system-security-plan.yml
name: <project name>
uniqueID: <MB number – see https://docs.google.com/spreadsheets/d/1hjCYIskgD_x_MI1ehXoiz2Qvsyxj1yK3fxabkezMPiE/edit#gid=0>
version: <application version>
# descriptions:
# https://18f.gsa.gov/dashboard/
phase: <discovery|alpha|beta|live>
# `D26 Civilian Operations` is most common for 18F projects.
# http://csrc.nist.gov/publications/nistpubs/800-60-rev1/SP800-60_Vol1-Rev1.pdf#page=23
information-types:
- <Dxx + name>
# https://pages.18f.gov/before-you-ship/ato/levels/
confidentiality: none
integrity: low
availability: low
security-baseline: low
system-type: minor
level-of-identity-assurance: 0
staff:
authorizing-official:
name: Aaron Snow
title: 18F Executive Director
org: General Services Administration
unit: 18F
email: 18F@gsa.gov
system-owner:
name: Noah Kunin
title: 18F Infrastructure Director
org: General Services Administration
unit: 18F
email: devops@gsa.gov
system-management:
name: Noah Kunin
title: 18F Infrastructure Director
org: General Services Administration
unit: 18F
email: devops@gsa.gov
system-security-officer:
name: Noah Kunin
title: 18F Infrastructure Director
org: General Services Administration
unit: 18F
email: devops@gsa.gov
technical-lead:
name: Jacob Harris
title: Technical Lead
org: General Services Administration
unit: 18F
email: jacob.harris@gsa.gov
leveraged-authorizations:
- https://www.fedramp.gov/marketplace/compliant-systems/amazon-web-services-aws-eastwest-us-public-cloud/
purpose: https://github.com/18F/confidential-survey/blob/master/README.md
components:
- https://github.com/18F/confidential-survey
# these will be the same unless your architecture is especially complex
system-diagram: <link>
network-diagram: <link>
environments:
- Cloud Foundry
- Amazon Web Services East
user-types:
developer:
functions:
- deployment
- engineering
controls:
- <links to your security documentation>