💼 Information Protection Processes and Procedures (PR.IP)

• ID: /frameworks/nist-csf-v1.1/pr-ip

Description

Security policies (that address purpose, scope, roles, responsibilities, management commitment, and coordination among organizational entities), processes, and procedures are maintained and used to manage protection of information systems and assets.

Similar

• Internal
  • ID: dec-b-d064a5fc

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 PR.IP-1: A baseline configuration of information technology/industrial control systems is created and maintained incorporating security principles (e.g. concept of least functionality)		4	26		no data
💼 PR.IP-2: A System Development Life Cycle to manage systems is implemented		6	9		no data
💼 PR.IP-3: Configuration change control processes are in place		5	5		no data
💼 PR.IP-4: Backups of information are conducted, maintained, and tested		4	8		no data
💼 PR.IP-5: Policy and regulations regarding the physical operating environment for organizational assets are met					no data
💼 PR.IP-6: Data is destroyed according to policy			5		no data
💼 PR.IP-7: Protection processes are improved			2		no data
💼 PR.IP-8: Effectiveness of protection technologies is shared		6	7		no data
💼 PR.IP-9: Response plans (Incident Response and Business Continuity) and recovery plans (Incident Recovery and Disaster Recovery) are in place and managed		3	3		no data
💼 PR.IP-10: Response and recovery plans are tested		1	1		no data
💼 PR.IP-11: Cybersecurity is included in human resources practices (e.g., deprovisioning, personnel screening)					no data
💼 PR.IP-12: A vulnerability management plan is developed and implemented		7	9		no data