Skip to main content

πŸ’Ό PM-18 Privacy Program Plan

  • Contextual name: πŸ’Ό PM-18 Privacy Program Plan
  • ID: /frameworks/nist-sp-800-53-r5/pm/18
  • Located in: πŸ’Ό PM Program Management

Description​

a. Develop and disseminate an organization-wide privacy program plan that provides an overview of the agency’s privacy program, and:

  1. Includes a description of the structure of the privacy program and the resources dedicated to the privacy program;
  2. Provides an overview of the requirements for the privacy program and a description of the privacy program management controls and common controls in place or planned for meeting those requirements;
  3. Includes the role of the senior agency official for privacy and the identification and assignment of roles of other privacy officials and staff and their responsibilities;
  4. Describes management commitment, compliance, and the strategic goals and objectives of the privacy program;
  5. Reflects coordination among organizational entities responsible for the different aspects of privacy; and
  6. Is approved by a senior official with responsibility and accountability for the privacy risk being incurred to organizational operations (including mission, functions, image, and reputation), organizational assets, individuals, other organizations, and the Nation; and b. Update the plan [Assignment: organization-defined frequency] and to address changes in federal privacy laws and policy and organizational changes and problems identified during plan implementation or privacy control assessments.

Similar​

  • Internal
    • ID: dec-c-94c384f9

Similar Sections (Give Policies To)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό DE.AE-04: The estimated impact and scope of adverse events are understood14
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό GV.OC-02: Internal and external stakeholders are understood, and their needs and expectations regarding cybersecurity risk management are understood and considered7
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό GV.OV-01: Cybersecurity risk management strategy outcomes are reviewed to inform and adjust strategy and direction
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό GV.RM-06: A standardized method for calculating, documenting, categorizing, and prioritizing cybersecurity risks is established and communicated
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό GV.RM-07: Strategic opportunities (i.e., positive risks) are characterized and are included in organizational cybersecurity risk discussions
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό GV.SC-03: Cybersecurity supply chain risk management is integrated into cybersecurity and enterprise risk management, risk assessment, and improvement processes7
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό ID.RA-06: Risk responses are chosen, prioritized, planned, tracked, and communicated7

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlags