1.1 Purpose of the Security Approach
Defining a security approach for a project provides a line of site from business requirements through team members and components all the way to implemented security controls. It documents clear responsibilities for implementation, certification, and accreditation of the system security and provides a framework for communicating security based impacts on other development and project management activities. This security approach defines from a security perspective how systems associated with the <Project Name> project will be characterized, categorized, and managed.
2 Security approach
2.1 Process Overview
[Summarize the steps necessary for establishing the security approach.]
The project manager, working with in collaboration with the security team developed a preliminary assessment of the system’s FIPS 199 categorization, and using the proposed project goals defined the following approach to securing the IT system in development. The approach seeks the most cost effective and efficient approach to meeting technical, operational, and managerial security requirements. The approach seeks to ensure that security considerations are effectively integrated with other critical processes such as requirements analysis and risk management throughout the life of the project, and that an early assessment of system classification and boundary definitions are appropriately considered to facilitate development and certification efforts later in the project lifecycle.
2.2 Security Approach Summary
[Summarize the overall system approach here. Description should reflect decisions that guided how the system boundaries have been defined and the relative maturity of the systems being developed or modified as well as any system interconnections and dependencies. The relationship with existing systems, internal and external, is critical to defining how to approach the overall security of this system. Identifying a security manager for each system and certifying and accreditation authority early in the process ensures that both development and ongoing maintenance are cost effective and efficient.]
<Provisional High-Level Diagram of Systems with FIPS 199 classification and interconnections identified>
EPLC Security Approach (v<1.0>)Page 4 of 12
[Insert appropriate disclaimer(s)]