Back

Establish, implement, and maintain planning procedures.


CONTROL ID
14698
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain a planning policy., CC ID: 14673

This Control has the following implementation support Control(s):
  • Disseminate and communicate the planning procedures to interested personnel and affected parties., CC ID: 14704


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • Participation of senior management by supporting AIO activities, confirming that those activities are in the IT strategic plan, reviewing the strategic planning process, and incorporating changes. (App A Objective 2:5a, FFIEC Information Technology Examination Handbook - Architecture, Infrastructure, and Operations, June 2021)
  • Procedures to facilitate the implementation of the planning policy and the associated planning controls; (PL-1a.2., FedRAMP Security Controls High Baseline, Version 5)
  • Procedures [FedRAMP Assignment: at least annually] and following [FedRAMP Assignment: significant changes]. (PL-1c.2., FedRAMP Security Controls High Baseline, Version 5)
  • Procedures to facilitate the implementation of the planning policy and the associated planning controls; (PL-1a.2., FedRAMP Security Controls Low Baseline, Version 5)
  • Procedures [FedRAMP Assignment: at least annually] and following [FedRAMP Assignment: significant changes]. (PL-1c.2., FedRAMP Security Controls Low Baseline, Version 5)
  • Procedures to facilitate the implementation of the planning policy and the associated planning controls; (PL-1a.2., FedRAMP Security Controls Moderate Baseline, Version 5)
  • Procedures [FedRAMP Assignment: at least annually] and following [FedRAMP Assignment: significant changes]. (PL-1c.2., FedRAMP Security Controls Moderate Baseline, Version 5)
  • Procedures to facilitate the implementation of the planning policy and the associated planning controls; (PL-1a.2., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, High Impact Baseline, October 2020)
  • Procedures [Assignment: organization-defined frequency] and following [Assignment: organization-defined events]. (PL-1c.2., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, High Impact Baseline, October 2020)
  • Procedures to facilitate the implementation of the planning policy and the associated planning controls; (PL-1a.2., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Low Impact Baseline, October 2020)
  • Procedures [Assignment: organization-defined frequency] and following [Assignment: organization-defined events]. (PL-1c.2., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Low Impact Baseline, October 2020)
  • Procedures [Assignment: organization-defined frequency] and following [Assignment: organization-defined events]. (PL-1c.2., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Moderate Impact Baseline, October 2020)
  • Procedures to facilitate the implementation of the planning policy and the associated planning controls; (PL-1a.2., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Moderate Impact Baseline, October 2020)
  • Procedures [Assignment: organization-defined frequency] and following [Assignment: organization-defined events]. (PL-1c.2., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Privacy Control Baseline, October 2020)
  • Procedures to facilitate the implementation of the planning policy and the associated planning controls; (PL-1a.2., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Privacy Control Baseline, October 2020)
  • Procedures to facilitate the implementation of the planning policy and the associated planning controls; (PL-1a.2., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Baseline Controls)
  • Procedures [Assignment: organization-defined frequency] and following [Assignment: organization-defined events]. (PL-1c.2., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Baseline Controls)
  • Procedures to facilitate the implementation of the planning policy and the associated planning controls; (PL-1a.2., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 2 Controls)
  • Procedures [Assignment: organization-defined frequency] and following [Assignment: organization-defined events]. (PL-1c.2., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 2 Controls)
  • Procedures to facilitate the implementation of the planning policy and the associated planning controls; (PL-1a.2., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
  • Procedures [Assignment: organization-defined frequency] and following [Assignment: organization-defined events]. (PL-1c.2., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
  • Procedures to facilitate the implementation of the planning policy and the associated planning controls; (PL-1a.2., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5.1.1)
  • Procedures [Assignment: organization-defined frequency] and following [Assignment: organization-defined events]. (PL-1c.2., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5.1.1)