System Characterization
System Description
- Need, purpose and mission
- Functional requirements
- Policy and architecture
- Network topology
- Information flow
- Security controls (either planned or already implemented)
- Physical and environmental security
- Boundary analysis and interconnections
- Component inventory
- Hardware
- Software
- External interfaces to other systems
- Data
- People
inventory
Categorization – impact level according to FIPS 199. Security control baseline is automatically selected by the determination of impact level.
