|
System Security Certification/Accreditation, Annual (Form) |
|
------- INDEX AND GLOSSARY. DO NOT CHANGE OR DELETE! ----------
Open IT Policy Index
-
Acceptable Use, Administrative or Special Access (Policy)
-
Acceptable Use, Email (Policy)
-
Acceptable Use, Internet (Policy)
-
Acceptable Use, Virtual Private Network (VPN) (Policy)
-
Access Controls, Account (Policy)
-
Account Management (Policy)
-
Change Management (Policy)
-
Computer Virus Prevention (Policy)
-
Contingency Planning (Policy)
-
Data Backup and Storage (Policy)
-
Data Marking, Handling, Processing, Storage, and Disposal (Policy)
-
Deferral of System Security Certification or Accreditation, Annual (Form)
-
General Information Security Management (Procedure)
-
Green Computing (Policy)
-
Incident Response (Policy)
-
Intrusion Detection (Policy)
-
Logging and Audit Trails (Policy)
-
Mobile Computing and Network Access (Policy)
-
Network Access (Policy)
-
Network Access Controls (Standard)
-
Network Configuration (Policy)
-
Network Data Privacy (Policy)
-
Password Management (Policy)
-
Personnel Security (Policy)
-
Physical Security (Policy)
-
Policy Application Checklist (Administrative Utility)
-
Secure Media and Data Handling (Procedure)
-
Secure Software Development Lifecycle (Standard)
-
Social Computing and Networking (Policy)
-
Software and Hardware Security Controls (Policy)
-
Spam and Unsolicited Commercial Email Prohibition (Policy)
-
System Security Certification/Accreditation, Annual (Form)
-
System Security Certification/Accreditation, Annual (Policy)
-
Telecommuting Agreement, Employee (Form)
-------------------------------------------------------------------------------------------------
I __________________________ (Security Officer name) have carefully reviewed the attached computer system security plan together with the findings and recommendations of a documented
risk assessment; analysis of threats, vulnerabilities, and safeguards; or security evaluation performed within the past [variable: time period].
Based on my authority and judgment, and weighing the residual risks against operational requirements, I authorize continued operations of:
___________________ (Name of covered system or application) under the following circumstances:
-
[variable: Restriction 1]
-
[variable: Restriction 2]
-
[…]
I further authorize initiation of the following corrective actions, to be completed within the next calendar year:
-
[variable: Required corrective action 1]
-
[variable: Required corrective action 2]
-
[…]
Signature:
___________________________________
-
[variable: Title of signing officer or director or manager]
-
[variable: Covered Organization]
-
[variable: Date]
References
Related Templates(s)
Content Model(s)
|
Open IT Policy Project 
