Establish, implement, and maintain a security planning policy.
CONTROL ID 14027
CONTROL TYPE Establish/Maintain Documentation
CLASSIFICATION Preventive
SUPPORTING AND SUPPORTED CONTROLS
This Control directly supports the implied Control(s):
Establish, implement, and maintain a strategic plan., CC ID: 12784
This Control has the following implementation support Control(s):
Include compliance requirements in the security planning policy., CC ID: 14131
Include coordination amongst entities in the security planning policy., CC ID: 14130
Include management commitment in the security planning policy., CC ID: 14129
Include roles and responsibilities in the security planning policy., CC ID: 14128
Include the scope in the security planning policy., CC ID: 14127
Include the purpose in the security planning policy., CC ID: 14126
Disseminate and communicate the security planning policy to interested personnel and affected parties., CC ID: 14125
Establish, implement, and maintain security planning procedures., CC ID: 14060
SELECTED AUTHORITY DOCUMENTS COMPLIED WITH
A security planning policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (PL-1a.1., StateRAMP Security Controls Baseline Summary Category 1, Version 1.1)
Security planning policy [Assignment: organization-defined frequency]; and (PL-1b.1., StateRAMP Security Controls Baseline Summary Category 1, Version 1.1)
A security planning policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (PL-1a.1., StateRAMP Security Controls Baseline Summary Category 2, Version 1.1)
Security planning policy [Assignment: organization-defined frequency]; and (PL-1b.1., StateRAMP Security Controls Baseline Summary Category 2, Version 1.1)
A security planning policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (PL-1a.1., StateRAMP Security Controls Baseline Summary Category 3, Version 1.1)
Security planning policy [Assignment: organization-defined frequency]; and (PL-1b.1., StateRAMP Security Controls Baseline Summary Category 3, Version 1.1)
A security planning policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (PL-1a.1., StateRAMP Security Controls Baseline Summary High Sensitivity Level, Version 1.1)
Security planning policy [Assignment: organization-defined frequency]; and (PL-1b.1., StateRAMP Security Controls Baseline Summary High Sensitivity Level, Version 1.1)
A security planning policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (PL-1a.1. High Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
Security planning policy [FedRAMP Assignment: at least annually]; and (PL-1b.1. High Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
Security planning policy [FedRAMP Assignment: at least every 3 years]; and (PL-1b.1. Moderate Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
A security planning policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (PL-1a.1. Low Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
Security planning policy [FedRAMP Assignment: at least every 3 years]; and (PL-1b.1. Low Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
A security planning policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (PL-1a.1. Moderate Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
A security planning policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (PL-1a.1. Low Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
A security planning policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (PL-1a.1. Moderate Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
A security planning policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (PL-1a.1. High Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
Security planning policy [Assignment: organization-defined frequency]; and (PL-1b.1. Low Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
Security planning policy [Assignment: organization-defined frequency]; and (PL-1b.1. Moderate Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
Security planning policy [Assignment: organization-defined frequency]; and (PL-1b.1. High Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
A security planning policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (PL-1a.1., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Revision 4)
Security planning policy [Assignment: organization-defined frequency]; and (PL-1b.1., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Revision 4)
A security planning policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (PL-1a.1., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Low Impact Baseline, Revision 4)
Security planning policy [Assignment: organization-defined frequency]; and (PL-1b.1., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Low Impact Baseline, Revision 4)
A security planning policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (PL-1a.1., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Revision 4)
Security planning policy [Assignment: organization-defined frequency]; and (PL-1b.1., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Revision 4)
A security planning policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (PL-1a.1., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Revision 4)
Security planning policy [Assignment: organization-defined frequency]; and (PL-1b.1., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Revision 4)
A security planning policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (PL-1a.1., Supply Chain Risk Management Practices for Federal Information Systems and Organizations, NIST Special Publication 800-161, April 2015)
Security planning policy [Assignment: organization-defined frequency]; and (PL-1b.1., Supply Chain Risk Management Practices for Federal Information Systems and Organizations, NIST Special Publication 800-161, April 2015)
A security planning policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (PL-1a.1., TX-RAMP Security Controls Baseline Level 1)
Security planning policy [TX-RAMP Assignment: at least every 3 years]; and (PL-1b.1., TX-RAMP Security Controls Baseline Level 1)
A security planning policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (PL-1a.1., TX-RAMP Security Controls Baseline Level 2)
Security planning policy [TX-RAMP Assignment: at least every 3 years]; and (PL-1b.1., TX-RAMP Security Controls Baseline Level 2)