system security policy (SSP)

1. The set of laws, rules and practices that regulate how sensitive information and other resources are managed, protected and distributed within a specific system [ITSEC]. 2. [CESG]. A statement by a System Manager/Project Manager defining a system, its Security Requirement, the security measures to be enforced and the allocation of responsibilities for enforcing them. [CESG]. Note: When an SEISP is required it will conform with the policy set out in the relevant SSP. See also: Initial System Security policy.