Information Security
AMS Policy Section 4.11
The FAA protects its information and information systems commensurately with the potential harm that could result from their unauthorized access, use, disclosure, disruption, modification or destruction.
What Must be Done
Plan, implement, and sustain information security throughout the lifecycle of FAA systems and services including sensitive security information and personally identifiable information.
Who Does It
Service organizations and program offices integrate information security into the solution in coordination with their security lead and in communication with other lines of business and service organizations.
Who Approves
Document templates specify approval authorities.
Key Outputs and Products
- Information systems security requirements in the PRD
- Information systems security strategy in the ISPD
- Information systems security planning in the PMP
- Information systems security tasks in the SOW
- ISS Risk Factors Assessment Template
- Preliminary ISS Assessment Template (Required for the IARD)
- Initial ISS Assessment Template (Required for the IID)
- Final ISS Assessment Template (Required for the FID)
- Security Authorization Package
- Periodic security assessments and reauthorizations
Toolkit
Internal Links
External Links