πΌ PL-8 Security and Privacy Architectures (L)(M)(H)
- Contextual name: πΌ PL-8 Security and Privacy Architectures (L)(M)(H)
- ID:
/frameworks/fedramp-moderate-security-controls/pl/08 - Located in: πΌ Planning
Descriptionβ
a. Develop security and privacy architectures for the system that:
-
Describe the requirements and approach to be taken for protecting the confidentiality, integrity, and availability of organizational information;
-
Describe the requirements and approach to be taken for processing personally identifiable information to minimize privacy risk to individuals;
-
Describe how the architectures are integrated into and support the enterprise architecture; and
-
Describe any assumptions about, and dependencies on, external systems and services;
b. Review and update the architectures [FedRAMP Assignment: at least annually and when
a significant change occurs] to reflect changes in the enterprise architecture; and
c. Reflect planned architecture changes in security and privacy plans, Concept of Operations (CONOPS), criticality analysis, organizational procedures, and procurements and acquisitions.
PL-8 Additional FedRAMP Requirements and Guidance:
(b) Guidance: Significant change is defined in NIST Special Publication 800-37 Revision 2, Appendix F.
Similarβ
- Sections
/frameworks/fedramp-high-security-controls/pl/08
- Internal
- ID:
dec-c-17fda47f
- ID:
Similar Sections (Take Policies From)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ FedRAMP High Security Controls β πΌ PL-8 Security and Privacy Architectures (L)(M)(H) |
Sub Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|