Skip to main content

πŸ’Ό PL-8 INFORMATION SECURITY ARCHITECTURE

  • Contextual name: πŸ’Ό PL-8 INFORMATION SECURITY ARCHITECTURE
  • ID: /frameworks/nist-sp-800-53-r4/pl/08
  • Located in: πŸ’Ό PL PLANNING

Description​

The organization: PL-8a. Develops an information security architecture for the information system that: PL-8a.1. Describes the overall philosophy, requirements, and approach to be taken with regard to protecting the confidentiality, integrity, and availability of organizational information; PL-8a.2. Describes how the information security architecture is integrated into and supports the enterprise architecture; and PL-8a.3. Describes any information security assumptions about, and dependencies on, external services; PL-8b. Reviews and updates the information security architecture [Assignment: organization-defined frequency] to reflect updates in the enterprise architecture; and PL-8c. Ensures that planned information security architecture changes are reflected in the security plan, the security Concept of Operations (CONOPS), and organizational procurements/acquisitions.

Similar​

  • Internal
    • ID: dec-c-a3fe7bbe

Similar Sections (Give Policies To)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό ID.AM-3: Organizational communication and data flows are mapped33
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό PR.IP-2: A System Development Life Cycle to manage systems is implemented66
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό PR.PT-5: Mechanisms (e.g., failsafe, load balancing, hot swap) are implemented to achieve resilience requirements in normal and adverse situations44

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό PL-8 (1) DEFENSE-IN-DEPTH
πŸ’Ό PL-8 (2) SUPPLIER DIVERSITY