I
Page | i
TABLE OF CONTENTS
1 INTRODUCTION ............................................................................................................ 1
1.1 BACKGROUND ............................................................................................................................. 1
1.2 RESOURCES .................................................................................................................................. 1
2 ENTERPRISE MISSION ASSURANCE SUPPORT SERVICE .................................................. 1
2.1 OVERVIEW ................................................................................................................................... 1
2.2 APPROVAL CHAINS ...................................................................................................................... 2
3 ACCOUNT MANAGEMENT ............................................................................................ 2
3.1 REQUESTING MODIFICATIONS TO AN EXISTING USER ACCOUNT ............................................... 2
3.2 USER INACTIVITY .......................................................................................................................... 3
3.3 ADDING NEW CREDENTIALS TO AN EXISTING USER ACCOUNT .................................................. 3
3.4 DEACTIVATE USER ACCOUNT ...................................................................................................... 4
4 SYSTEM REGISTRATION ................................................................................................ 4
4.1 STEP 1 – SYSTEM INFORMATION ................................................................................................. 6
4.2 STEP 2 – AUTHORIZATION INFORMATION .................................................................................. 8
4.3 STEP 3 – ROLES .......................................................................................................................... 10
4.4 STEP 4 – REVIEW AND SUBMIT .................................................................................................. 10
5 SYSTEM INFORMATION .............................................................................................. 11
5.1 SYSTEM – DETAILS ..................................................................................................................... 11
5.1.1 SYSTEM INFORMATION ............................................................................................................. 12
5.1.2 AUTHORIZATION INFORMATION ............................................................................................... 14
5.1.3 FEDERAL INFORMATION SECURITY MANAGEMENT ACT (FISMA)............................................. 14
5.1.4 BUSINESS ................................................................................................................................... 14
5.1.5 EXTERNAL SECURITY SERVICES .................................................................................................. 15
5.2 CATEGORIZATION ...................................................................................................................... 15
5.2.1 CONTROL SECTION .................................................................................................................... 16
5.2.2 OVERLAYS .................................................................................................................................. 17
5.2.3 SECURITY TECHNICAL IMPLEMENTATION GUIDES .................................................................... 17
5.2.4 MANAGE SECURITY CONTROLS ................................................................................................. 17
5.3 CONTROLS ................................................................................................................................. 18
5.3.1 LISTING ...................................................................................................................................... 18
5.3.2 IMPORT/EXPORT ....................................................................................................................... 20
5.3.3 IMPLEMENTATION PLAN ........................................................................................................... 31
5.3.4 RISK ASSESSMENT ...................................................................................................................... 32
5.4 PLAN OF ACTION AND MILESTONES (POA&M) ......................................................................... 34
5.5 ARTIFACTS .................................................................................................................................. 34
5.6 SUBMIT FOR REVIEW ................................................................................................................. 35
6 PACKAGE APPROVAL CHAIN WORKFLOWS ................................................................. 38
6.1 PACKAGE TYPES ......................................................................................................................... 38
6.2 PACKAGE WORKFLOW MANAGEMENT ..................................................................................... 40
7 DECOMMISSIONED SYSTEMS ..................................................................................... 42
8 MANAGEMENT (INHERITANCE) .................................................................................. 48
8.1 COMMON CONTROL PROVIDER PACKAGE ................................................................................ 48