 2
Table 2 6 Role Based Testing 2
Table 5 1 Security Testing Team 4
Table 5 2 NASA /CRSS Service Provider Points of Contact 5
Table 5 3 Tools Used for Security Testing 5
Table 5 4 Testing Performed through Manual Methods 6
Table 6 1 Individuals at NASA /CRSS Receiving Test Results 8
CRSS Information Systems. Administration and Classified Networks FedRAMP SAP Template Version #.# Date
MOCK Plan – Academic Purposes Only Page | ii
Introduction
Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for Country Roads Space Systems. Testing security controls is an integral part of the FedRAMP security authorization requirements. Providing a plan for security control ensures that the process runs smoothly.
The CRSS Information Systems. Administration and Classified Networks (CRSS ITS) will be assessed by an Independent Assessor (IA) <Your Name>. The use of an independent assessment team reduces the potential for conflicts of interest that could occur in verifying the implementation status and effectiveness of the security controls. National Institute of Standards and Technology (NIST) Special Publication (SP) 800-39, Managing Information Security Risk states:
Assessor independence is an important factor in: (i) preserving the impartial and unbiased nature of the assessment process; (ii) determining the credibility of the security assessment results; and (iii) ensuring that the authorizing official receives the most objective information possible in order to make an informed, risk-based, authorization decision.
Laws, Regulations, Standards, and Guidance
A summary of the FedRAMP Laws and Regulations and the FedRAMP Standards and Guidance is included in the System Security Plan (SSP) Attachment 12 – FedRAMP Laws and Regulations.
SSP Section 12 Laws, Regulations, Standards, and Guidance contains the following two tables that are system specific:
Table 12 1 CRSS Information Systems. Administration and Classified Networks Laws and Regulations includes additional laws and regulations specific to CRSS Information Systems. Administration and Classified Networks.
Table 12 2 CRSS Information Systems. Administration and Classified Networks Standards and Guidance includes any additional standards and guidance specific to CRSS Information Systems. Administration and Classified Networks.
<a rel='nofollow' target='_blank' name='_To
Related Tags
Academic
APA
Assignment
Business
Capstone
College
Conclusion
Course
Day
Discussion
Double Spaced
Essay
English
Finance
General
Graduate
History
Information
Justify
Literature
Management
Market
Masters
Math
Minimum
MLA
Nursing
Organizational
Outline
Pages
Paper
Presentation
Questions
Questionnaire
Reference
Response
Response
School
Subject
Slides
Sources
Student
Support
Times New Roman
Title
Topics
Word
Write
Writing