Establish, implement, and maintain a security planning policy.
CONTROL ID 14027
CONTROL TYPE Establish/Maintain Documentation
CLASSIFICATION Preventive
SUPPORTING AND SUPPORTED CONTROLS
This Control directly supports the implied Control(s):
Establish, implement, and maintain a strategic plan., CC ID: 12784
This Control has the following implementation support Control(s):
Include compliance requirements in the security planning policy., CC ID: 14131
Include coordination amongst entities in the security planning policy., CC ID: 14130
Include management commitment in the security planning policy., CC ID: 14129
Include roles and responsibilities in the security planning policy., CC ID: 14128
Include the scope in the security planning policy., CC ID: 14127
Include the purpose in the security planning policy., CC ID: 14126
Disseminate and communicate the security planning policy to interested personnel and affected parties., CC ID: 14125
Establish, implement, and maintain security planning procedures., CC ID: 14060
SELECTED AUTHORITY DOCUMENTS COMPLIED WITH
Based on the determined framework conditions, the formulated security objectives and the intended security level, the person responsible for information security as appointed by the level of management must elaborate a proposal on how the further steps for achieving the short-term and long- term sec… (§ 3.3.5 ¶ 1, BSI-Standard 200-2 IT-Grundschutz Methodology, Version 1.0)
Security planning policy [Assignment: organization-defined frequency]; and (PL-1b.1., StateRAMP Security Controls Baseline Summary Category 1, Version 1.1)
A security planning policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (PL-1a.1., StateRAMP Security Controls Baseline Summary Category 1, Version 1.1)
Security planning policy [Assignment: organization-defined frequency]; and (PL-1b.1., StateRAMP Security Controls Baseline Summary Category 2, Version 1.1)
A security planning policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (PL-1a.1., StateRAMP Security Controls Baseline Summary Category 2, Version 1.1)
Security planning policy [Assignment: organization-defined frequency]; and (PL-1b.1., StateRAMP Security Controls Baseline Summary Category 3, Version 1.1)
A security planning policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (PL-1a.1., StateRAMP Security Controls Baseline Summary Category 3, Version 1.1)
Security planning policy [Assignment: organization-defined frequency]; and (PL-1b.1., StateRAMP Security Controls Baseline Summary High Sensitivity Level, Version 1.1)
A security planning policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (PL-1a.1., StateRAMP Security Controls Baseline Summary High Sensitivity Level, Version 1.1)
Security planning policy [FedRAMP Assignment: at least annually]; and (PL-1b.1. High Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
A security planning policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (PL-1a.1. High Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
Security planning policy [FedRAMP Assignment: at least every 3 years]; and (PL-1b.1. Moderate Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
A security planning policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (PL-1a.1. Low Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
Security planning policy [FedRAMP Assignment: at least every 3 years]; and (PL-1b.1. Low Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
A security planning policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (PL-1a.1. Moderate Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
A security planning policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (PL-1a.1. Low Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
A security planning policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (PL-1a.1. Moderate Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
A security planning policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (PL-1a.1. High Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
Security planning policy [Assignment: organization-defined frequency]; and (PL-1b.1. Low Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
Security planning policy [Assignment: organization-defined frequency]; and (PL-1b.1. Moderate Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
Security planning policy [Assignment: organization-defined frequency]; and (PL-1b.1. High Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
Security planning policy [Assignment: organization-defined frequency]; and (PL-1b.1., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Revision 4)
A security planning policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (PL-1a.1., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Revision 4)
Security planning policy [Assignment: organization-defined frequency]; and (PL-1b.1., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Low Impact Baseline, Revision 4)
A security planning policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (PL-1a.1., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Low Impact Baseline, Revision 4)
A security planning policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (PL-1a.1., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Revision 4)
Security planning policy [Assignment: organization-defined frequency]; and (PL-1b.1., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Revision 4)
Security planning policy [Assignment: organization-defined frequency]; and (PL-1b.1., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Revision 4)
A security planning policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (PL-1a.1., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Revision 4)
Security planning policy [Assignment: organization-defined frequency]; and (PL-1b.1., Supply Chain Risk Management Practices for Federal Information Systems and Organizations, NIST Special Publication 800-161, April 2015)
A security planning policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (PL-1a.1., Supply Chain Risk Management Practices for Federal Information Systems and Organizations, NIST Special Publication 800-161, April 2015)
A security planning policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (PL-1a.1., TX-RAMP Security Controls Baseline Level 1)
Security planning policy [TX-RAMP Assignment: at least every 3 years]; and (PL-1b.1., TX-RAMP Security Controls Baseline Level 1)
A security planning policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (PL-1a.1., TX-RAMP Security Controls Baseline Level 2)
Security planning policy [TX-RAMP Assignment: at least every 3 years]; and (PL-1b.1., TX-RAMP Security Controls Baseline Level 2)