{"id":4094,"date":"2019-01-16T19:52:18","date_gmt":"2019-01-17T00:52:18","guid":{"rendered":"http:\/\/community.mis.temple.edu\/mis5214sec401sp2019\/?page_id=4094"},"modified":"2020-03-03T21:23:04","modified_gmt":"2020-03-04T02:23:04","slug":"team-project-overview","status":"publish","type":"page","link":"https:\/\/community.mis.temple.edu\/mis5214sec951spring2025\/team-project-overview\/","title":{"rendered":"Team Project Instructions"},"content":{"rendered":"<p>You and your team are:<\/p>\n<ul>\n<li>Acting as the CSP (Cloud Service Provider)<\/li>\n<li>Seeking PA (Preliminary Authorization) for your information system<\/li>\n<li>Responsible for:<\/li>\n<\/ul>\n<ol>\n<li>Developing and documenting the system security architecture for your information system<\/li>\n<li>Developing a System Security Plan (SSP) for your information system<\/li>\n<li>Presenting your SSP to an internal senior management review team<\/li>\n<\/ol>\n<p>To do so,<\/p>\n<p>1. Select a mission-based or service delivery information system your firm will develop and host in the cloud to support one or more client governmental agencies<\/p>\n<p style=\"padding-left: 40px\"><i>Use <\/i><i><a href=\"https:\/\/community.mis.temple.edu\/mis5214sec951spring2025\/files\/2020\/01\/nistspecialpublication800-60v1r1.pdf\">NIST Special Publication 800-60 Volume 1 Guide for Mapping Types of Information Systems to Security Categories<\/a><\/i><\/p>\n<p>2. Determine the security categorization of the information and information system your firm will develop, host and support<\/p>\n<p style=\"padding-left: 40px\"><a href=\"https:\/\/community.mis.temple.edu\/mis5214sec004spring2020\/files\/2019\/01\/nistspecialpublication800-60v2r1.pdf\"><i>Use NIST Special Publication 800-60 Volume 2 Appendices to Guide for Mapping Types of Information Systems to Security Categories<\/i><\/a><\/p>\n<p style=\"padding-left: 40px\"><i>and <\/i><i><a href=\"https:\/\/community.mis.temple.edu\/mis5214sec951spring2025\/files\/2020\/01\/NIST.FIPS_.199-1.pdf\">NIST <\/a><\/i><i><a href=\"https:\/\/community.mis.temple.edu\/mis5214sec951spring2025\/files\/2020\/01\/NIST.FIPS_.199-1.pdf\">FIPS 199 Standards for Security Categorization of Federal Information and Information <\/a><\/i><i><a href=\"https:\/\/community.mis.temple.edu\/mis5214sec951spring2025\/files\/2020\/01\/NIST.FIPS_.199-1.pdf\">Systems<\/a><\/i><\/p>\n<ul>\n<li style=\"list-style-type: none\">\n<ul>\n<li><i>Based on your information system\u2019s categorization, select either the <\/i><i><a href=\"http:\/\/community.mis.temple.edu\/mis5214sec951spring2025\/files\/2020\/03\/FedRAMP-SSP-High-Baseline-Template-12.docx\">High<\/a><\/i><i>, <\/i><i><a href=\"http:\/\/community.mis.temple.edu\/mis5214sec951spring2025\/files\/2020\/03\/FedRAMP-SSP-Moderate-Baseline-Template-2.docx\">Moderate<\/a><\/i><i>, or <\/i><i><a href=\"http:\/\/community.mis.temple.edu\/mis5214sec951spring2025\/files\/2020\/03\/FedRAMP-SSP-Low-Baseline-Template-4.docx\">Low<\/a><\/i><i> System Security<\/i> <i>Plan (SSP) template to fill out <\/i><\/li>\n<li><i><a href=\"https:\/\/www.fedramp.gov\/templates\/\">Complete FedRAMP System Security Plan\u2019s Cover Page, Sections 1, 2.1, 2.2, 2.3, 9.1, and 9.3<\/a><\/i><\/li>\n<li><i>Complete FedRAMP System Security Plan\u2019s Attachment 10 \u2013 FIPS 199, including Table 15-9 and Attachment 3 Digital Identity Worksheet<\/i><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p style=\"padding-left: 40px\"><i>The level of detail <\/i><i>in your SSP should <\/i><i>be one at which you\u00a0would feel comfortable explaining to a group of <\/i><i>high-level\u00a0business leaders and executives<\/i><\/p>\n<p>3.Based on step 2 (above) draft a logical network diagram of the information system architecture and infrastructure needed by your firm to develop and maintain the mission-based or service delivery information system for your government agency clients and document it in Figure 9-1, and Section 9.4.\u00a0 In Section 10.1 add the different types of systems&#8217; users to the logical network diagrams illustrating the flow of data across the system boundary in and out and through the system.<\/p>\n<ul>\n<li>You may use <a href=\"https:\/\/www.draw.io\/\">www.draw.io<\/a> \u00a0PowerPoint, or another drawing tool to draw the logical network diagram of the information system infrastructure<\/li>\n<li>Use appropriate network symbols and annotation in your architectural diagram, include:\n<ul>\n<li>Information System Servers: e.g. Web Server(s), Application Server(s), Database Server(s), File Server(s), \u2026<\/li>\n<li>Groups of desktop\/laptop computers illustrating organized within LANS or VLANS of organizational units<\/li>\n<li>Strongly consider having 3 parallel cloud-based system environments to support your system: Development System, Test System, and Production System<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>4.Transform the draft of the logical network diagram of the information system architecture you created in step 3 into a logical security architecture diagram that represents recommendations for technical security infrastructure for the information system<\/p>\n<ul>\n<li>Use appropriate network symbols and annotation<\/li>\n<li>Information System Servers: e.g. Web, Application, Database, File, \u2026<\/li>\n<li>Groups of desktop\/laptop computers illustrating organized within LANS of organizational units<\/li>\n<li>Security zones (i.e. security domain areas) based on security categorizations<\/li>\n<li>Appropriately placed switches, routers, firewalls, Intrusion Detection System(s) and\/or Intrusion Protection Systems.