Federal Aviation Administration

In-Service Management

  • Print
  • |  Updated: 1:16 pm ET July 23, 2008

Note: The symbol "*" indicates that the FAA firewall access is required to view this link.

highlighted: In-Service Management - AMS Lifecycle Phase

Activities during this phase include the following:

  • Follow and conform to the final SCAP template as required for the final SCAP documents*.
  • Obtain the security Certification and Authorization (C&A). Stakeholder C&A review shall ensure that the DAA* is in a position to certify and authorize the system as meeting the security requirements and as presenting an acceptable risk to the FAA mission and NAS operations.
  • Conduct the performance measurement, monitoring, and reporting of the security controls and incidents. Ensure that the monitoring of ISS performance and assurance for the respective NAS service/capability has not degraded and that the new vulnerabilities have not been introduced to the operational system.
  • Update the SCAP to reflect any major configuration changes at least every 3 years, assessing the changes in the environment and system for previously unforeseen risks from new threats and vulnerabilities. Plan and take corrective action as necessary.
  • For disposal of the system, the following types of activities may be addressed in the Information System Security Plan, and conducted at the appropriate stage of the System Development Lifecycle
    • Archive Information - Retain information as necessary, keeping in mind legal requirements and future technology changes that render the retrieval method obsolete.
    • Sanitize Media - Ensure data is deleted, erased, or written over as necessary.
    • Dispose of Hardware and Software - Dispose of the hardware and software in accordance with ISS policy.