Back

Disseminate and communicate updates to the Governance, Risk, and Compliance framework to interested personnel and affected parties.


CONTROL ID
06955
CONTROL TYPE
Behavior
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain a Governance, Risk, and Compliance framework., CC ID: 01406

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • Malware protection should include informing external parties of the organization's malware protection standards / procedures. (CF.10.02.05c, The Standard of Good Practice for Information Security)
  • Malware protection should include informing external parties of the organization's malware protection standards / procedures. (CF.10.02.05c, The Standard of Good Practice for Information Security, 2013)
  • Security policy changes with material operational impact must require formal notification of subcontractors, tenants, supporting service tiers and employees of the impact and ramifications. (IS-05, The Cloud Security Alliance Controls Matrix, Version 1.3)
  • internally communicate information relevant to the environmental management system among the various levels and functions of the organization, including changes to the environmental management system, as appropriate; (§ 7.4.2 ¶ 1 a), ISO 14001:2015 - Environmental management systems — Requirements with guidance for use, Third Edition)
  • The organization shall establish documented procedures, including the authorities and responsibilities, for communicating information about new or changed documents to interested parties. (§ 4.3.2 ¶ 2(b), ISO 20000-1, Information Technology - Service Management - Part 1: Service Management System Requirements, Second Edition)
  • The organization should establish an approved approach to communication and consultation in order to support the framework and facilitate the effective application of risk management. Communication involves sharing information with targeted audiences. Consultation also involves participants providin… (§ 5.4.5 ¶ 1, ISO 31000 Risk management - Guidelines, 2018)
  • Communication and consultation should be timely and ensure that relevant information is collected, collated, synthesised and shared, as appropriate, and that feedback is provided and improvements are made. (§ 5.4.5 ¶ 2, ISO 31000 Risk management - Guidelines, 2018)
  • decisions, actions, performance and improvements; (§ 6.5.3.2 ¶ 1 b) 1), ISO 37000:2021, Governance of organizations — Guidance, First Edition)
  • be available to interested parties, as appropriate. (§ 5.2 ¶ 2 bullet 11, ISO 37301:2021 Compliance management systems — Requirements with guidance for use, First Edition, Edition 1)
  • be available to interested parties, as appropriate. (§ 5.2 ¶ 3 c), ISO/DIS 37301, Compliance management systems — Requirements with guidance for use, DRAFT)
  • internally communicate information relevant to the compliance management system among the various levels and functions of the organization, including changes to the compliance management system, as appropriate; (§ 7.4 ¶ 7 bullet 1, ISO/DIS 37301, Compliance management systems — Requirements with guidance for use, DRAFT)
  • Communicates contingency plan changes to [Assignment: organization-defined key contingency personnel (identified by name and/or by role) and organizational elements]; and (CP-2f., StateRAMP Security Controls Baseline Summary Category 1, Version 1.1)
  • Communicates incident response plan changes to [Assignment: organization-defined incident response personnel (identified by name and/or by role) and organizational elements]; and (IR-8e., StateRAMP Security Controls Baseline Summary Category 1, Version 1.1)
  • Distributes copies of the security plan and communicates subsequent changes to the plan to [Assignment: organization-defined personnel or roles]; (PL-2b., StateRAMP Security Controls Baseline Summary Category 1, Version 1.1)
  • Communicates contingency plan changes to [Assignment: organization-defined key contingency personnel (identified by name and/or by role) and organizational elements]; and (CP-2f., StateRAMP Security Controls Baseline Summary Category 2, Version 1.1)
  • Communicates incident response plan changes to [Assignment: organization-defined incident response personnel (identified by name and/or by role) and organizational elements]; and (IR-8e., StateRAMP Security Controls Baseline Summary Category 2, Version 1.1)
  • Distributes copies of the security plan and communicates subsequent changes to the plan to [Assignment: organization-defined personnel or roles]; (PL-2b., StateRAMP Security Controls Baseline Summary Category 2, Version 1.1)
  • Communicates contingency plan changes to [Assignment: organization-defined key contingency personnel (identified by name and/or by role) and organizational elements]; and (CP-2f., StateRAMP Security Controls Baseline Summary Category 3, Version 1.1)
  • Communicates incident response plan changes to [Assignment: organization-defined incident response personnel (identified by name and/or by role) and organizational elements]; and (IR-8e., StateRAMP Security Controls Baseline Summary Category 3, Version 1.1)
  • Distributes copies of the security plan and communicates subsequent changes to the plan to [Assignment: organization-defined personnel or roles]; (PL-2b., StateRAMP Security Controls Baseline Summary Category 3, Version 1.1)
  • Communicates contingency plan changes to [Assignment: organization-defined key contingency personnel (identified by name and/or by role) and organizational elements]; and (CP-2f., StateRAMP Security Controls Baseline Summary High Sensitivity Level, Version 1.1)
  • Communicates incident response plan changes to [Assignment: organization-defined incident response personnel (identified by name and/or by role) and organizational elements]; and (IR-8e., StateRAMP Security Controls Baseline Summary High Sensitivity Level, Version 1.1)
  • Distributes copies of the security plan and communicates subsequent changes to the plan to [Assignment: organization-defined personnel or roles]; (PL-2b., StateRAMP Security Controls Baseline Summary High Sensitivity Level, Version 1.1)
