💼 PL-8 Security and Privacy Architectures (L)(M)(H)
- Contextual name: 💼 PL-8 Security and Privacy Architectures (L)(M)(H)
- ID:
/frameworks/fedramp-low-security-controls/pl/08 - Located in: 💼 Planning
Description
a. Develop security and privacy architectures for the system that:
-
Describe the requirements and approach to be taken for protecting the confidentiality, integrity, and availability of organizational information;
-
Describe the requirements and approach to be taken for processing personally identifiable information to minimize privacy risk to individuals;
-
Describe how the architectures are integrated into and support the enterprise architecture; and
-
Describe any assumptions about, and dependencies on, external systems and services;
b. Review and update the architectures [FedRAMP Assignment: at least annually and when
a significant change occurs] to reflect changes in the enterprise architecture; and
c. Reflect planned architecture changes in security and privacy plans, Concept of Operations (CONOPS), criticality analysis, organizational procedures, and procurements and acquisitions.
PL-8 Additional FedRAMP Requirements and Guidance:
(b) Guidance: Significant change is defined in NIST Special Publication 800-37 Revision 2, Appendix F.
Similar
- Sections
/frameworks/nist-sp-800-53-r5/pl/08/frameworks/fedramp-high-security-controls/pl/08
- Internal
- ID:
dec-c-17fda47f
- ID:
Similar Sections (Take Policies From)
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| 💼 FedRAMP High Security Controls → 💼 PL-8 Security and Privacy Architectures (L)(M)(H) | 3 | |||
| 💼 NIST SP 800-53 Revision 5 → 💼 PL-8 Security and Privacy Architectures | 2 | 3 |
Sub Sections
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|
Policies (3)
| Policy | Logic Count | Flags |
|---|---|---|
| 📝 Google API Key is not restricted for unused APIs 🟢 | 1 | 🟢 x6 |
| 📝 Google API Key is not rotated every 90 days 🟢 | 1 | 🟢 x6 |
| 📝 Google Project has API Keys 🟢 | 1 | 🟠 x1, 🟢 x5 |