💼 PL-8 Security and Privacy Architectures (L)(M)(H)
- ID:
/frameworks/fedramp-moderate-security-controls/pl/08
Description
a. Develop security and privacy architectures for the system that:
-
Describe the requirements and approach to be taken for protecting the confidentiality, integrity, and availability of organizational information;
-
Describe the requirements and approach to be taken for processing personally identifiable information to minimize privacy risk to individuals;
-
Describe how the architectures are integrated into and support the enterprise architecture; and
-
Describe any assumptions about, and dependencies on, external systems and services;
b. Review and update the architectures [FedRAMP Assignment: at least annually and when
a significant change occurs] to reflect changes in the enterprise architecture; and
c. Reflect planned architecture changes in security and privacy plans, Concept of Operations (CONOPS), criticality analysis, organizational procedures, and procurements and acquisitions.
PL-8 Additional FedRAMP Requirements and Guidance:
(b) Guidance: Significant change is defined in NIST Special Publication 800-37 Revision 2, Appendix F.
Similar
- Sections
/frameworks/fedramp-high-security-controls/pl/08
- Internal
- ID:
dec-c-17fda47f
- ID:
Similar Sections (Take Policies From)
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| 💼 FedRAMP High Security Controls → 💼 PL-8 Security and Privacy Architectures (L)(M)(H) | 3 | no data |
Sub Sections
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|
Policies (3)
| Policy | Logic Count | Flags | Compliance |
|---|---|---|---|
| 🛡️ Google API Key is not restricted for unused APIs🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google API Key is not rotated every 90 days🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google Project has API Keys🟢 | 1 | 🟠 x1, 🟢 x5 | no data |