  • The responsibility and accountability for the system security policies and the changes and updates to the system security policies are communicated to the personnel who are responsible for implementing them. (Security Prin. and Criteria Table § 2.3, Appendix B: Trust Services Principles and Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy, TSP Section 100 Principles and Criteria)
  • The responsibility and accountability for the system availability and related security policies and the changes and updates to the system availability and related security policies are communicated to the personnel who are responsible for implementing them. (Availability Prin. and Criteria Table § 2.3, Appendix B: Trust Services Principles and Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy, TSP Section 100 Principles and Criteria)
  • The responsibility and accountability for the system processing integrity and related security policies and the changes and updates to the system processing integrity and related security policies are communicated to the personnel who are responsible for implementing them. (Processing Integrity Prin. and Criteria Table § 2.3, Appendix B: Trust Services Principles and Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy, TSP Section 100 Principles and Criteria)
  • The responsibility and accountability for the system confidentiality and related security policies and the changes and updates to the system confidentiality and related security policies are communicated to the personnel who are responsible for implementing them. (Confidentiality Prin. and Criteria Table § 2.3, Appendix B: Trust Services Principles and Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy, TSP Section 100 Principles and Criteria)
  • Changes to the entity’s confidentiality commitments and system requirements are communicated to internal and external users, vendors, and other third parties whose products and services are part of the system. (C1.6, TSP 100A - Trust Services Principles and Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy)
  • The agency coordinator shall disseminate information received from the contracting government agency, such as system updates, to the appropriate contractor employees. (§ 3.2.7(3), Criminal Justice Information Services (CJIS) Security Policy, CJISD-ITS-DOC-08140-5.2, Version 5.2)
  • The agency coordinator shall maintain and update manuals associated with the contractor agreement and provide them to the contractor. (§ 3.2.7(4), Criminal Justice Information Services (CJIS) Security Policy, CJISD-ITS-DOC-08140-5.2, Version 5.2)
  • Management reports to the board periodically on the status of AIO initiatives, progress, issues, and metrics. (App A Objective 2:13a, FFIEC Information Technology Examination Handbook - Architecture, Infrastructure, and Operations, June 2021)
  • Communicates contingency plan changes to [Assignment: organization-defined key contingency personnel (identified by name and/or by role) and organizational elements]; and (CP-2f. High Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • Communicates incident response plan changes to [FedRAMP Assignment: The service provider defines a list of incident response personnel (identified by name and/or by role) and organizational elements. The incident response list includes designated FedRAMP personnel.]; and (IR-8e. High Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • Distributes copies of the security plan and communicates subsequent changes to the plan to [Assignment: organization-defined personnel or roles]; (PL-2b. High Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • Communicates contingency plan changes to [Assignment: organization-defined key contingency personnel (identified by name and/or by role) and organizational elements]; and (CP-2f. Low Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • Communicates contingency plan changes to [Assignment: organization-defined key contingency personnel (identified by name and/or by role) and organizational elements]; and (CP-2f. Moderate Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • Communicates incident response plan changes to [FedRAMP Assignment: The service provider defines a list of incident response personnel (identified by name and/or by role) and organizational elements. The incident response list includes designated FedRAMP personnel.]; and (IR-8e. Moderate Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • Communicates incident response plan changes to [FedRAMP Assignment: The service provider defines a list of incident response personnel (identified by name and/or by role) and organizational elements. The incident response list includes designated FedRAMP personnel.]; and (IR-8e. Low Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • Distributes copies of the security plan and communicates subsequent changes to the plan to [Assignment: organization-defined personnel or roles]; (PL-2b. Moderate Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • Distributes copies of the security plan and communicates subsequent changes to the plan to [Assignment: organization-defined personnel or roles]; (PL-2b. Low Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • Communicate contingency plan changes to [Assignment: organization-defined key contingency personnel (identified by name and/or by role) and organizational elements]; (CP-2f., FedRAMP Security Controls High Baseline, Version 5)
  • Communicate incident response plan changes to [FedRAMP Assignment: see additional FedRAMP Requirements and Guidance]; and (IR-8d., FedRAMP Security Controls High Baseline, Version 5)
  • Communicate contingency plan changes to [Assignment: organization-defined key contingency personnel (identified by name and/or by role) and organizational elements]; (CP-2f., FedRAMP Security Controls Low Baseline, Version 5)
  • Communicate incident response plan changes to [FedRAMP Assignment: see additional FedRAMP Requirements and Guidance]; and (IR-8d., FedRAMP Security Controls Low Baseline, Version 5)
