Specifications include, but are not limited to: provide COTS vital statistics record management; Risk Assessment for Adult Education Data Management System STEP 1: SYSTEM CHARACTERIZATION Output from Step 1 - Characterization of the IT system being assessed, a good picture of the IT system environment, and delineation of the system boundary Hardware Cloud Services Software System interfaces (e.g., internal and external connectivity) Data and information Persons who support and use the information system System mission (e.g., the processes performed by the information system) System and data criticality (e.g., the system’s value or importance to an ITSD) System and data sensitivity Access controls Additional information related to the operational environment of the information system and its data that can be collected includes, but is not limited to, the following: The functional requirements of the information system Users of the system (e.g., system users who provide technical support to the information system; application users who use the information system to perform business functions) System security policies governing the information system (organizational policies, federal requirements, laws, industry practices) System security architecture.
