Information Systems Security Manager (ISSM) - Marine Corps ...

More documents

Recommendations

Info

NAVSO P-5239-04SEPTEMBER 19953.9 Security Configuration ManagementAfter security is established for an IS, strict measures must be enforced to ensure thatchanges to the IS do not disrupt this balance. Even seemingly minor changes may result insevere implications to the security of the system. Configuration management controlschanges to system software, firmware, hardware, and documentation throughout the life of theIS. This includes the design, development, testing, distribution, and operation ofmodifications and enhancements to the existing IS.ResponsibilityIn accordance with the DAA’s policies and procedures forcontrolling changes to the IS, the ISSM provide s input to ISconfiguration management activities to ensure that implementedchanges do not compromise the security of the system. In thiscapacity, the ISSM provides security oversight, guidance, andinput to system and network administrators, SSAs, ISEAs, andother activities responsible for implementing changes to the IS.The ISSM may delegate security-related configurationmanagement activities to ISSOs or NSOs as appropriate for thespecific Command.ImplementationThe ISSM is responsible for ensuring that the following tasks areconducted:· IS inventory is reviewed regularly. Although the systemor network administrator usually develops and maintainsthe inventory of the IS, the ISSM must closely monitorthis effort to ensure that system components have notchanged, been moved, or otherwise been tampered within any way that may impact the overall security of the IS· Documentation detailing the IS hardware, software, andfirmware configuration and security features ismaintained· IS change proposals are reviewed according to thefollowing criteria:- How will the change impact the security of the IS?- If new software is proposed, is it from an authorizedsource?- Have security features and mechanisms beenconsidered and included in system change plans?- Do system support personnel know how to install andmaintain new security features/mechanisms?- Will reaccreditation be necessary?36
NAVSO P-5239-04SEPTEMBER 1995· Implemented changes are thoroughly tested to ensurethat:- Changes do not adversely impact the security of thesystem- Security features and mechanisms are fully functional .Reference: For more information concerning the types ofchanges that may affect security, see section 3.2, RiskManagement, under IS Modifications.37
Page 1: Department of the Navy NAVSO P-5239
Page 5: NAVSO P-5239-04SEPTEMBER 1995FOREWO
Page 8 and 9: NAVSO P-5239-04SEPTEMBER 1995TABLE
Page 10 and 11: NAVSO P-5239-04SEPTEMBER 1995· Sec
Page 12 and 13: NAVSO P-5239-04SEPTEMBER 1995techni
Page 14 and 15: NAVSO P-5239-04SEPTEMBER 1995ISEASS
Page 16 and 17: NAVSO P-5239-04SEPTEMBER 19953.0 IN
Page 18 and 19: NAVSO P-5239-04SEPTEMBER 1995· Sit
Page 20 and 21: NAVSO P-5239-04SEPTEMBER 1995the DO
Page 22 and 23: NAVSO P-5239-04SEPTEMBER 19953.2 Ri
Page 24 and 25: NAVSO P-5239-04SEPTEMBER 1995workin
Page 26 and 27: NAVSO P-5239-04SEPTEMBER 19953.3 Ac
Page 28 and 29: NAVSO P-5239-04SEPTEMBER 19953.4 Ad
Page 30 and 31: NAVSO P-5239-04SEPTEMBER 1995Virus
Page 32 and 33: NAVSO P-5239-04SEPTEMBER 19953.5 Tr
Page 34 and 35: NAVSO P-5239-04SEPTEMBER 1995- Expl
Page 36 and 37: NAVSO P-5239-04SEPTEMBER 19953.6 Ph
Page 38 and 39: NAVSO P-5239-04SEPTEMBER 1995· Eva
Page 40 and 41: NAVSO P-5239-04SEPTEMBER 19953.7 Au
Page 42 and 43: NAVSO P-5239-04SEPTEMBER 19953.8 In
Page 46 and 47: NAVSO P-5239-04SEPTEMBER 19953.10 C
Page 48 and 49: NAVSO P-5239-04SEPTEMBER 19953.11 S
Page 50 and 51: NAVSO P-5239-04SEPTEMBER 199542
Page 52 and 53: NAVSO P-5239-04SEPTEMBER 1995update
Page 55 and 56: NAVSO P-5239-04SEPTEMBER 1995Securi
Page 57 and 58: NAVSO P-5239-04SEPTEMBER 1995SECNAV
Page 59 and 60: NAVSO P-5239-04SEPTEMBER 1995This d
Page 61 and 62: NAVSO P-5239-04SEPTEMBER 1995NCSC-T
Page 63 and 64: NAVSO P-5239-04SEPTEMBER 1995NTISSP
Page 65 and 66: NAVSO P-5239-04SEPTEMBER 1995primar

Information Systems Security Manager (ISSM) - Marine Corps ...

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?