Back

Establish, implement, and maintain security planning procedures.


CONTROL ID
14060
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS




This Control directly supports the implied Control(s):
  • Establish, implement, and maintain a security planning policy., CC ID: 14027

This Control has the following implementation support Control(s):
  • Disseminate and communicate the security planning procedures to interested personnel and affected parties., CC ID: 14135


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH




  • Procedures to facilitate the implementation of the security planning policy and associated security planning controls; and (PL-1a.2., StateRAMP Security Controls Baseline Summary Category 1, Version 1.1)
  • Security planning procedures [Assignment: organization-defined frequency]. (PL-1b.2., StateRAMP Security Controls Baseline Summary Category 1, Version 1.1)
  • Procedures to facilitate the implementation of the security planning policy and associated security planning controls; and (PL-1a.2., StateRAMP Security Controls Baseline Summary Category 2, Version 1.1)
  • Security planning procedures [Assignment: organization-defined frequency]. (PL-1b.2., StateRAMP Security Controls Baseline Summary Category 2, Version 1.1)
  • Procedures to facilitate the implementation of the security planning policy and associated security planning controls; and (PL-1a.2., StateRAMP Security Controls Baseline Summary Category 3, Version 1.1)
  • Security planning procedures [Assignment: organization-defined frequency]. (PL-1b.2., StateRAMP Security Controls Baseline Summary Category 3, Version 1.1)
  • Procedures to facilitate the implementation of the security planning policy and associated security planning controls; and (PL-1a.2., StateRAMP Security Controls Baseline Summary High Sensitivity Level, Version 1.1)
  • Security planning procedures [Assignment: organization-defined frequency]. (PL-1b.2., StateRAMP Security Controls Baseline Summary High Sensitivity Level, Version 1.1)
  • Procedures to facilitate the implementation of the security planning policy and associated security planning controls; and (PL-1a.2. High Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • Security planning procedures [FedRAMP Assignment: at least annually or whenever a significant change occurs]. (PL-1b.2. High Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • Security planning procedures [FedRAMP Assignment: at least annually]. (PL-1b.2. Moderate Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • Procedures to facilitate the implementation of the security planning policy and associated security planning controls; and (PL-1a.2. Low Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • Security planning procedures [FedRAMP Assignment: at least annually]. (PL-1b.2. Low Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • Procedures to facilitate the implementation of the security planning policy and associated security planning controls; and (PL-1a.2. Moderate Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • Procedures to facilitate the implementation of the security planning policy and associated security planning controls; and (PL-1a.2. High Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • Procedures to facilitate the implementation of the security planning policy and associated security planning controls; and (PL-1a.2. Low Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • Procedures to facilitate the implementation of the security planning policy and associated security planning controls; and (PL-1a.2. Moderate Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • Security planning procedures [Assignment: organization-defined frequency]. (PL-1b.2. Low Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • Security planning procedures [Assignment: organization-defined frequency]. (PL-1b.2. Moderate Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • Security planning procedures [Assignment: organization-defined frequency]. (PL-1b.2. High Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • Procedures to facilitate the implementation of the security planning policy and associated security planning controls; and (PL-1a.2., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Revision 4)
  • Security planning procedures [Assignment: organization-defined frequency]. (PL-1b.2., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Revision 4)
  • Procedures to facilitate the implementation of the security planning policy and associated security planning controls; and (PL-1a.2., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Low Impact Baseline, Revision 4)
  • Security planning procedures [Assignment: organization-defined frequency]. (PL-1b.2., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Low Impact Baseline, Revision 4)
  • Procedures to facilitate the implementation of the security planning policy and associated security planning controls; and (PL-1a.2., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Revision 4)
  • Security planning procedures [Assignment: organization-defined frequency]. (PL-1b.2., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Revision 4)
  • Procedures to facilitate the implementation of the security planning policy and associated security planning controls; and (PL-1a.2., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Revision 4)
  • Security planning procedures [Assignment: organization-defined frequency]. (PL-1b.2., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Revision 4)
  • Procedures to facilitate the implementation of the security planning policy and associated security planning controls; and (PL-1a.2., Supply Chain Risk Management Practices for Federal Information Systems and Organizations, NIST Special Publication 800-161, April 2015)
  • Security planning procedures [Assignment: organization-defined frequency]. (PL-1b.2., Supply Chain Risk Management Practices for Federal Information Systems and Organizations, NIST Special Publication 800-161, April 2015)
  • Document the company's security-related policies and procedures, to include, but not limited to, methodologies used and timelines established for conducting criticality assessments, risk assessments, and security vulnerability assessments (SVAs), if applicable; (3.1 ΒΆ 1 Bullet 2, Pipeline Security Guidelines)
  • Procedures to facilitate the implementation of the security planning policy and associated security planning controls; and (PL-1a.2., TX-RAMP Security Controls Baseline Level 1)
  • Security planning procedures [TX-RAMP Assignment: at least annually]. (PL-1b.2., TX-RAMP Security Controls Baseline Level 1)
  • Procedures to facilitate the implementation of the security planning policy and associated security planning controls; and (PL-1a.2., TX-RAMP Security Controls Baseline Level 2)
  • Security planning procedures [TX-RAMP Assignment: at least annually]. (PL-1b.2., TX-RAMP Security Controls Baseline Level 2)