Quiz Entry - updated: 2026.06.04
What is a System-Specific Security Policy (SysSP), and what makes it different from the other policy types?
A SysSP works like a manual of procedures for configuring and maintaining one specific system — e.g. how to select and set up the company firewall.
Characteristics:
- Functions as instructions or procedures used when configuring or maintaining systems
- Examples: how to select and set up the firewall; defining access levels for different user types (not every user needs the same controls)
- Very targeted documents — each relates only to the specific system it addresses
- Consequently, each system needs its own SysSP describing how it functions and is managed
The contrast: EISP and ISSP read like policy (positions, principles); the SysSP reads like a manual. It's the level where security intent finally turns into concrete settings — and where an admin's "personal preference" gets replaced by documented, reviewable decisions.