  • Communicate contingency plan changes to [Assignment: organization-defined key contingency personnel (identified by name and/or by role) and organizational elements]; (CP-2f., FedRAMP Security Controls Moderate Baseline, Version 5)
  • Communicate incident response plan changes to [FedRAMP Assignment: see additional FedRAMP Requirements and Guidance]; and (IR-8d., FedRAMP Security Controls Moderate Baseline, Version 5)
  • Communicate contingency plan changes to [Assignment: organization-defined key contingency personnel (identified by name and/or by role) and organizational elements]; (CP-2f., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, High Impact Baseline, October 2020)
  • Communicate incident response plan changes to [Assignment: organization-defined incident response personnel (identified by name and/or by role) and organizational elements]; and (IR-8d., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, High Impact Baseline, October 2020)
  • Communicate contingency plan changes to [Assignment: organization-defined key contingency personnel (identified by name and/or by role) and organizational elements]; (CP-2f., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Low Impact Baseline, October 2020)
  • Communicate incident response plan changes to [Assignment: organization-defined incident response personnel (identified by name and/or by role) and organizational elements]; and (IR-8d., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Low Impact Baseline, October 2020)
  • Communicate contingency plan changes to [Assignment: organization-defined key contingency personnel (identified by name and/or by role) and organizational elements]; (CP-2f., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Moderate Impact Baseline, October 2020)
  • Communicate incident response plan changes to [Assignment: organization-defined incident response personnel (identified by name and/or by role) and organizational elements]; and (IR-8d., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Moderate Impact Baseline, October 2020)
  • Communicate incident response plan changes to [Assignment: organization-defined incident response personnel (identified by name and/or by role) and organizational elements]; and (IR-8d., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Privacy Control Baseline, October 2020)
  • Communicate contingency plan changes to [Assignment: organization-defined key contingency personnel (identified by name and/or by role) and organizational elements]; (CP-2f., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Baseline Controls)
  • Communicate incident response plan changes to [Assignment: organization-defined incident response personnel (identified by name and/or by role) and organizational elements]; and (IR-8d., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Baseline Controls)
  • Communicate incident response plan changes to [Assignment: organization-defined incident response personnel (identified by name and/or by role) and organizational elements]; and (IR-8d., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Flow Down Controls)
  • Communicate contingency plan changes to [Assignment: organization-defined key contingency personnel (identified by name and/or by role) and organizational elements]; (CP-2f., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 2 Controls)
  • Communicate incident response plan changes to [Assignment: organization-defined incident response personnel (identified by name and/or by role) and organizational elements]; and (IR-8d., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 2 Controls)
  • Communicate contingency plan changes to [Assignment: organization-defined key contingency personnel (identified by name and/or by role) and organizational elements]; (CP-2f., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 3 Controls)
  • Communicate incident response plan changes to [Assignment: organization-defined incident response personnel (identified by name and/or by role) and organizational elements]; and (IR-8d., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 3 Controls)
  • Communicates contingency plan changes to [Assignment: organization-defined key contingency personnel (identified by name and/or by role) and organizational elements]; and (CP-2f. Low Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • Communicates contingency plan changes to [Assignment: organization-defined key contingency personnel (identified by name and/or by role) and organizational elements]; and (CP-2f. Moderate Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • Communicates contingency plan changes to [Assignment: organization-defined key contingency personnel (identified by name and/or by role) and organizational elements]; and (CP-2f. High Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • Communicates incident response plan changes to [Assignment: organization-defined incident response personnel (identified by name and/or by role) and organizational elements]; and (IR-8e. Low Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • Communicates incident response plan changes to [Assignment: organization-defined incident response personnel (identified by name and/or by role) and organizational elements]; and (IR-8e. Moderate Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • Communicates incident response plan changes to [Assignment: organization-defined incident response personnel (identified by name and/or by role) and organizational elements]; and (IR-8e. High Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • Distributes copies of the security plan and communicates subsequent changes to the plan to [Assignment: organization-defined personnel or roles]; (PL-2b. High Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • Distributes copies of the security plan and communicates subsequent changes to the plan to [Assignment: organization-defined personnel or roles]; (PL-2b. Moderate Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • Distributes copies of the security plan and communicates subsequent changes to the plan to [Assignment: organization-defined personnel or roles]; (PL-2b. Low Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • The organization must communicate contingency plan changes to key contingency personnel, identified by name and/or role, and to organizational units. (App F § CP-2.f, Recommended Security Controls for Federal Information Systems, NIST SP 800-53)
