Chat with us, powered by LiveChat Module 02 Course Project Part I: Teamwork Skills For this week, you will take the security controls that you picked last week from the?Plan of Actions and Milestones (POAM) and review th - EssayAbode

Module 02 Course Project Part I: Teamwork Skills For this week, you will take the security controls that you picked last week from the?Plan of Actions and Milestones (POAM) and review th

  

Module 02 Course Project – Part I: Teamwork Skills

For this week, you will take the security controls that you picked last week from the Plan of Actions and Milestones (POAM) and review the controls along with any notes you made last week.

This week, your project consists of two parts. For Part I, you will address the skills and methodologies that your audit team needs to be successful. In preparation for filling out the Security Assessment Plan (SAP), put yourself in the position of a team lead. Assume you are going to form a 3-person team for auditing these controls. Once you consider the needed skills and team members, address the following in a brief report:

  • Assume, for this project, that you are working with a multinational team. How would you go about ensuring that you have appropriate awareness and empathy while working collaboratively with people of diverse backgrounds and perspectives?
  • Discuss what skills would you expect out of each person on your team and how your team presents a good mix of skills that can address your security control audit
  • Discuss two methodologies (this includes both tools, and investigative actions like an interview) you would use to perform this SAP.

Submit your completed assignment by following the directions linked below. Please check the Course Calendar for specific due dates.

 

Module 02 Course Project – Part II: Begin the SAP

Module 02 Content

For this week, you will take the security controls that you picked last week from the Plan of Actions and Milestones (POAM) and review the controls along with any notes you made last week.

This week, your project consists of two parts. For Part II, you will begin developing your Security Assessment Plan (SAP).

FedRAMP Security Assessment Plan (SAP)

Third Party Assessment

Prepared by <Your Name>

for

Country Roads Space Systems

&

NASA

CRSS Information Systems. Administration and Classified Networks

Version #.#

<DATE>

MOCK Plan

CRSS Information Systems. Administration and Classified Networks | Version #.# Date

Controlled Unclassified Information Page | 10

System Assessment Plan

Prepared by

Identification of Organization that Prepared this Document

Student Name

Enter Your Name

Rasmussen Email Address

Enter Rasmussen Email Address

Class

Enter Class Name

Course and Semester

Enter Section Number and Semester

Prepared for

Identification of Cloud Service Provider

Organization Name

NASA

Street Address

300 E St. SW

Suite/Room/Building

IA Office Floor 2

City, State Zip

Washington DC 20546

Revision History

Date

Description

Version of SSP

Author

<Date> <Revision Description> <Version> <Author>
<Date> <Revision Description> <Version> <Author>

Table of Contents

1 Introduction 1

1.1 Laws, Regulations, Standards, and Guidance 1

1.2 Purpose 1

2 Scope 2

2.1 Information System Name/Title 2

2.2 Internet Protocol (IP) Addresses, WeB APPLICATIONS, and DATABASES Slated for Testing 2

2.3 Roles Slated for Testing 2

3 Assumptions 2

4 Methodology 3

5 Test Plan 4

5.1 Security Assessment Team 4

5.2 NASA /CRSS Provider Testing Points of Contact 5

5.3 Testing Performed Using Automated Tools 5

5.4 Testing Performed Through Manual Methods 6

6 Rules of Engagement 7

6.1 Security Testing 7

6.2 End of Testing 8

6.3 Communication of Test Results 8

6.4 Limitation of Liabilities………………………………………………………………………………………………….…………..8

6.5 Signatures 10

7 Acronyms 10

A Appendix A – Attachments 11

List of Tables

Table 2 1 Information System Name and Title 2

Table 2 6 Role Based Testing 2

Table 5 1 Security Testing Team 4

Table 5 2 NASA /CRSS Service Provider Points of Contact 5

Table 5 3 Tools Used for Security Testing 5

Table 5 4 Testing Performed through Manual Methods 6

Table 6 1 Individuals at NASA /CRSS Receiving Test Results 8

CRSS Information Systems. Administration and Classified Networks FedRAMP SAP Template Version #.# Date

MOCK Plan – Academic Purposes Only Page | ii

Introduction

Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for Country Roads Space Systems. Testing security controls is an integral part of the FedRAMP security authorization requirements. Providing a plan for security control ensures that the process runs smoothly.

The CRSS Information Systems. Administration and Classified Networks (CRSS ITS) will be assessed by an Independent Assessor (IA) <Your Name>. The use of an independent assessment team reduces the potential for conflicts of interest that could occur in verifying the implementation status and effectiveness of the security controls. National Institute of Standards and Technology (NIST) Special Publication (SP) 800-39, Managing Information Security Risk states:

Assessor independence is an important factor in: (i) preserving the impartial and unbiased nature of the assessment process; (ii) determining the credibility of the security assessment results; and (iii) ensuring that the authorizing official receives the most objective information possible in order to make an informed, risk-based, authorization decision.

Laws, Regulations, Standards, and Guidance

A summary of the FedRAMP Laws and Regulations and the FedRAMP Standards and Guidance is included in the System Security Plan (SSP) Attachment 12 – FedRAMP Laws and Regulations.

SSP Section 12 Laws, Regulations, Standards, and Guidance contains the following two tables that are system specific:

Table 12 1 CRSS Information Systems. Administration and Classified Networks Laws and Regulations includes additional laws and regulations specific to CRSS Information Systems. Administration and Classified Networks.

Table 12 2 CRSS Information Systems. Administration and Classified Networks Standards and Guidance includes any additional standards and guidance specific to CRSS Information Systems. Administration and Classified Networks.

<a rel='nofollow' target='_blank' name='_To

Related Tags

Academic APA Assignment Business Capstone College Conclusion Course Day Discussion Double Spaced Essay English Finance General Graduate History Information Justify Literature Management Market Masters Math Minimum MLA Nursing Organizational Outline Pages Paper Presentation Questions Questionnaire Reference Response Response School Subject Slides Sources Student Support Times New Roman Title Topics Word Write Writing