DHS Sensitive Systems Handbook 4300A v12
DHS 4300A Sensitive Systems Handbook
Version 12.0 November 15, 2015
Protecting the Information that Secures the Homeland
DHS 4300A SENSITIVE SYSTEMS HANDBOOK
This page intentionally left blank
v12.0, November 15, 2015
ii
DHS 4300A SENSITIVE SYSTEMS HANDBOOK
FOREWORD
This Handbook and its Attachments provide guidance and best practices for implementation, and checklists of required and recommended measures that protect the security of DHS information.
The Handbook is based on the Department of Homeland Security (DHS) 4300 series of information security policies, which are the official documents that create and publish Departmental standards in accordance with DHS Management Directive 140-01 Information Technology System Security.
Comments concerning DHS Information Security publications are welcomed and should be submitted to the DHS Director for Information Systems Security Policy at infosecpolicy@hq. or addressed to:
DHS Director of Security Policy and Remediation
OCIO CISO Stop 0182
Department of Homeland Security
245 Murray Lane SW
Washington, DC 20528-0182
Digitally signed by JEFFREY L
JEFFREY L
EISENSMITH DN: c=US, o=U.S. Government, ou=Department of Homeland Security,
ou=DHS HQ, ou=People, cn=JEFFREY L
EISENSMITH EISENSMITH, 0.9.2342.19200300.100.1.1=0387904707.D
HS HQ.1
Date: 2016.01.08 11:37:00 -05'00'
Jeffrey Eisensmith Chief Information Security Officer Department of Homeland Security
v12.0, November 15, 2015
iii
DHS 4300A SENSITIVE SYSTEMS HANDBOOK
Contents
1.0 INTRODUCTION..............................................................................................................1 1.1 Information Security Program and Implementation Guidelines..............................1 1.2 Authorities................................................................................................................2 1.3 Handbook Overview ................................................................................................2 1.4 Definitions................................................................................................................3 1.4.1 Classified National Security Information ....................................................3 Information that has been determined, pursuant to Executive Order 13526, "Classified National Security Information," to require protection against unauthorized disclosure and is marked to indicate its classified status. [Source: Executive Order 13526] ................................................................3 1.4.2 Component ...................................................................................................3 A DHS Component is any organization which reports directly to the Office of the Secretary (including the Secretary, the Deputy Secretary, the Chief of Staff's, Counselors, and staff, when approved as such by the Secretary), including both Operational Components and Support Components (also known as Headquarters Components). [Source DHS Lexicon and DHS Management Directive 112-01]......................................3 1.4.3 Continuity of Operations (COOP) ...............................................................3 1.4.4 DHS System.................................................................................................3 1.4.5 Essential Function ........................................................................................4 1.4.6 Federal Information Security Modernization Act of 2014 (FISMA)...........4 1.4.7 Foreign Intelligence Information .................................................................4 1.4.8 General Support System (GSS) ...................................................................4 1.4.9 Information Technology (IT) .......................................................................5 1.4.10 Major Application (MA)..............................................................................5 All Federal applications require some level of protection. Certain applications, because of the information they contain, however, require special management oversight and should be classified as MAs. An MA is distinguishable from a GSS by the fact that it is a discrete application, whereas a GSS may support multiple applications. Each MA must be under the direct oversight of a Component CISO or Information System Security Manager (ISSM), and must have an ISSO assigned......................5 National Intelligence Information................................................................5 1.4.11 National Intelligence Information................................................................5 1.4.12 Operational Data ..........................................................................................5 1.4.13 Personally Identifiable Information (PII).....................................................6 1.4.14 Privacy Sensitive System .............................................................................6 1.4.1 Privileged User.............................................................................................6 1.4.2 Public Information .......................................................................................6 1.4.3 Sensitive Information...................................................................................6 1.4.4 Sensitive Personally Identifiable Information (SPII)...................................2 1.4.5 Sensitive System ..........................................................................................3 1.4.6 Strong Authentication ..................................................................................3 1.4.7 Trust Zone ....................................................................................................3
v12.0, November 15, 2015
iv
DHS 4300A SENSITIVE SYSTEMS HANDBOOK
