HGA System Security Plan
1. Information System Registration Name: (Task 1-3)
UNCLASS_LAN
2. Information System Categorization: (Task 1-1)
Choose a Category
3. Information System Owner:
John Stanley, Management Bureau Director
StanleyJB@HGA.gov
202-555-1212 x27001
Hypothetical Government Agency
1000 Washington Ave.
G-Town, DC, USA
4. Authorizing Official:
Barney Morgan, Chief Information Officer
MorganBS@HGA.gov
202-555-1212 x27002
Hypothetical Government Agency
1000 Washington Ave.
G-Town, DC, USA
5. Other Designated Contacts:
6. Assignment of Security Responsibility:
7. Information System Operational Status:
Operational
8. Information System Type:
General Support System
9. General System Description/Purpose (Task 1-2)
HGA’s locally hosted LAN server contains a mix of management, and mission-specific information, such
as draft regulations, internal correspondence and a variety of other business documents, memos and
reports. Currently, remote, wireless, and mobile device access is not available.
A system description may include, for example:
- Version or release number of the information system
- Purpose, functions, and capabilities of the information system and missions/business processes
supported
- Types of information processed, stored, and transmitted by the information system
- Boundary of the information system for risk management and security authorization purposes
- Encryption techniques used for information processing, transmission, and storage
- Cryptographic key management information (public key infrastructures, certificate authorities,
etc.)
- Information system users (including organizational affiliations, access rights, privileges,
citizenship, if applicable)
- Incident response points of contact
10. System Environment
The system environment may include, for example:
- How the information system is integrated into the enterprise architecture and information
security architecture
- Location of the information system and environment in which the system operates
- Architectural description of the information system including network topology
- Hardware and firmware devices included within the information system
- System and applications software resident on the information system
- Hardware, software, and system interfaces (internal and external)
- Subsystems (static and dynamic) associated with the information system
- Information flows and paths (including inputs and outputs) within the information system
- Cross domain devices/requirements
- Network connection rules for communicating with external information systems
- Interconnected information systems and identifiers for those systems
11. System Interconnections/Information Sharing
System Name
Employee Payroll
Database
Fraud, Waste
and Abuse
Database
Infrastructure as
a Service
Organization Type
Agreement
(ISA
/MOU)
Date
Terramark
Application
MOU
1/15/2009 High
Complete
Terramark
Application
MOU
6/22/2010 Moderate
Complete
Terramark
General
Support
ISA
FIPS 199
Category
4/6/2008 High
Authorization
Status
Complete
12. Related Laws/Regulations/Policies
This document satisfies the requirements of the Federal Information Security Management Act (FISMA)
and meets or exceeds the information security requirements established for executive agencies by the
Office of Management and Budget (OMB) in Circular A-130, Appendix III, Security of Federal Automated
Information Resources.
13. Minimum Security Controls (Task 3-2)
14 Control Monitoring Strategy (Task 2-3)
15. Information System Security Plan Completion Date: _____________________
16. Information System Security Plan Approval Date: _______________________
(Task 2-4)