DATA ITEM DESCRIPTION
1. Title                                                                   2. Identification Number

Security Plan                                                              ASSC-SP-01

3. Description/Purpose

The Security Plan shall describe the Contractor's overall strategy and approach in managing the implementation
of security in the ASSC program.

4. Approval Date               5. Office of Primary Responsibility (OPR)   6a. DTC Applicable         6b. GIDEP Applicable

TBD                            ATO-T ASSC Program Office                   N/A                        N/A

7. Application/Interrelationship

This Data Item Description (DID) contains the format and content preparation instructions for the Security Plan
requirements in this contract.

8. Approval Limitation                                  9a. References                                9b. CDRL Number

N/A                                                     See CDRL                                      SP01
10. Preparation Instructions

The Security Plan shall include:

10.1 Introduction. This section shall describe the purpose and scope of the Security Plan. This section shall also
     provide an overview of the Contractor’s strategy and approach to security for the ASSC program, and shall
     describe how the SP is integrated into systems engineering activities.

10.2 Organization. This section shall describe the Contractor’s and subcontractor security organization and how
     it relates to the overall program organization. This section shall also describe the roles, responsibilities and
     authority of each member of the security organization.

10.3 Schedule. This section shall provide a schedule for accomplishing the security requirements in the ASSC
     SOW and contract.

10.4 Policies and Procedures. This section shall describe internal policies and procedures to be used in
     implementing the security program to include personnel security, information security, physical security, and
     Security Plan and Risk Assessment.

       Security Plan and Risk Assessment:
       a. Describe in detail the methodology used to conduct the risk assessment of all NDI software and
          commercial item hardware, including definitions of risk classifications for low, medium and high risks in a
          Risk Assessment Matrix
       b. Describe any tools to be used in vulnerability and risk assessment activities
       c. List any assumption and constraint parameters that form the boundaries of this risk assessment
       d. Provide security plan that describes the information necessary to support the FAA Security Certification
          and Authorization Package (SCAP) process
Preparation Instructions Continued

10.5 Security Data Management. Describe the organization, procedures, and tools to be used to ensure that
     all security data deliverables required by the contract are processed and maintained using appropriate
     security measures for sensitive data. Identify the individual responsible for integrating and maintaining
     the total security data management effort. This effort shall involve monitoring, reporting, and status
     accounting. The Contractor's procedures for controlling the generation, receipt, approval, storage, and
     delivery of subcontractor data (as well as its inclusion in status accounting) shall also be described.

11. Distribution Statement

To top