U.S. Department of Health and Human Services
A GSS provides support for HHS’ agency infrastructure and host major applications. Since a GSS provides such wide-scale support, it is usually categorized at the moderate level or higher. Controls for a GSS must comply with the appropriate baseline provided in NIST SP 800-53 Rev.3.
Since a GSS supports other systems, its security level must support the security level of any of the systems it hosts. When a GSS is categorized lower than an MA, the MA's System Owner decides whether to place more stringent security controls on the MA.
A GSS (especially a GSS that is a network) is the front door to the organization's IT assets. An open port of easy access onto the network can allow a potential hacker to “jump” privileges into a major application. Teams administering a GSS must properly assess the risk level of the GSS and adequately secure it.
Page 3 of 3
Types of Systems
Securing a General Support System