Establish, implement, and maintain security planning procedures.
CONTROL ID 14060
CONTROL TYPE Establish/Maintain Documentation
CLASSIFICATION Preventive
SUPPORTING AND SUPPORTED CONTROLS
This Control directly supports the implied Control(s):
Establish, implement, and maintain a security planning policy., CC ID: 14027
This Control has the following implementation support Control(s):
Disseminate and communicate the security planning procedures to interested personnel and affected parties., CC ID: 14135
SELECTED AUTHORITY DOCUMENTS COMPLIED WITH
Procedures to facilitate the implementation of the security planning policy and associated security planning controls; and (PL-1a.2., StateRAMP Security Controls Baseline Summary Category 1, Version 1.1)
Procedures to facilitate the implementation of the security planning policy and associated security planning controls; and (PL-1a.2., StateRAMP Security Controls Baseline Summary Category 2, Version 1.1)
Procedures to facilitate the implementation of the security planning policy and associated security planning controls; and (PL-1a.2., StateRAMP Security Controls Baseline Summary Category 3, Version 1.1)
Procedures to facilitate the implementation of the security planning policy and associated security planning controls; and (PL-1a.2., StateRAMP Security Controls Baseline Summary High Sensitivity Level, Version 1.1)
Security planning procedures [Assignment: organization-defined frequency]. (PL-1b.2., StateRAMP Security Controls Baseline Summary High Sensitivity Level, Version 1.1)
Procedures to facilitate the implementation of the security planning policy and associated security planning controls; and (PL-1a.2. High Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
Security planning procedures [FedRAMP Assignment: at least annually or whenever a significant change occurs]. (PL-1b.2. High Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
Security planning procedures [FedRAMP Assignment: at least annually]. (PL-1b.2. Moderate Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
Procedures to facilitate the implementation of the security planning policy and associated security planning controls; and (PL-1a.2. Low Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
Security planning procedures [FedRAMP Assignment: at least annually]. (PL-1b.2. Low Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
Procedures to facilitate the implementation of the security planning policy and associated security planning controls; and (PL-1a.2. Moderate Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
Procedures to facilitate the implementation of the security planning policy and associated security planning controls; and (PL-1a.2. High Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
Procedures to facilitate the implementation of the security planning policy and associated security planning controls; and (PL-1a.2. Low Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
Procedures to facilitate the implementation of the security planning policy and associated security planning controls; and (PL-1a.2. Moderate Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
Security planning procedures [Assignment: organization-defined frequency]. (PL-1b.2. Low Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
Security planning procedures [Assignment: organization-defined frequency]. (PL-1b.2. Moderate Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
Security planning procedures [Assignment: organization-defined frequency]. (PL-1b.2. High Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
Procedures to facilitate the implementation of the security planning policy and associated security planning controls; and (PL-1a.2., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Revision 4)
Security planning procedures [Assignment: organization-defined frequency]. (PL-1b.2., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Revision 4)
Procedures to facilitate the implementation of the security planning policy and associated security planning controls; and (PL-1a.2., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Low Impact Baseline, Revision 4)
Security planning procedures [Assignment: organization-defined frequency]. (PL-1b.2., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Low Impact Baseline, Revision 4)
Procedures to facilitate the implementation of the security planning policy and associated security planning controls; and (PL-1a.2., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Revision 4)
Security planning procedures [Assignment: organization-defined frequency]. (PL-1b.2., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Revision 4)
Procedures to facilitate the implementation of the security planning policy and associated security planning controls; and (PL-1a.2., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Revision 4)
Security planning procedures [Assignment: organization-defined frequency]. (PL-1b.2., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Revision 4)
Procedures to facilitate the implementation of the security planning policy and associated security planning controls; and (PL-1a.2., Supply Chain Risk Management Practices for Federal Information Systems and Organizations, NIST Special Publication 800-161, April 2015)
Security planning procedures [Assignment: organization-defined frequency]. (PL-1b.2., Supply Chain Risk Management Practices for Federal Information Systems and Organizations, NIST Special Publication 800-161, April 2015)
Document the company's security-related policies and procedures, to include, but not limited to, methodologies used and timelines established for conducting criticality assessments, risk assessments, and security vulnerability assessments (SVAs), if applicable; (3.1 ΒΆ 1 Bullet 2, Pipeline Security Guidelines)
Procedures to facilitate the implementation of the security planning policy and associated security planning controls; and (PL-1a.2., TX-RAMP Security Controls Baseline Level 1)
Security planning procedures [TX-RAMP Assignment: at least annually]. (PL-1b.2., TX-RAMP Security Controls Baseline Level 1)
Procedures to facilitate the implementation of the security planning policy and associated security planning controls; and (PL-1a.2., TX-RAMP Security Controls Baseline Level 2)
Security planning procedures [TX-RAMP Assignment: at least annually]. (PL-1b.2., TX-RAMP Security Controls Baseline Level 2)