Information Systems Security Icon

Information Security

AMS Policy Section 4.11

The FAA protects its information and information systems commensurately with the potential harm that could result from their unauthorized access, use, disclosure, disruption, modification or destruction.

What Must be Done

Plan, implement, and sustain information security throughout the lifecycle of FAA systems and services including sensitive security information and personally identifiable information.

Who Does It

Service organizations and program offices integrate information security into the solution in coordination with their security lead and in communication with other lines of business and service organizations.

Who Approves

Document templates specify approval authorities.

Key Outputs and Products

Information systems security requirements in the PRD
Information systems security strategy in the ISPD
Information systems security planning in the PMP
Information systems security tasks in the SOW
ISS Risk Factors Assessment Template
Preliminary ISS Assessment Template (Required for the IARD)
Initial ISS Assessment Template (Required for the IID)
Final ISS Assessment Template (Required for the FID)
Security Authorization Package
Periodic security assessments and reauthorizations

Toolkit

FAA Order 1600.2 Safeguarding Classified National Security Information

FAA Order 1600.75 Protection of Sensitive Unclassified Information

FAA Order 1370.82 Information Systems Security Program

Security Authorization Handbook

Internal Links

External Links