Description of environment being assessed:
Organization:
Contact Person:
List of systems, computers (including home computers used for Organization business), devices, applications, and data sources:
"List roles with access including roles with update or admin privileges:
"
Assessment Contributors:
Description and Classification of Information
"Description of Information:
Please generally describe the type of information in these systems, including what business functions are supported"
"Sensitivity requirement: Impact of unauthorized access or disclosure
High = Restricted data
Moderate =Confidential data
Low = Non-confidential data"
If Sensitivity is High, are full Social Security Numbers stored?
"If full Social Security Numbers are stored, please explain the business need or law that requires having them.
If no business need or law requires storing full Social Security Numbers, is there a plan to redact or remove them? If yes, please describe."
"Availability requirement:
Essential to the continuing operation of the Organization. Failure to function correctly and on schedule could result in a major failure to perform mission-critical functions, a significant loss of funds or information, or a significant liability or other legal exposure.
Necessary to perform important functions, but operations could continue for a short period of time without those functions while normal operations are being restored.
Deferral while operations continue for an extended period of time without those systems or services performing correctly or on schedule."
If availability is "Essential" list key physical locations for these systems.
Login to download this security self assessment including an assessment worksheet.