ABSTRACT
Security procedures play a prominent part in the minimum security baseline set. They are an important type of control that documents the security practices and processes that have been implemented to protect the system. Although system-level security procedures can be regarded as another type of security control, their development is key to the successful implementation of a certification and accreditation program. This is because the program can foster the development of critical controls by not only identifying and increasing the visibility of the need for documented procedures, but also by providing tools and techniques to aid in their development. This chapter addresses security procedures specific to individual systems, as well as those considered to be common controls that are applicable to multiple systems at either the business unit or enterprise level.
