up

2020-01-31

ISSP components

Issue Specific Security Policy

• Statement of purpose
• Authorized acess and Usage of Equipment
• Prohibited Usage of Equipment
• Systems Management
• Violations of policy
• Policy review and modification
• Limitations of Liability

SSSP

System Specific Security Policy

• ACLs
• Enable administrators to restrict access to stuff
  • by time, duration, user, etc.
• location
  • File systems
  • SELinux Policies
  • Windows Group Policy
  • App Level ACLs
    • Firewall rules

Policy guidelines

• following industry standard will help protect the policy from challenge
• If we are not up to industry standard, we can be liable for our shortcomings.

Read: NIST SP 800-18