IU IT-12 System Security Plan Template

This template is provided to help organizational units, IT staff, and users document their security safeguards as required by IU’s IT-12 Policy in Planning Standard PL-2. It is designed to document IT-12 controls for:

1. A system or service created/managed by a department that leverages the UITS infrastructure, e.g., virtual machines in the Intelligent Infrastructure, or
2. Common controls/practices implemented by the department across all its systems. 

This template is provided as an aid. However, since IT-12 does not specify the manner of documentation, units, IT staff and users are free to modify the template as they see fit, or use different documentation entirely. Groups of similarly configured IT resources may be documented using a SINGLE SSP (ex. file servers, workstations). An SSP is not required for each individual IT resource.

This template provides example content in gray for a department-managed web application on a server physically located in the department to illustrate the controls.  Please note that using UITS-provided Intelligent Infrastructure VMs can greatly reduce the security burden on IT Staff by inheriting a large number of UITS security controls.

Instructions

1. Globally replace SYSTEMNAME with the name of your system. If you are documenting controls that are common to all systems, SYSTEMNAME could be the same as the department name or the name of your IT unit.
2. Globally replace DEPARTMENTNAME with the name of your department.
3. Use the guidance provided throughout the template in gray. You can delete it from the final draft.