Exhibit 4b
Information Security Assurance Requirements for Applications
[Revise Exhibit 4b to read as follows:]
| ISA
Phase |
ISA Deliverable |
New Applications
Nonsensitive & Noncritical |
New Applications
Business
Controlled |
New Applications
Sensitive & Critical |
Legacy* |
Small Applications |
Field Application |
| Deliver-
ables |
Respon-
sible |
Deliver-
ables |
Respon-
sible |
Deliver-
ables |
Respon-
sible |
Deliver-
ables |
Respon-
sible |
Deliver-
ables |
Respon-
sible |
Deliver-
ables |
Respon-
sible |
| 1 |
BIA |
YES |
ISSO |
YES |
ISSO |
YES |
ISSO |
YES |
ISSO |
YES |
ISSO |
YES |
ISSO |
| 2 |
Security Plan |
blank |
blank |
Abbrevi-
ated |
ISSO &
Project
Mgr |
Full |
ISSO &
Project
Mgr |
blank |
blank |
blank |
blank |
blank |
blank |
| 2 |
Risk Assessment |
blank |
blank |
Abbrevi-
ated |
ISSO |
Full |
ISSO |
blank |
blank |
Abbrevi-
ated |
ISSO |
blank |
blank |
| 3 |
Security Test & Evaluation |
blank |
blank |
YES |
ISSO &
Project
Mgr |
YES |
ISSO &
Project
Mgr |
blank |
blank |
blank |
blank |
blank |
blank |
| 2-5 |
ADRP (at Recovery Site not in ISA
Package) |
blank |
blank |
Only BC
Critical-
ity |
Project
Mgr |
Only
Critical |
Project
Mgr |
Only
Critical
& BC
Critical-
ity |
Project
Mgr |
Only
Critical
& BC
Critical-
ity |
Project
Mgr |
blank |
blank |
| 4 |
Harden Platform |
YES |
ISSO |
YES |
ISSO |
YES |
ISSO |
YES |
ISSO |
YES |
ISSO |
YES |
ISSO |
| 4 |
Vulnerability Scan** |
blank |
blank |
blank |
blank |
blank |
blank |
YES |
ISSO |
blank |
blank |
blank |
blank |
| 4 |
Evaluation Report |
blank |
blank |
YES |
ISSO |
YES |
ISSO |
blank |
blank |
YES |
ISSO |
blank |
blank |
| 4 |
Certification Letter |
blank |
blank |
YES |
ISSO
Mgr |
YES |
ISSO
Mgr |
blank |
blank |
YES |
ISSO
Mgr |
blank |
blank |
| 4 |
Risk Mitigation Plan |
blank |
blank |
YES for
High/
Med
Risk |
Portfolio
Mgr |
YES for
High/
Med
Risk |
Portfolio
Mgr |
blank |
blank |
YES for
High/
Med
Risk |
Portfolio
Mgr |
blank |
blank |
| 4 |
Accreditation Letter |
blank |
blank |
YES |
Mgr
CISO |
YES |
Mgr
CISO |
blank |
blank |
YES |
Mgr
CISO |
blank |
blank |
| 4 |
Acceptance Letter |
blank |
blank |
YES |
Portfolio
Mgr &
Execu-
tive
Sponsor |
YES |
Portfolio
Mgr &
Execu-
tive
Sponsor |
blank |
blank |
blank |
blank |
blank |
blank |
| 5 |
Revised ISA Documents |
As
needed
or every
5 years |
ISSO &
Project
Mgr |
As
needed
or every
5 years |
ISSO &
Project
Mgr |
As
needed
or every
5 years |
ISSO &
Project
Mgr |
As
needed
or every
5 years |
ISSO &
Project
Mgr |
As
needed
or every
5 years |
ISSO &
Project
Mgr |
As
needed
or every
5 years |
ISSO &
Project
Mgr |
* Prior to 1/1/2003
** Vulnerability scans are recommended for all applications and mandatory for legacy applications, externally facing applications, and applications utilizing credit card transactions.
continue > |
|