  • The organization must communicate incident response plan changes to incident response personnel, identified by name and/or role, and to organizational elements. (App F § IR-8.e, Recommended Security Controls for Federal Information Systems, NIST SP 800-53)
  • The organization communicates contingency plan changes to {organizationally documented key contingency personnel}. (CP-2f., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Deprecated, Revision 4, Deprecated)
  • The organization communicates contingency plan changes to {organizationally documented key contingency roles}. (CP-2f., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Deprecated, Revision 4, Deprecated)
  • The organization communicates contingency plan changes to {organizationally documented organizational key contingency elements}. (CP-2f., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Deprecated, Revision 4, Deprecated)
  • The organization communicates incident response plan changes to {organizationally documented organizational response personnel}. (IR-8e., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Deprecated, Revision 4, Deprecated)
  • The organization communicates incident response plan changes to {organizationally documented organizational response roles}. (IR-8e., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Deprecated, Revision 4, Deprecated)
  • The organization communicates incident response plan changes to {organizationally documented organizational response elements}. (IR-8e., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Deprecated, Revision 4, Deprecated)
  • The organization distributes copies of the security plan and communicates subsequent changes to the plan to {organizationally documented personnel}. (PL-2b., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Deprecated, Revision 4, Deprecated)
  • The organization communicates contingency plan changes to {organizationally documented key contingency personnel}. (CP-2f., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The organization communicates contingency plan changes to {organizationally documented key contingency roles}. (CP-2f., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The organization communicates contingency plan changes to {organizationally documented organizational key contingency elements}. (CP-2f., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The organization communicates incident response plan changes to {organizationally documented organizational response personnel}. (IR-8e., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The organization communicates incident response plan changes to {organizationally documented organizational response roles}. (IR-8e., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The organization communicates incident response plan changes to {organizationally documented organizational response elements}. (IR-8e., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The organization distributes copies of the security plan and communicates subsequent changes to the plan to {organizationally documented personnel}. (PL-2b., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The organization communicates contingency plan changes to {organizationally documented key contingency personnel}. (CP-2f., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Low Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The organization communicates contingency plan changes to {organizationally documented key contingency roles}. (CP-2f., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Low Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The organization communicates contingency plan changes to {organizationally documented organizational key contingency elements}. (CP-2f., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Low Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The organization communicates incident response plan changes to {organizationally documented organizational response personnel}. (IR-8e., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Low Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The organization communicates incident response plan changes to {organizationally documented organizational response roles}. (IR-8e., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Low Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The organization communicates incident response plan changes to {organizationally documented organizational response elements}. (IR-8e., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Low Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The organization distributes copies of the security plan and communicates subsequent changes to the plan to {organizationally documented personnel}. (PL-2b., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Low Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The organization communicates incident response plan changes to {organizationally documented organizational response personnel}. (IR-8e., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The organization communicates incident response plan changes to {organizationally documented organizational response roles}. (IR-8e., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The organization communicates incident response plan changes to {organizationally documented organizational response elements}. (IR-8e., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The organization distributes copies of the security plan and communicates subsequent changes to the plan to {organizationally documented personnel}. (PL-2b., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The organization communicates contingency plan changes to {organizationally documented key contingency personnel}. (CP-2f., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The organization communicates contingency plan changes to {organizationally documented key contingency roles}. (CP-2f., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The organization communicates contingency plan changes to {organizationally documented organizational key contingency elements}. (CP-2f., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Deprecated, Revision 4, Deprecated)
