Back

Include roles and responsibilities in the security planning policy.


CONTROL ID
14128
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS




This Control directly supports the implied Control(s):
  • Establish, implement, and maintain a security planning policy., CC ID: 14027

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH




  • It is also necessary to establish a crime prevention organization based on operational organization and clearly assign a manager for each role division in order to minimize the impact of damage in case of a crime. (C11.1. ¶ 2, FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
  • Your organisation has established roles and responsibilities for the security of networks and information systems at all levels, with clear and well-understood channels for communicating and escalating risks. (A1.b ¶ 1, NCSC CAF guidance, 3.1)
  • A security planning policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (PL-1a.1., StateRAMP Security Controls Baseline Summary Category 1, Version 1.1)
  • A security planning policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (PL-1a.1., StateRAMP Security Controls Baseline Summary Category 2, Version 1.1)
  • A security planning policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (PL-1a.1., StateRAMP Security Controls Baseline Summary Category 3, Version 1.1)
  • A security planning policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (PL-1a.1., StateRAMP Security Controls Baseline Summary High Sensitivity Level, Version 1.1)
  • A security planning policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (PL-1a.1. High Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • A security planning policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (PL-1a.1. Low Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • A security planning policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (PL-1a.1. Moderate Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • A security planning policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (PL-1a.1. Low Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • A security planning policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (PL-1a.1. Moderate Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • A security planning policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (PL-1a.1. High Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • A security planning policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (PL-1a.1., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Revision 4)
  • A security planning policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (PL-1a.1., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Low Impact Baseline, Revision 4)
  • A security planning policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (PL-1a.1., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Revision 4)
  • A security planning policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (PL-1a.1., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Revision 4)
  • A security planning policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (PL-1a.1., Supply Chain Risk Management Practices for Federal Information Systems and Organizations, NIST Special Publication 800-161, April 2015)
  • A security planning policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (PL-1a.1., TX-RAMP Security Controls Baseline Level 1)
  • A security planning policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (PL-1a.1., TX-RAMP Security Controls Baseline Level 2)