ASD's Blueprint for Secure Cloud

System Security Plan

This page provides a template and guidance to assist organisations in preparing an introduction to an SSP describing the organisational policies and processes, and technical controls implemented within system(s) built on ASD's Blueprint for Secure Cloud.

Estimated reading time: 2 minutes

About this System Security Plan

This System Security Plan (SSP) describes the organisational policies and processes relevant to, and technical controls implemented within the core <SYSTEM-NAME> or network that includes <ORGANISATION-NAME>’s Microsoft Workloads (Cloud and Software as a Service), endpoints and <OTHER SYSTEM COMPONENTS IN SCOPE>.

ISM Version used:December 2023

Purpose of this System Security Plan

The purpose of this SSP is to describe the organisational policies and processes relevant to, and technical controls implemented within <ORGANISATION-NAME>’s <SYSTEM-NAME>, including the underlying components leveraged in the system’s deployment. This document has been developed to comply with the Australian Signals Directorate’s (ASD’s) Information Security Manual’s (ISM’s) requirements in relation to documentation for system authorisation.

This document is written using descriptive and explanatory language to assist readers in understanding how <SYSTEM-NAME> operates securely, the controls implemented, and the residual controls that are addressed elsewhere by <ORGANISATION-NAME>.

For detailed information on how <SYSTEM-NAME> addresses specific controls in ASD’s ISM, please refer to the System Security Plan Annex.


Overview

This page provides a template and guidance to assist organisations in preparing an Overview for their SSP describing system(s) built on ASD's Blueprint for Secure Cloud.

Cyber Security Roles

This page provides a template and guidance to assist organisations in documenting the cyber security roles associated with their system(s) built on ASD's Blueprint for Secure Cloud.

Cyber Security Incidents

This page provides a template and guidance to assist organisations in documenting their approach to managing and responding to cyber security incidents associated with their system(s) built on ASD's Blueprint for Secure Cloud.

Procurement and Outsourcing

This page provides a template and guidance to assist organisations in documenting their approach to procurement and outsourcing associated with their system(s) built on ASD's Blueprint for Secure Cloud.

Security Documentation

This page provides a template and guidance to assist organisations in documenting their approach to security documentation associated with their system(s) built on ASD's Blueprint for Secure Cloud.

Physical Security

This page provides a template and guidance to assist organisations in documenting their approach to physical security associated with their system(s) built on ASD's Blueprint for Secure Cloud.

Personnel Security

This page provides a template and guidance to assist organisations in documenting their approach to personnel security associated with their system(s) built on ASD's Blueprint for Secure Cloud.

Communication Infrastructure

This page provides a template and guidance to assist organisations in documenting their approach to managing communications infrastructure associated with their system(s) built on ASD's Blueprint for Secure Cloud.

Communications Systems

This page provides a template and guidance to assist organisations in documenting their approach to managing communications systems associated with their system(s) built on ASD's Blueprint for Secure Cloud.

Enterprise Mobility

This page provides a template and guidance to assist organisations in documenting their approach to enterprise mobility associated with their system(s) built on ASD's Blueprint for Secure Cloud.

Evaluated Products

This page provides a template and guidance to assist organisations in documenting their approach to evaluation of products used in association with their system(s) built on ASD's Blueprint for Secure Cloud.

ICT Equipment

This page provides a template and guidance to assist organisations in documenting their approach to management of ICT equipment associated with their system(s) built on ASD's Blueprint for Secure Cloud.

Media

This page provides a template and guidance to assist organisations in documenting their approach to management of media usage, sanitisation, destruction and disposal associated with their system(s) built on ASD's Blueprint for Secure Cloud.

Operating System Hardening

This page provides a template and guidance to assist organisations in documenting their approach to operating system hardening associated with their system(s) built on ASD's Blueprint for Secure Cloud.

User Application Hardening

This page provides a template and guidance to assist organisations in documenting their approach to user application hardening associated with their system(s) built on ASD's Blueprint for Secure Cloud.

Server Application Hardening

This page provides a template and guidance to assist organisations in documenting their approach to server application hardening associated with their system(s) built on ASD's Blueprint for Secure Cloud.

Authentication Hardening

This page provides a template and guidance to assist organisations in documenting their approach to authentication hardening associated with their system(s) built on ASD's Blueprint for Secure Cloud.

Virtualisation Hardening

This page provides a template and guidance to assist organisations in documenting their approach to virtualisation hardening associated with their system(s) built on ASD's Blueprint for Secure Cloud.

System Management

This page provides a template and guidance to assist organisations in documenting their approach to system administration, patching and backups and restoration associated with their system(s) built on ASD's Blueprint for Secure Cloud.

System Monitoring

This page provides a template and guidance to assist organisations in documenting their approach to system monitoring, including event logging and monitoring, associated with their system(s) built on ASD's Blueprint for Secure Cloud.

Software Development

This page provides a template and guidance to assist organisations in documenting their approach to software development associated with their system(s) built on ASD's Blueprint for Secure Cloud.

Database Systems

This page provides a template and guidance to assist organisations in documenting their approach to databases and database servers associated with their system(s) built on ASD's Blueprint for Secure Cloud.

Email

This page provides a template and guidance to assist organisations in documenting their approach to email gateways and servers and email use associated with their system(s) built on ASD's Blueprint for Secure Cloud.

Networking

This page provides a template and guidance to assist organisations in documenting their approach to networking design and configuration, wireless networks and service continuity for online services associated with their system(s) built on ASD's Blueprint for Secure Cloud.

Cryptography

This page provides a template and guidance to assist organisations in documenting their approach to cryptography, TLS, SSH, S/MiME and IPSec associated with their system(s) built on ASD's Blueprint for Secure Cloud.

Gateways

This page provides a template and guidance to assist organisations in documenting their approach to gateways, cross-domain solutions, firewalls, web proxies, content filtering and peripheral switches associated with their system(s) built on ASD's Blueprint for Secure Cloud.

Data Transfers

This page provides a template and guidance to assist organisations in documenting their approach to data transfers associated with their system(s) built on ASD's Blueprint for Secure Cloud.

Do you have a suggestion on how the above page could be improved? Get in touch! ASD's Blueprint for Secure Cloud is an open source project, and we would love to get your input. Submit an issue on our GitHub, or send us an email at blueprint@asd.gov.au

Acknowledgement of Country icon

Acknowledgement of Country
We acknowledge the Traditional Owners and Custodians of Country throughout Australia and their continuing connections to land, sea and communities. We pay our respects to them, their cultures and their Elders; past, present and emerging. We also recognise Australia's First Peoples' enduring contribution to Australia's national security.

Authorised by the Australian Government, Canberra