This Control has the following implementation support Control(s):
Include compliance requirements in the system and information integrity policy., CC ID: 14151
Include coordination amongst entities in the system and information integrity policy., CC ID: 14150
Include management commitment in the system and information integrity policy., CC ID: 14149
Include roles and responsibilities in the system and information integrity policy., CC ID: 14148
Include the scope in the system and information integrity policy., CC ID: 14147
Include the purpose in the system and information integrity policy., CC ID: 14146
Disseminate and communicate the system and information integrity policy to interested personnel and affected parties., CC ID: 14145
Establish, implement, and maintain system and information integrity procedures., CC ID: 14051
SELECTED AUTHORITY DOCUMENTS COMPLIED WITH
A system and information integrity policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (SI-1a.1., StateRAMP Security Controls Baseline Summary Category 1, Version 1.1)
System and information integrity policy [Assignment: organization-defined frequency]; and (SI-1b.1., StateRAMP Security Controls Baseline Summary Category 1, Version 1.1)
A system and information integrity policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (SI-1a.1., StateRAMP Security Controls Baseline Summary Category 2, Version 1.1)
System and information integrity policy [Assignment: organization-defined frequency]; and (SI-1b.1., StateRAMP Security Controls Baseline Summary Category 2, Version 1.1)
A system and information integrity policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (SI-1a.1., StateRAMP Security Controls Baseline Summary Category 3, Version 1.1)
System and information integrity policy [Assignment: organization-defined frequency]; and (SI-1b.1., StateRAMP Security Controls Baseline Summary Category 3, Version 1.1)
A system and information integrity policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (SI-1a.1., StateRAMP Security Controls Baseline Summary High Sensitivity Level, Version 1.1)
System and information integrity policy [Assignment: organization-defined frequency]; and (SI-1b.1., StateRAMP Security Controls Baseline Summary High Sensitivity Level, Version 1.1)
A system and information integrity policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (SI-1a.1. High Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
System and information integrity policy [FedRAMP Assignment: at least annually]; and (SI-1b.1. High Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
System and information integrity policy [FedRAMP Assignment: at least every 3 years]; and (SI-1b.1. Moderate Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
A system and information integrity policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (SI-1a.1. Low Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
System and information integrity policy [FedRAMP Assignment: at least every 3 years]; and (SI-1b.1. Low Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
A system and information integrity policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (SI-1a.1. Moderate Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
[Selection (one or more): organization-level; mission/business process-level; system-level] system and information integrity policy that: (SI-1a.1., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, High Impact Baseline, October 2020)
Policy [Assignment: organization-defined frequency] and following [Assignment: organization-defined events]; and (SI-1c.1., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, High Impact Baseline, October 2020)
Is consistent with applicable laws, executive orders, directives, regulations, policies, standards, and guidelines; and (SI-1a.1(b), Control Baselines for Information Systems and Organizations, NIST SP 800-53B, High Impact Baseline, October 2020)
[Selection (one or more): organization-level; mission/business process-level; system-level] system and information integrity policy that: (SI-1a.1., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Low Impact Baseline, October 2020)
Is consistent with applicable laws, executive orders, directives, regulations, policies, standards, and guidelines; and (SI-1a.1(b), Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Low Impact Baseline, October 2020)
Policy [Assignment: organization-defined frequency] and following [Assignment: organization-defined events]; and (SI-1c.1., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Low Impact Baseline, October 2020)
[Selection (one or more): organization-level; mission/business process-level; system-level] system and information integrity policy that: (SI-1a.1., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Moderate Impact Baseline, October 2020)
Policy [Assignment: organization-defined frequency] and following [Assignment: organization-defined events]; and (SI-1c.1., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Moderate Impact Baseline, October 2020)
Is consistent with applicable laws, executive orders, directives, regulations, policies, standards, and guidelines; and (SI-1a.1(b), Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Moderate Impact Baseline, October 2020)
Is consistent with applicable laws, executive orders, directives, regulations, policies, standards, and guidelines; and (SI-1a.1(b), Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Privacy Control Baseline, October 2020)
[Selection (one or more): organization-level; mission/business process-level; system-level] system and information integrity policy that: (SI-1a.1., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Privacy Control Baseline, October 2020)
Policy [Assignment: organization-defined frequency] and following [Assignment: organization-defined events]; and (SI-1c.1., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Privacy Control Baseline, October 2020)
[Selection (one or more): organization-level; mission/business process-level; system-level] system and information integrity policy that: (SI-1a.1., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 3 Controls)
Policy [Assignment: organization-defined frequency] and following [Assignment: organization-defined events]; and (SI-1c.1., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 3 Controls)
Is consistent with applicable laws, executive orders, directives, regulations, policies, standards, and guidelines; and (SI-1a.1(b), Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 3 Controls)
A system and information integrity policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (SI-1a.1. Low Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
A system and information integrity policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (SI-1a.1. Moderate Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
A system and information integrity policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (SI-1a.1. High Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
System and information integrity policy [Assignment: organization-defined frequency]; and (SI-1b.1. Low Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
System and information integrity policy [Assignment: organization-defined frequency]; and (SI-1b.1. Moderate Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
System and information integrity policy [Assignment: organization-defined frequency]; and (SI-1b.1. High Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
A system and information integrity policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (SI-1a.1., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Revision 4)
System and information integrity policy [Assignment: organization-defined frequency]; and (SI-1b.1., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Revision 4)
A system and information integrity policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (SI-1a.1., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Low Impact Baseline, Revision 4)
System and information integrity policy [Assignment: organization-defined frequency]; and (SI-1b.1., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Low Impact Baseline, Revision 4)
A system and information integrity policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (SI-1a.1., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Revision 4)
System and information integrity policy [Assignment: organization-defined frequency]; and (SI-1b.1., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Revision 4)
A system and information integrity policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (SI-1a.1., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Revision 4)
System and information integrity policy [Assignment: organization-defined frequency]; and (SI-1b.1., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Revision 4)
[Selection (one or more): organization-level; mission/business process-level; system-level] system and information integrity policy that: (SI-1a.1., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
Policy [Assignment: organization-defined frequency] and following [Assignment: organization-defined events]; and (SI-1c.1., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
Is consistent with applicable laws, executive orders, directives, regulations, policies, standards, and guidelines; and (SI-1a.1(b), Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
A system and information integrity policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (SI-1a.1., Supply Chain Risk Management Practices for Federal Information Systems and Organizations, NIST Special Publication 800-161, April 2015)
System and information integrity policy [Assignment: organization-defined frequency]; and (SI-1b.1., Supply Chain Risk Management Practices for Federal Information Systems and Organizations, NIST Special Publication 800-161, April 2015)
A system and information integrity policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (SI-1a.1., TX-RAMP Security Controls Baseline Level 1)
System and communications protection policy [TX-RAMP Assignment: at least every 3 years]; and (SC-1b.1., TX-RAMP Security Controls Baseline Level 1)
System and information integrity policy [TX-RAMP Assignment: at least every 3 years]; and (SI-1b.1., TX-RAMP Security Controls Baseline Level 1)
A system and information integrity policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (SI-1a.1., TX-RAMP Security Controls Baseline Level 2)
System and communications protection policy [TX-RAMP Assignment: at least every 3 years]; and (SC-1b.1., TX-RAMP Security Controls Baseline Level 2)
System and information integrity policy [TX-RAMP Assignment: at least every 3 years]; and (SI-1b.1., TX-RAMP Security Controls Baseline Level 2)