system-security-plan.yml
---
name: team-api-server
uniqueID:
version: <application version>
# descriptions:
# https://18f.gsa.gov/dashboard/
phase: discovery
# `D26 Civilian Operations` is most common for 18F projects.
# http://csrc.nist.gov/publications/nistpubs/800-60-rev1/SP800-60_Vol1-Rev1.pdf#page=23
information-types:
- D26 Civilian Operations
# https://pages.18f.gov/before-you-ship/ato/levels/
confidentiality: none
integrity: low
availability: low
security-baseline: open data
system-type: minor
level-of-identity-assurance: 0
staff:
authorizing-official:
name: Aaron Snow
title: 18F Executive Director
org: General Services Administration
unit: 18F
email: 18F@gsa.gov
system-owner:
name: Noah Kunin
title: 18F Infrastructure Director
org: General Services Administration
unit: 18F
email: devops@gsa.gov
system-management:
name: Noah Kunin
title: 18F Infrastructure Director
org: General Services Administration
unit: 18F
email: devops@gsa.gov
system-security-officer:
name: Noah Kunin
title: 18F Infrastructure Director
org: General Services Administration
unit: 18F
email: devops@gsa.gov
technical-lead:
name: James Seppi
title: Technical Lead
org: General Services Administration
unit: 18F
email: james.seppi@gsa.gov
leveraged-authorizations:
- https://www.fedramp.gov/marketplace/compliant-systems/amazon-web-services-aws-eastwest-us-public-cloud/
purpose: https://github.com/18F/team-api-server/blob/master/README.md
components:
- <link to item under https://18f.gsa.gov/dashboard/>
- <links to repositories>
# these will be the same unless your architecture is especially complex
system-diagram: https://docs.google.com/drawings/d/12DgRhpxW64CZ-uAzqG6eGiGKDOZEzPKPH2F888mZ3xo/view
network-diagram: https://docs.google.com/drawings/d/12DgRhpxW64CZ-uAzqG6eGiGKDOZEzPKPH2F888mZ3xo/view
environments:
- Cloud Foundry
- Amazon Web Services East
user-types:
developer:
functions:
- deployment
- engineering
controls:
- <links to your security documentation>