Service

Creation/Maintenance of Security Documentation and/or Procedures

Description

This service includes creating, updating and/or consultation on information protection processes and procedures (based on National Institute of Standards and Technology (NIST) 800-53 and any other applicable federal guidance). This service yields the required documentation for a new or continuously monitored system to prepare for a security control assessment. Key deliverables include:

  • System Security Plans (SSP)
  • Audit log monitoring procedures
  • Account Management Plans (AMP)
  • Incident Response Plans (IRP)
  • Information System Contingency Plans (ISCP)

Related Services

Increase your resilience | Foundational, Intermediate, Advanced

Protective Domain Name System Resolver

CISA's Protective Domain Name System (DNS) Resolver Service is the evolution and successor to the DNS egress protection capability currently being delivered through E3A DNS Sinkhole.
Assess your risk level | Intermediate

Security Monitoring

Receive remediation scanning and quarterly scanning; annual assessments with applicable; and security control assessments for system accreditation.
Assess your risk level | Foundational

Technical Vulnerabilities Assessment

Receive a technical scan to measure the current security impacts and risks to a system through applicable security tools.