INTERIM POLICY DOCUMENT
| | | |
| |Network Security Management | |
1. Purpose. This Interim Policy Document (IPD) establishes XX Agency (XXA) procedures for managing network security.
2. Objective. The objective is to comply with the federal guidelines to maintain a proper level of network security commensurate with risk and threat assessment.
3. Reference.
A. Computer Security Act of 1987 (PL 100-235)
B. OMB Circular A-130, Appendix III, Security of Federal Automated Information Resources
C. NIST Special Publication 800-18, Guide for Developing Security Plans for Information Technology Systems
4. Policy. It is XXA policy to protect information and corporate assets.
5. Responsibilities.
A. The Council of Management Officials (CIMO) are responsible for:
Ensuring coordination among Program area offices on IRM issues (including the Network) and activities
B. The Security Working Group (SWG)
Approving documents prepared by the Chief Information Systems Security Manager for the purpose of maintaining network security and/or for Director XX Agency.
C. Chief, Information Resources Management (IRM) is responsible for:
Approving documents prepared by the Information Technology Security Manager for the purpose of maintaining network security and/or for Director, XX Agency.
D. Information Technology Security Manager (ITSM) is responsible for:
1) Ensure IT resources are adequately safeguarded throughout theAgency.
2) Developing and implementing an overall network security plan for