💼 PL-8 Security and Privacy Architectures

Description

a. Develop security and privacy architectures for the system that:

Describe the requirements and approach to be taken for protecting the confidentiality, integrity, and availability of organizational information;
Describe the requirements and approach to be taken for processing personally identifiable information to minimize privacy risk to individuals;
Describe how the architectures are integrated into and support the enterprise architecture; and
Describe any assumptions about, and dependencies on, external systems and services; b. Review and update the architectures [Assignment: organization-defined frequency] to reflect changes in the enterprise architecture; and c. Reflect planned architecture changes in security and privacy plans, Concept of Operations (CONOPS), criticality analysis, organizational procedures, and procurements and acquisitions.

Section	Sub Sections	Internal Rules	Policies	Flags
💼 FedRAMP High Security Controls → 💼 PL-8 Security and Privacy Architectures (L)(M)(H)			3
💼 FedRAMP Low Security Controls → 💼 PL-8 Security and Privacy Architectures (L)(M)(H)			3
💼 NIST CSF v2.0 → 💼 ID.AM-03: Representations of the organization's authorized network communication and internal and external network data flows are maintained			48

Section	Sub Sections	Internal Rules	Policies	Flags
💼 PL-8(1) Security and Privacy Architectures _ Defense in Depth
💼 PL-8(2) Security and Privacy Architectures _ Supplier Diversity

Policy	Logic Count	Flags
📝 Google API Key is not restricted for unused APIs 🟢	1	🟢 x6
📝 Google API Key is not rotated every 90 days 🟢	1	🟢 x6
📝 Google Project has API Keys 🟢	1	🟠 x1, 🟢 x5