💼 PL-2 SYSTEM SECURITY PLAN
- Contextual name: 💼 PL-2 SYSTEM SECURITY PLAN
- ID:
/frameworks/nist-sp-800-53-r4/pl/02
- Located in: 💼 PL PLANNING
Description
The organization: PL-2a. Develops a security plan for the information system that: PL-2a.1. Is consistent with the organization???s enterprise architecture; PL-2a.2. Explicitly defines the authorization boundary for the system; PL-2a.3. Describes the operational context of the information system in terms of missions and business processes; PL-2a.4. Provides the security categorization of the information system including supporting rationale; PL-2a.5. Describes the operational environment for the information system and relationships with or connections to other information systems; PL-2a.6. Provides an overview of the security requirements for the system; PL-2a.7. Identifies any relevant overlays, if applicable; PL-2a.8. Describes the security controls in place or planned for meeting those requirements including a rationale for the tailoring decisions; and PL-2a.9. Is reviewed and approved by the authorizing official or designated representative prior to plan implementation; PL-2b. Distributes copies of the security plan and communicates subsequent changes to the plan to [Assignment: organization-defined personnel or roles]; PL-2c. Reviews the security plan for the information system [Assignment: organization-defined frequency]; PL-2d. Updates the plan to address changes to the information system/environment of operation or problems identified during plan implementation or security control assessments; and PL-2e. Protects the security plan from unauthorized disclosure and modification.
Similar
Similar Sections (Give Policies To)
Sub Sections
Policies (2)
Internal Rules
| Rule | Policies | Flags |
|---|
| ✉️ dec-x-bcae85fb | 2 | |