PB 22164 - September 29, 2005 - USPS.com® - About
PB 22164 - September 29, 2005 - USPS.com® - About
PB 22164 - September 29, 2005 - USPS.com® - About
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
94 POSTAL BULLETIN <strong>22164</strong> (9-<strong>29</strong>-05)<br />
Exhibit 8.2 System, Application, and Product<br />
Development Responsibilities<br />
[Revise Exhibit 8.2 as follows:]<br />
Activity<br />
Executive<br />
Sponsors<br />
Portfolio<br />
Managers<br />
Project<br />
Managers ISSOs ISSRs Certifier 1 Accreditor 2<br />
Initiate ISA & conduct BIA. X/F C P P P<br />
Conduct risk assessment. X/F C P P P<br />
Identify security controls. X/F C P C P<br />
Develop security plan &<br />
develop/acquire security<br />
controls.<br />
X/F C P C P<br />
Develop SOPs, service level<br />
& trading partner agreements.<br />
X/F C P C P<br />
Develop security test plan. X/F C P C P<br />
Conduct security testing &<br />
document results.<br />
X/F C X C P<br />
Conduct independent reviews<br />
as required.<br />
X/F C P C P<br />
Develop ISA package. X/F C P P X<br />
Review ISA package & write<br />
evaluation report.<br />
X<br />
Certify application. F X<br />
Prepare risk mitigation plan<br />
and accept responsibility for<br />
documented vulnerabilities<br />
F X C<br />
Accredit application. F X<br />
Accept risk & approve for<br />
deployment.<br />
X X C C C C<br />
Develop and test ADRP & FR<br />
Plan<br />
X/F C P C P<br />
Follow security-related plans,<br />
periodically review, test and<br />
audit.<br />
X/F C P C P<br />
Reassess risks & upgrade<br />
controls, update<br />
security-related documents.<br />
X/F C P C P<br />
Re-initiate ISA. X/F C P X P X<br />
Retire application. X/F C P C P<br />
1 Manager, ISA Process.<br />
2 Manager, Corporate Information Security Office (CISO)<br />
X = Responsible for accomplishment<br />
F = Responsible for funding<br />
P = Participant<br />
C = Consulting support as required