💼 PM-1 Information Security Program Plan
- ID:
/frameworks/nist-sp-800-53-r5/pm/01
Description​
a. Develop and disseminate an organization-wide information security program plan that:
- Provides an overview of the requirements for the security program and a description of the security program management controls and common controls in place or planned for meeting those requirements;
- Includes the identification and assignment of roles, responsibilities, management commitment, coordination among organizational entities, and compliance;
- Reflects the coordination among organizational entities responsible for information security; and
- Is approved by a senior official with responsibility and accountability for the risk being incurred to organizational operations (including mission, functions, image, and reputation), organizational assets, individuals, other organizations, and the Nation;
b. Review and update the organization-wide information security program plan [Assignment: organization-defined frequency] and following [Assignment: organization-defined events]; and
c. Protect the information security program plan from unauthorized disclosure and modification.
Similar​
Similar Sections (Give Policies To)​
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|
| 💼 NIST CSF v2.0 → 💼 GV.OC-03: Legal, regulatory, and contractual requirements regarding cybersecurity - including privacy and civil liberties obligations - are understood and managed | | | 7 | | no data |
| 💼 NIST CSF v2.0 → 💼 GV.OV-01: Cybersecurity risk management strategy outcomes are reviewed to inform and adjust strategy and direction | | | 3 | | no data |
| 💼 NIST CSF v2.0 → 💼 GV.PO-01: Policy for managing cybersecurity risks is established based on organizational context, cybersecurity strategy, and priorities and is communicated and enforced | | | 3 | | no data |
| 💼 NIST CSF v2.0 → 💼 GV.PO-02: Policy for managing cybersecurity risks is reviewed, updated, communicated, and enforced to reflect changes in requirements, threats, technology, and organizational mission | | | 3 | | no data |
| 💼 NIST CSF v2.0 → 💼 GV.SC-03: Cybersecurity supply chain risk management is integrated into cybersecurity and enterprise risk management, risk assessment, and improvement processes | | | 10 | | no data |
| 💼 NIST CSF v2.0 → 💼 ID.IM-01: Improvements are identified from evaluations | | | 26 | | no data |
| 💼 NIST CSF v2.0 → 💼 ID.IM-02: Improvements are identified from security tests and exercises, including those done in coordination with suppliers and relevant third parties | | | 40 | | no data |
| 💼 NIST CSF v2.0 → 💼 ID.IM-03: Improvements are identified from execution of operational processes, procedures, and activities | | | 41 | | no data |
Sub Sections​
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|