FAA Information Systems Security (ISS) Engineering Process

The Information Systems Security (ISS) Engineering website is a checklist that guides you throughout the acquisition management systems (AMS) phases to perform the security related activities using the ISS engineering processes.

Investment Analysis: Initial Investment Analysis & Final Investment Analysis
Mission Analysis: Service Area Analysis & Concept & Requirements Definition
Solution Implementation
FAA Information Systems Security (ISS) Engineering Process
In-Service Management

The ISS Engineering process tasks support the phased AMS decisions, as shown in the Acquisitions Management Systems (AMS) logo above. Each Program Office or Service Organization shall tailor its ISS Engineering activities to meet its program milestones and use its System Engineering Management Plan (SEMP) to tailor its ISS Engineering activities and process tasks.

Each phase has ISS Engineering products that support the other Systems Engineering (SE) elements, consistent with contents of the Systems Engineering Manual (SEM) section 4.8.6.3, "Information Security Engineering Process Tasks." The Information System Security Plan (ISSP) is a key ISS Engineering planning document for every FAA IT program. The ISSP provides an overview of the system, presents an approach for meeting associated security requirements, and delineates responsibilities and rules for controlling access and use of information and related assets within the system. The program ISSP is a living document, prepared early in system lifecycle and updated regularly during program/system development. Above AMS logo summarizes the ISS Engineering process task alignment with the AMS phases.

For comments or feedback contact 9-atop-hq-isse-info@faa.gov.

Conduct Security Testing (m) Develop User's Guides, Training, and Contingency Plans (l) Develop Security Test Plans and Procedures (k) Update the ISSP (j) Integrate Security Architecture and Design (i) Solution Implementation Develop CONOPS and Preliminary Security Requirements (b) Integrate Initial Security Needs and Threat Stipulation into the MNS (a) Mission Analysis: Service Area Analysis & Concept & Requirements Definition Update CONOPS and Security Requirements (g) Update Vulnerability and Risk Assessment (f) Develop Preliminary Vulnerability and Risk Assessment (e) Develop Systems Characterization/ Categorization (d) Develop Preliminary ISSP (Including Basic Security Policy) (c) Investment Analysis: Initial Investment Analysis & Final Investment AnalysisIntegrate Security Architecture and Design (i)Integrate Security Requirements with System Requirements (h)Prepare for Technology Refresh and Upgrade Planning (p) Obtain Security Authorization and Accreditation (o)Create Final Security C&A Documents (n)

Last updated: Friday, October 12, 2018