💼 PL-2 System Security and Privacy Plans (L)(M)(H)

• Contextual name: 💼 PL-2 System Security and Privacy Plans (L)(M)(H)
• ID: /frameworks/fedramp-moderate-security-controls/pl/02
• Located in: 💼 Planning

Description

a. Develop security and privacy plans for the system that:

1. Are consistent with the organization's enterprise architecture;

2. Explicitly define the constituent system components;

3. Describe the operational context of the system in terms of mission and business processes;

4. Identify the individuals that fulfill system roles and responsibilities;

5. Identify the information types processed, stored, and transmitted by the system;

6. Provide the security categorization of the system, including supporting rationale;

7. Describe any specific threats to the system that are of concern to the organization;

8. Provide the results of a privacy risk assessment for systems processing personally identifiable information;

9. Describe the operational environment for the system and any dependencies on or connections to other systems or system components;

10. Provide an overview of the security and privacy requirements for the system;

11. Identify any relevant control baselines or overlays, if applicable;

12. Describe the controls in place or planned for meeting the security and privacy requirements, including a rationale for any tailoring decisions;

13. Include risk determinations for security and privacy architecture and design decisions;

14. Include security- and privacy-related activities affecting the system that require planning and coordination with [FedRAMP Assignment: to include chief privacy and ISSO and/or similar role or designees]; and

15. Are reviewed and approved by the authorizing official or designated representative prior to plan implementation.

b. Distribute copies of the plans and communicate subsequent changes to the plans to [FedRAMP Assignment: to include chief privacy and ISSO and/or similar role];

c. Review the plans [FedRAMP Assignment: at least annually];

d. Update the plans to address changes to the system and environment of operation or problems identified during plan implementation or control assessments; and

e. Protect the plans from unauthorized disclosure and modification.

Similar

• Sections
  • /frameworks/fedramp-high-security-controls/pl/02
• Internal
  • ID: dec-c-5a7498d8

Similar Sections (Take Policies From)

Section	Sub Sections	Internal Rules	Policies	Flags
💼 FedRAMP High Security Controls → 💼 PL-2 System Security and Privacy Plans (L)(M)(H)

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags