In-Service Management

highlighted: In-Service Management - AMS Lifecycle Phase Activities during this phase include the following:

  • Follow and conform to the final SCAP template as required for the final SCAP documents.
  • Obtain the security Certification and Authorization (C&A). Stakeholder C&A review shall ensure that the DAA is in a position to certify and authorize the system as meeting the security requirements and as presenting an acceptable risk to the FAA mission and NAS operations.
  • Conduct the performance measurement, monitoring, and reporting of the security controls and incidents. Ensure that the monitoring of ISS performance and assurance for the respective NAS service/capability has not degraded and that the new vulnerabilities have not been introduced to the operational system.
  • Update the SCAP to reflect any major configuration changes at least every 3 years, assessing the changes in the environment and system for previously unforeseen risks from new threats and vulnerabilities. Plan and take corrective action as necessary.
  • For disposal of the system, the following types of activities may be addressed in the Information System Security Plan, and conducted at the appropriate stage of the System Development Lifecycle
    • Archive Information - Retain information as necessary, keeping in mindlegal requirements and future technology changes that render the retrievalmethod obsolete.
    • Sanitize Media - Ensure data is deleted, erased, or written over asnecessary.
    • Dispose of Hardware and Software - Dispose of the hardware and software in accordance with ISS policy.

Last updated: Thursday, September 07, 2017