Other Federally Required Documents

Documentation related to security may also be required to support a federal grant or contract submission. If you need assistance with the documentation outlined below, please contact Information Security.

Information System Security Plans (ISSP)/ (SSP)

An ISSP is often required with government contracts. An information system security plan (SSP) provides an overview of the security posture of the system and describes the security controls in place, or planned to be put into place. A template can be found here.

Boundary Scope Memo

The purpose of the Boundary Scope Memo is to establish the scope of the application/system’s Certification & Accreditation(C&A) review. It documents the system’s functionality, purpose, and connections, and identifies the users of that system. A template can be found here.

Security Self-Assessment

A Security Self-Assessment is done internally to match your current security posture to a set of standard criteria. This allows an organization to provide a cost-effective technique to determine the current status of their information security programs, mitigate weaknesses, and establish a plan for improvement. A template can be found here.

System Security Categorization Review

The System Security Categorization Review is a formalized process that demonstrates how you decided on the proper security impact level (low, moderate or high). A template can be found here.