NIST-800-53-SC-1

System and Communications Protection Policy and Procedures

System and Communications Protection Policy for cloud.gov

a

System and Communications Protection Policy is included in CIO P 2100.1 - GSA IT Security Policy, Chapter 5. Policy on Technical Controls. It states, "All network devices that are either owned, managed, maintain a connection to a GSA facility, and/or handle GSA data shall be strategically positioned behind a GSA firewall to provide analysis/correlation, management structure, and minimize threats presented by external attacks.

The 18F program includes a library of security policies that address federal and non-federal requirements. These policies guide and govern the actions of 18F employees and contractors in conducting any United States business.

The 18F security assessment, communications, and authorization policy is listed within its GitHub repository that is accessible to all 18F staff.

18F helps develop, document, and disseminate policy information to 18F staff members.

This 18F policy contains a protection policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance.

18F's "Before You Ship" guide facilitates the implementation of the system and communications protection policy and associated system and communications protection controls.

See https://github.com/18F/before-you-ship/ for more information.

b

Reviews and updates the current System and Communications Protection Policy every three years.

The 18F program includes a library of security policies that address federal and non-federal requirements. These policies guide and govern the actions of 18F employees and contractors in conducting any United States business.

The 18F security assessment, communications, and authorization policy is listed within its GitHub repository that is accessible to all 18F staff.

results matching ""

    No results matching ""