Organization: (Internal Revenue Service IRS)
Every organization must create a cybersecurity profile (system security plan (SSP)) for all of its major and minor information systems. The cybersecurity profile documents the current and planned controls for the system and addresses security concerns that may affect the system’s operating environment. The cybersecurity profile includes security categorizations and security controls, and is included in the certification and accreditation package. For this project, you will create a sample cybersecurity profile describing the security posture of your selected organization
- Read NIST Special Publication 800-53 Rev 4 Guide for Assessing the Security Controls in Federal Information Systems and Organizations, Building Effective Security Assessment Plans.
- Review the sample System Security Plan template in the Project Description area of the classroom.
- Select one management, one technical, and one operational control from the eighteen family controls that apply to your selected organization (i.e., AU – Audit and Accountability).
- Describe each family control. Include why these controls are required.
- For each family control, select two associated family identifiers (i.e., AU-3 Content of Audit Records).
- Describe each associated family identifier, describe the implementation status as it relates to your selected organization’s security program, and describe how your selected organization implements the family identifer.
- Write your sample cybersecurity profile. At a minimum, the profile should include
- an Introduction that includes the purpose of your paper and introduces security profiles as they relate to your selected organization (Internal Revenue Service IRS) an Analysis section that includes Items 3–6 above
- a Conclusion that summarizes what you wrote
- You are encouraged to use the sample SSP template as an example for how to document your research.