NIST SP 800-18 R 1 February 2006

The objective of system security planning is to improve protection of information system resources. All federal systems have some level of sensitivity and require protection as part of good management practice. The protection of a system must be documented in a system security plan. The purpose of the system security plan is to provide an overview of the security requirements of the system and describe the controls in place or planned for meeting those requirements. The system security plan also delineates responsibilities and expected behavior of all individuals who access the system. The system security plan should be viewed as documentation of the structured process of planning adequate, cost-effective security protection for a system. It should reflect input from various managers with responsibilities concerning the system, including information owners, the system owner, and the senior agency information security officer (SAISO). Additional information may be included in the basic plan and the structure and format organized according to agency needs, so long as the major sections described in this document are adequately covered and readily identifiable.

Why buy a book you can download for free?

First you gotta find it and make sure it's the latest version, not always easy. Then you gotta print it using a network printer you share with 100 other people - and its outta paper - and the toner is low (take out the toner cartridge, shake it, then put it back). If it's just 10 pages, no problem, but if it's a 250-page book, you will need to punch 3 holes in all those pages and put it in a 3-ring binder. Takes at least an hour. An engineer that's paid $75 an hour has to do this himself (who has assistant's anymore?).

If you are paid more than $10 an hour and use an ink jet printer, buying this book will save you money.

It's much more cost-effective to just order the latest version from Amazon.com

This public domain material is published by 4th Watch Books. We publish tightly-bound, full-size books at 8 1/2 by 11 inches, with glossy covers. 4th Watch Books is a Service Disabled Veteran Owned Small Business (SDVOSB) and is not affiliated with the National Institute of Standards and Technology.

For more titles published by 4th Watch, please visit: cybah.webplus.net

GSA P-100Facilities Standards for the Public Buildings Service

GSA P-120 Cost and Schedule Management Policy Requirements

GSA P-140 Child Care Center Design Guide

GSA Standard Level Features and Finishes for U.S. Courts Facilities

GSA Courtroom Technology Manual

NIST SP 500-299NIST Cloud Computing Security Reference Architecture

NIST SP 500-291NIST Cloud Computing Standards Roadmap Version 2

NIST SP 500-293US Government Cloud Computing Technology Roadmap Volume 1 & 2

NIST SP 500-293US Government Cloud Computing Technology Roadmap Volume 3 DRAFT

NIST SP 1800-8Securing Wireless Infusion Pumps

NISTIR 7497Security Architecture Design Process for Health Information Exchanges (HIEs)

NIST SP 800-66Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule

NIST SP 1800-1 Securing Electronic Health Records on Mobile Devices

NIST SP 800-177 Trustworthy Email

NIST SP 800-184 Guide for Cybersecurity Event Recovery

NIST SP 800-190 Application Container Security Guide

NIST SP 800-193 Platform Firmware Resiliency Guidelines

NIST SP 1800-1 Securing Electronic Health Records on Mobile Devices

NIST SP 1800-2Identity and Access Management for Electric Utilities

NIST SP 1800-5IT Asset Management: Financial Services