Creation/Maintenance of Security Documentation and/or Procedures
Description
This service includes creating, updating and/or consultation on information protection processes and procedures (based on National Institute of Standards and Technology (NIST) 800-53 and any other applicable federal guidance). This service yields the required documentation for a new or continuously monitored system to prepare for a security control assessment. Key deliverables include:
- System Security Plans (SSP)
- Audit log monitoring procedures
- Account Management Plans (AMP)
- Incident Response Plans (IRP)
- Information System Contingency Plans (ISCP)