1.4.8 Two-Factor Authentication ..........................................................................3 1.4.9 Visitor ..........................................................................................................3 1.4.10 Vital Records ...............................................................................................4 1.5 Waivers ....................................................................................................................4 1.5.1 Waiver Requests ..........................................................................................4 1.5.2 Requests for Exception to U.S. Citizenship Requirement ...........................5 1.6 Digital and Other Electronic Signatures ..................................................................5 1.7 Information Sharing .................................................................................................5 1.8 Threats......................................................................................................................6 1.8.1 Insider Threats .............................................................................................6 1.8.2 Criminal Threats ..........................................................................................7 1.8.3 Foreign Threats ............................................................................................7 1.8.4 Lost or Stolen Equipment ............................................................................7 1.8.5 Supply Chain Threats...................................................................................7 1.9 Changes to this Handbook, and Requests for Changes............................................7
2.0 ROLES AND RESPONSIBILITIES................................................................................9 2.1 Information Security Program Roles .......................................................................9 2.1.1 DHS Senior Agency Information Security Officer (SAISO) ......................9 2.1.2 DHS Chief Information Security Officer (CISO) ........................................9 2.1.3 Component Chief Information Security Officer ........................................11 2.1.4 Component Information Systems Security Manager (ISSM) ....................13 2.1.5 Risk Executive ...........................................................................................14 2.1.6 Authorizing Official (AO) .........................................................................15 2.1.7 Security Control Assessor..........................................................................15 2.1.8 Information Systems Security Officer (ISSO) ...........................................16 2.1.9 Ongoing Authorization (OA) Manager and Operational Risk Management Board (ORMB) ..........................................................................................16 2.1.10 DHS Security Operations Center (SOC)....................................................16 2.1.11 Component Security Operations Centers...................................................18 2.2 Other Roles ............................................................................................................19 2.2.1 Secretary of Homeland Security ................................................................19 2.2.2 Under Secretaries and Heads of DHS Components...................................20 2.2.3 DHS Chief Information Officer (CIO) ......................................................20 2.2.4 Component Chief Information Officer ......................................................21 2.2.5 DHS Chief Security Officer (CSO) ...........................................................23 2.2.6 DHS Chief Privacy Officer ........................................................................23 2.2.7 DHS Chief Financial Officer (CFO)..........................................................24 2.2.8 Program Managers .....................................................................................24 2.2.9 System Owners ..........................................................................................24 2.2.10 Common Control Provider.........................................................................25 2.2.11 DHS Employees, Contractors, and Others Working on Behalf of DHS ...25
3.0 MANAGEMENT POLICIES .........................................................................................26 3.1 Basic Requirements ...............................................................................................26 3.2 Capital Planning and Investment Control (CPIC) .................................................26 3.2.1 Capital Planning and Investment Control Process.....................................27 3.3 Contractors and Outsourced Operations ................................................................28
v12.0, November 15, 2015
v
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related download
- db2 12 for z os migration considerations
- man marine engine v12 1224 v12 1360
- v10 v12 new features power workshop ressoures
- dragon version 12 5 release notes
- vickers vane pumps model series v10 v20 v2010 and v2020
- 983036 comparison between v12 and w12 f1 engines
- lessons learned from installing infor lawson 10
- dhs sensitive systems handbook 4300a v12
- learning to ski expedition kayaks
Related searches
- sf handbook hud handbook 4000 1
- purina pro plan focus sensitive stomach reviews
- sensitive data discovery tool
- sensitive skin products
- similac pro sensitive vs advance
- similac pro sensitive formula ingredients
- similac sensitive 22 cal
- similac pro sensitive formula nutrition
- similac sensitive vs similac pro sensitive
- similac sensitive 24 cal oz
- similac sensitive mixing 24 kcal
- similac sensitive vs total comfort