<\/li>\n<li><i>Be sure to label all the types of firewalls, IDSs IPS, and annotate to indicate the type of firewall technology and the type of IDS\/IPS technology you placed in each location of your diagram<\/i><\/li>\n<li>Identify the system\u2019s boundaries, locations of interconnection(s) to the Internet, and ther information systems and to the Internet<\/li>\n<li>Identify where and how various user groups including clients and remote staff access your organization various IT system via the Internet and illustrate the data flow between each user group and the information system<\/li>\n<\/ul>\n<p><i>5. Document your system and it security architecture and controls in the System Security Plan\u00a0 Step 2 of the assignment: <\/i><\/p>\n<ul>\n<li><i>Complete FedRAMP System Security Plan\u2019s cover page and Sections 1, 2, 7, 8.1, 8.2, 9.1, 9.2, 9.3, 9.4, 10.1, 11 (use Table 11-1 but do not add IP address and Interface), and select and document one of the technical control families from the Minimum Security Control families in Section 13.\u00a0<\/i>\n<ul>\n<li><i>If the network diagram does not fit into Figure 9-1, section 9.4 or 10.1 and display well, you may also include a copy of your diagrams in a separate PDF file with your hand-in via Canvas. <\/i><\/li>\n<li><i>Complete FedRAMP System Security Plan\u2019s Attachment 10 \u2013 FIPS 199, including Table 2-1 <\/i><\/li>\n<li><i>Make sure that your team\u2019s identity (i.e. replace CSP Name with your Team # and members\u2019 names), and Information System Name, SSP Version and Version Date are listed on the cover page of the SSP document you hand in for your assignment cover page. Note: CSP = Cloud Service Provider.<\/i><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>6. Create and deliver in-class a PowerPoint presentation that introduces the name and purpose your Cloud Based Information System, your systems user&#8217;s and how it is used, and the security architecture of the system.<\/p>\n<p>Deliverables: (<em>H<\/em><i>and in your assignment individually via Canvas. <\/i><i>Each member of the team should submit an identical copy of the team\u2019s SSP document via your individual Canvas accounts with the following)<\/i><\/p>\n<ol>\n<li>Powerpoint presentation<\/li>\n<li>System Security Plan<\/li>\n<li>Logical system security architecture diagrams (System&#8217;s logical network diagram with boundaries, interconnections and data flows to\/from users and other\/supporting systems, and security architecture components)<\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"<p>You and your team are: Acting as the CSP (Cloud Service Provider) Seeking PA (Preliminary Authorization) for your information system Responsible for: Developing and documenting the system security architecture for your information system Developing a System Security Plan (SSP) for your information system Presenting your SSP to an internal senior management review team To do [&hellip;]<\/p>\n","protected":false},"author":20397,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"class_list":{"0":"post-4094","1":"page","2":"type-page","3":"status-publish","5":"entry"},"_links":{"self":[{"href":"https:\/\/community.mis.temple.edu\/mis5214sec951spring2025\/wp-json\/wp\/v2\/pages\/4094","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/community.mis.temple.edu\/mis5214sec951spring2025\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/community.mis.temple.edu\/mis5214sec951spring2025\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/community.mis.temple.edu\/mis5214sec951spring2025\/wp-json\/wp\/v2\/users\/20397"}],"replies":[{"embeddable":true,"href":"https:\/\/community.mis.temple.edu\/mis5214sec951spring2025\/wp-json\/wp\/v2\/comments?post=4094"}],"version-history":[{"count":6,"href":"https:\/\/community.mis.temple.edu\/mis5214sec951spring2025\/wp-json\/wp\/v2\/pages\/4094\/revisions"}],"predecessor-version":[{"id":4552,"href":"https:\/\/community.mis.temple.edu\/mis5214sec951spring2025\/wp-json\/wp\/v2\/pages\/4094\/revisions\/4552"}],"wp:attachment":[{"href":"https:\/\/community.mis.temple.edu\/mis5214sec951spring2025\/wp-json\/wp\/v2\/media?parent=4094"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}