System-Specific Security Policy (SysSP) Class: CISS-391 Early Spring 2020 Policy Information Policy Name: __________________________ ID: ______________ Type: ☐ Internet, ☐ Networks, Systems, ☐ Information Company/Agency/Organization: ___________________________________ Date: _____________ Team Name: _______________________________ Project Lead: ___________________________ Chief Executive Officer (CEO): ______________________ Role(s): Define your role(s) for this policy Chief Info Security Officer (CISO): ___________________ Role(s): Define your role(s) for this policy Senior Security Engineer (SSE): _____________________ Role(s): Define your role(s) for this policy ☒ Systems, ☒ InformationSysSP Details: 1. Access Control list (ACL) (see pg 189 Fig 4-3) [Group name, Description, user account type: ADMIN, EMPLOYEE, CONTRACTOR, USER, GUEST] Group Description Account Type Admin System and network administrators 2. Access Control matrix (focus on user access) [user account type, group, asset, control, time limits] Hint: one user per policy Account Type Group Assert Control Time limits 3. Capability table (Focus on control capabilities: (account office apps, system tools, network tools, policy that applies) (Policy control for above users and groups) Group Account Type Capability tools Policy that apply 4. Configuration rules (focus on assets like servers) (server, port, protocol, access rule, time limits) Server Port(s) Protocol Access Rule Time limit 5. Technical Specifications SysSP (Focus on asset hardware both network equipment, servers, and user PCs/Laptop) (Make, model, type, Quantity, cost) Asset Type Make Model Qty Cost References: Page 2 of 2 .