Establish, implement, and maintain planning procedures.
CONTROL ID 14698
CONTROL TYPE Establish/Maintain Documentation
CLASSIFICATION Preventive
SUPPORTING AND SUPPORTED CONTROLS
This Control directly supports the implied Control(s):
Establish, implement, and maintain a planning policy., CC ID: 14673
This Control has the following implementation support Control(s):
Disseminate and communicate the planning procedures to interested personnel and affected parties., CC ID: 14704
SELECTED AUTHORITY DOCUMENTS COMPLIED WITH
Participation of senior management by supporting AIO activities, confirming that those activities are in the IT strategic plan, reviewing the strategic planning process, and incorporating changes. (App A Objective 2:5a, FFIEC Information Technology Examination Handbook - Architecture, Infrastructure, and Operations, June 2021)
Procedures to facilitate the implementation of the planning policy and the associated planning controls; (PL-1a.2., FedRAMP Security Controls High Baseline, Version 5)
Procedures [FedRAMP Assignment: at least annually] and following [FedRAMP Assignment: significant changes]. (PL-1c.2., FedRAMP Security Controls High Baseline, Version 5)
Procedures to facilitate the implementation of the planning policy and the associated planning controls; (PL-1a.2., FedRAMP Security Controls Low Baseline, Version 5)
Procedures [FedRAMP Assignment: at least annually] and following [FedRAMP Assignment: significant changes]. (PL-1c.2., FedRAMP Security Controls Low Baseline, Version 5)
Procedures to facilitate the implementation of the planning policy and the associated planning controls; (PL-1a.2., FedRAMP Security Controls Moderate Baseline, Version 5)
Procedures [FedRAMP Assignment: at least annually] and following [FedRAMP Assignment: significant changes]. (PL-1c.2., FedRAMP Security Controls Moderate Baseline, Version 5)
Procedures to facilitate the implementation of the planning policy and the associated planning controls; (PL-1a.2., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, High Impact Baseline, October 2020)
Procedures [Assignment: organization-defined frequency] and following [Assignment: organization-defined events]. (PL-1c.2., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, High Impact Baseline, October 2020)
Procedures to facilitate the implementation of the planning policy and the associated planning controls; (PL-1a.2., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Low Impact Baseline, October 2020)
Procedures [Assignment: organization-defined frequency] and following [Assignment: organization-defined events]. (PL-1c.2., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Low Impact Baseline, October 2020)
Procedures [Assignment: organization-defined frequency] and following [Assignment: organization-defined events]. (PL-1c.2., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Moderate Impact Baseline, October 2020)
Procedures to facilitate the implementation of the planning policy and the associated planning controls; (PL-1a.2., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Moderate Impact Baseline, October 2020)
Procedures [Assignment: organization-defined frequency] and following [Assignment: organization-defined events]. (PL-1c.2., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Privacy Control Baseline, October 2020)
Procedures to facilitate the implementation of the planning policy and the associated planning controls; (PL-1a.2., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Privacy Control Baseline, October 2020)
Procedures to facilitate the implementation of the planning policy and the associated planning controls; (PL-1a.2., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Baseline Controls)
Procedures [Assignment: organization-defined frequency] and following [Assignment: organization-defined events]. (PL-1c.2., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Baseline Controls)
Procedures to facilitate the implementation of the planning policy and the associated planning controls; (PL-1a.2., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 2 Controls)
Procedures [Assignment: organization-defined frequency] and following [Assignment: organization-defined events]. (PL-1c.2., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 2 Controls)
Procedures to facilitate the implementation of the planning policy and the associated planning controls; (PL-1a.2., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
Procedures [Assignment: organization-defined frequency] and following [Assignment: organization-defined events]. (PL-1c.2., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
Procedures to facilitate the implementation of the planning policy and the associated planning controls; (PL-1a.2., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5.1.1)
Procedures [Assignment: organization-defined frequency] and following [Assignment: organization-defined events]. (PL-1c.2., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5.1.1)