 NSTSSI Security Education Standards |
| NSTSSI Security Education Standards |
10. MAINTENANCE OF THE SSAA
a. Life-Cycle Security Planning
1) discuss, when consulted, proposed changes to the SSAA;
2) propose, where required, a need for recertification and reaccreditation; and
3) interpret, when consulted, changes that may affect the existing certification.
b. Documentation Policies
1) appraise the documentation policies for continued applicability;
2) identify the documentation policies for updates; and
3) verify changes against the original documentation policies.
c. Configuration Control/Change Management
1) appraise the configuration control for continued applicability;
2) identify the configuration control in place versus that which has been
specified in the current SSAA;
3) list proposed changes to the previously approved system configuration
and/or operating environment, to include system retirement;
4) analyze the above changes to determine if an assessment of the impact is
required;
5) outline the process for an assessment of the impact of changes to the
existing SSAA; and
6) revise the SSAA in accordance with the configuration changes.
d. Maintenance of Configuration Documents
1) appraise the maintenance of configuration documents; and
2) compare the maintenance of configuration documents for conformance to
the SSAA.
e. Periodic Review of System Life-cycle
1) appraise the periodic review of the system/product life-cycle for
conformance to the SSAA;
2) initiate the periodic review of the system/product life-cycle for conformance
to the SSAA; and
3) report on the periodic review of the system/product life-cycle.
f. Communicate Results
report the results of changes to the SSAA to the accreditor (DAA).
g. Convey Magnitude of Risk
identify the inherent and residual risks and the potential corrective approaches
to the accreditor (DAA).
h. Brief and Defend ST&E Results
prepare and deliver the ST&E results to the accreditor (DAA).