Information Security Architecture
Security Planning Policy for 18F
18F has developed the system security plan (SSP) for Cloud Foundry PaaS containing the information security architecture for the information system that:
- Describes the overall philosophy, requirements, and approach to be taken with regard to protecting the confidentiality, integrity, and availability of organizational information - Describes how the information security architecture is integrated into and supports the enterprise architecture - Describes any information security assumptions about, and dependencies on, external services
18F Reviews and updates the information security architecture within the System Security plans and the 18F GitHub repository on an annual basis or when a significant change takes place to reflect updates in the enterprise architecture.
Due to the dynamic and elastic nature of cloud computing, 18F monitors real-time updates of its information security architecture using its infrastructure management and visual security consoles.
18F ensures that planned information security architecture changes are reflected in the security plan and organizational procurements/acquisitions. 18F follows the risk management framework (RMF) which includes conducting annual risk assessments for its information systems and infrastructure. Any changes are then updated in systems security plans, plan of actions and milestones POA&Ms, security assessment reports (SAR)