💼 PL-8 INFORMATION SECURITY ARCHITECTURE
- ID:
/frameworks/nist-sp-800-53-r4/pl/08
Stats​
not available
Description​
The organization: PL-8a. Develops an information security architecture for the information system that: PL-8a.1. Describes the overall philosophy, requirements, and approach to be taken with regard to protecting the confidentiality, integrity, and availability of organizational information; PL-8a.2. Describes how the information security architecture is integrated into and supports the enterprise architecture; and PL-8a.3. Describes any information security assumptions about, and dependencies on, external services; PL-8b. Reviews and updates the information security architecture [Assignment: organization-defined frequency] to reflect updates in the enterprise architecture; and PL-8c. Ensures that planned information security architecture changes are reflected in the security plan, the security Concept of Operations (CONOPS), and organizational procurements/acquisitions.
Similar​
- Internal
- ID:
dec-c-a3fe7bbe
- ID:
Similar Sections (Give Policies To)​
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| 💼 NIST CSF v1.1 → 💼 ID.AM-3: Organizational communication and data flows are mapped | 4 | 8 | no data | ||
| 💼 NIST CSF v1.1 → 💼 PR.IP-2: A System Development Life Cycle to manage systems is implemented | 6 | 9 | no data | ||
| 💼 NIST CSF v1.1 → 💼 PR.PT-5: Mechanisms (e.g., failsafe, load balancing, hot swap) are implemented to achieve resilience requirements in normal and adverse situations | 3 | 4 | no data |
Sub Sections​
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| 💼 PL-8 (1) DEFENSE-IN-DEPTH | no data | ||||
| 💼 PL-8 (2) SUPPLIER DIVERSITY | no data |