  • Communicates contingency plan changes to [Assignment: organization-defined key contingency personnel (identified by name and/or by role) and organizational elements]; and (CP-2f., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Revision 4)
  • Communicates incident response plan changes to [Assignment: organization-defined incident response personnel (identified by name and/or by role) and organizational elements]; and (IR-8e., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Revision 4)
  • Distributes copies of the security plan and communicates subsequent changes to the plan to [Assignment: organization-defined personnel or roles]; (PL-2b., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Revision 4)
  • Communicates contingency plan changes to [Assignment: organization-defined key contingency personnel (identified by name and/or by role) and organizational elements]; and (CP-2f., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Low Impact Baseline, Revision 4)
  • Communicates incident response plan changes to [Assignment: organization-defined incident response personnel (identified by name and/or by role) and organizational elements]; and (IR-8e., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Low Impact Baseline, Revision 4)
  • Distributes copies of the security plan and communicates subsequent changes to the plan to [Assignment: organization-defined personnel or roles]; (PL-2b., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Low Impact Baseline, Revision 4)
  • Communicates contingency plan changes to [Assignment: organization-defined key contingency personnel (identified by name and/or by role) and organizational elements]; and (CP-2f., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Revision 4)
  • Communicates incident response plan changes to [Assignment: organization-defined incident response personnel (identified by name and/or by role) and organizational elements]; and (IR-8e., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Revision 4)
  • Distributes copies of the security plan and communicates subsequent changes to the plan to [Assignment: organization-defined personnel or roles]; (PL-2b., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Revision 4)
  • Communicates contingency plan changes to [Assignment: organization-defined key contingency personnel (identified by name and/or by role) and organizational elements]; and (CP-2f., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Revision 4)
  • Distributes copies of the security plan and communicates subsequent changes to the plan to [Assignment: organization-defined personnel or roles]; (PL-2b., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Revision 4)
  • Communicates incident response plan changes to [Assignment: organization-defined incident response personnel (identified by name and/or by role) and organizational elements]; and (IR-8e., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Revision 4)
  • Communicate contingency plan changes to [Assignment: organization-defined key contingency personnel (identified by name and/or by role) and organizational elements]; (CP-2f., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
  • Communicate incident response plan changes to [Assignment: organization-defined incident response personnel (identified by name and/or by role) and organizational elements]; and (IR-8d., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
  • Communicate contingency plan changes to [Assignment: organization-defined key contingency personnel (identified by name and/or by role) and organizational elements]; (CP-2f., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5.1.1)
  • Communicate incident response plan changes to [Assignment: organization-defined incident response personnel (identified by name and/or by role) and organizational elements]; and (IR-8d., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5.1.1)
  • Communicates contingency plan changes to [Assignment: organization-defined key contingency personnel (identified by name and/or by role) and organizational elements]; and (CP-2f., Supply Chain Risk Management Practices for Federal Information Systems and Organizations, NIST Special Publication 800-161, April 2015)
  • Distributes copies of the security plan and communicates subsequent changes to the plan to [Assignment: organization-defined personnel or roles]; (PL-2b., Supply Chain Risk Management Practices for Federal Information Systems and Organizations, NIST Special Publication 800-161, April 2015)
  • Communicates contingency plan changes to [Assignment: organization-defined key contingency personnel (identified by name and/or by role) and organizational elements]; and (CP-2f., TX-RAMP Security Controls Baseline Level 1)
  • Communicates incident response plan changes to [Assignment: organization-defined incident response personnel (identified by name and/or by role) and organizational elements]; and (IR-8e., TX-RAMP Security Controls Baseline Level 1)
  • Distributes copies of the security plan and communicates subsequent changes to the plan to [Assignment: organization-defined personnel or roles]; (PL-2b., TX-RAMP Security Controls Baseline Level 1)
  • Communicates contingency plan changes to [Assignment: organization-defined key contingency personnel (identified by name and/or by role) and organizational elements]; and (CP-2f., TX-RAMP Security Controls Baseline Level 2)
  • Communicates incident response plan changes to [Assignment: organization-defined incident response personnel (identified by name and/or by role) and organizational elements]; and (IR-8e., TX-RAMP Security Controls Baseline Level 2)
  • Distributes copies of the security plan and communicates subsequent changes to the plan to [Assignment: organization-defined personnel or roles]; (PL-2b., TX-RAMP Security Controls Baseline Level 2)