From Traditional Security
Part of PDS Documentation - Request for Approval Documentation
Associated with IA controls: DCSR-3, PESS-1, ECCT-2
A PDS that is not approved could cause an Information Assurance Manager, Designated Accrediting Authority and other concerned managerial personnel to not be fully aware of all vulnerabilities and residual risk of IA systems under their purview.
This check concerns the documentation prepared and submitted to the PDS approval authority. Any subsequent requests for modification of the PDS should also be available for review. Check to ensure: 1. The PDS documentation is complete and current. Review a copy of the initial Request for Approval of PDS, which must contain the information IAW Annex C, NSTISSI 7003. 2. Any requests for modification of the PDS approval are also available for review and contain the appropriate information. NOTES: Applies in a tactical environment but will likely not be available in mobile field locations. Such documentation should be available for inspection at a location where supporting headquarters staff (IAM, SM) would logically be located. Observations and comments may be entered into VMS, even if there is no finding.
Documentation must exist for the initial request for PDS approval and any modification requests. If the initial documentation or modification requests were not prepared or documentation cannot be located the fix is to prepare a request for PDS approval IAW the NSTISSI 7003 template and submit to the approving authority for approval.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer