search

department-of-veterans-affairs / va.gov-team

Public resources for building on and in support of VA.gov. Visit complete Knowledge Hub:
https://depo-platform-documentation.scrollhelp.site/index.html
284 stars 206 forks source link

ISCP Review of Activation and Notification #53297

Closed gary-fallon closed 1 year ago

gary-fallon commented 1 year ago

Description

The Activation and Notification in Section 3 need to be reviewed and updated.

The type of outage indicates the VFSP-Va.gov will be down for more than 6 hours.

PSEC recommends holding a threat modeling session to capture possible outage scenarios and the LOE required to recover should the ISCP be invoked.

Tasks

The following tasks must be reviewed and completed as necessary.

Acceptance

The following tasks must be completed before this issue can be considered done.

alyssagallion commented 1 year ago

Looping in @ph-One @jhouse-solvd

gary-fallon commented 1 year ago

I will be drafting the BIA and ISCP based on a new definition of the FISMA authorization boundary that includes all VFS applications.

alyssagallion commented 1 year ago

During our Gap Analysis, we realized that the System Security Plan (SSP) was incorrect. We have since updated it, presented it to the ISSO and Ray Wang is now reviewing the associated tickets he needs to approve. Once those are reviewed and approved, @ScottCutlip will continue the work on SSP.

SSP is blocking BIA work and BIA work must be completed prior to ISCP work being done. Blocked.

jhouse-solvd commented 1 year ago

Please see the parent epic for a recent update.

Moving to review.

jhouse-solvd commented 1 year ago

The ISCP has been updated w/ the most recent info.

Please see the parent epic (#53216) for future updates and follow-up issues.

Closing.