U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

Computer Security Resource Center

Computer Security Resource Center

This is an archive
(replace .gov by .rip)
    Glossary
A  |  B  |  C  |  D  |  E  |  F  |  G  |  H  |  I  |  J  |  K  |  L  |  M  |  N  |  O  |  P  |  Q  |  R  |  S  |  T  |  U  |  V  |  W  |  X  |  Y  |  Z

information system security plan

Abbreviation(s) and Synonym(s):

security plan
system security plan

Definition(s):

  A formal document that provides an overview of the security requirements for an information system and describes the security controls in place or planned for meeting those requirements.
Source(s):
NIST SP 800-128 from OMB Circular A-130
NIST SP 800-37 Rev. 2

  See System Security Plan.
Source(s):
NIST SP 800-53 Rev. 5 under security plan

  See information system security plan.
Source(s):
NIST SP 800-128 under system security plan
NIST SP 800-37 Rev. 2 under system security plan
NIST SP 800-37 Rev. 2 under security plan

  Formal document that provides an overview of the security requirements for an information system or an information security program and describes the security controls in place or planned for meeting those requirements. See system security plan or information security program plan.
Source(s):
CNSSI 4009-2015 under security plan from NIST SP 800-53, NIST SP 800-53A, NIST SP 800-37 Rev. 1, NIST SP 800-18 Rev. 1

  A document that describes how an organization meets the security requirements for a system or how an organization plans to meet the requirements. In particular, the system security plan describes the system boundary; the environment in which the system operates; how the security requirements are implemented; and the relationships with or connections to other systems.
Source(s):
NIST SP 800-171 Rev. 2 under system security plan
NIST SP 800-171 Rev. 1 [Superseded] under system security plan

  A formal document that provides an overview of the security requirements for an information system or an information security program and describes the security controls in place or planned for meeting those requirements. The system security plan describes the system components that are included within the system, the environment in which the system operates, how the security requirements are implemented, and the relationships with or connections to other systems.
Source(s):
NIST SP 800-53 Rev. 5 under security plan

  See security plan.
Source(s):
NIST SP 800-53 Rev. 5 under system security plan
NIST SP 800-53B under system security plan

  Formal document that provides an overview of the security requirements for an information system or an information security program and describes the security controls in place or planned for meeting those requirements. The system security plan describes the system components that are included within the system, the environment in which the system operates, how the security requirements are implemented, and the relationships with or connections to other systems.
Source(s):
NIST SP 800-53B under security plan

  A document that describes how an organization meets the security requirements for a system or how an organization plans to meet the requirements. In particular, the system security plan describes the system boundary, the environment in which the system operates, how security requirements are implemented, and the relationships with or connections to other systems.
Source(s):
NIST SP 800-172 under system security plan