Back

Establish, implement, and maintain research and development plans.


CONTROL ID
13649
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Initiate the System Development Life Cycle planning phase., CC ID: 06266

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • Computer systems to be developed should share roles with other related computer systems and function as an integrated system with existing systems. As such, the system development plan should be developed with consideration given to its consistency with the medium- to long-term system plans. (C3.1., FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
  • It is necessary to formulate plans for the planning, development, and operation of the system (hereinafter referred to as the "medium- to long-term system plan") with a medium- to long-term perspective, considering the fact that system development requires considerable management resources and time. (C2.1., FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
  • an indication of the research and development plans relating to the national strategy on the security of network and information systems; (Art. 7.1(e), Directive (EU) 2016/1148 OF The European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union)
  • Assist in the development of individual/collective development, training, and/or remediation plans. (T0320, National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, NIST Special Publication 800-181)
  • Conduct in-depth research and analysis. (T0615, National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, NIST Special Publication 800-181)
  • Conduct in-depth research and analysis. (T0615, Reference Spreadsheet for the Workforce Framework for Cybersecurity (NICE Framework)”, July 7, 2020)
  • Assist in the development of individual/collective development, training, and/or remediation plans. (T0320, Reference Spreadsheet for the Workforce Framework for Cybersecurity (NICE Framework)”, July 7, 2020)
  • REINVIGORATE FEDERAL RESEARCH AND DEVELOPMENT FOR CYBERSECURITY (STRATEGIC OBJECTIVE 4.2, National Cybersecurity Strategy)
  • REINVIGORATE FEDERAL RESEARCH AND DEVELOPMENT FOR CYBERSECURITY (STRATEGIC OBJECTIVE 4.2, National Cybersecurity Strategy (Condensed))