System Security Plan

class

Management

family

Planning

number

PL-2

priority

P1

impact

LOW_MODERATE_HIGH

The organization: Develops a security plan for the information system that: - Is consistent with the organizations enterprise architecture; - Explicitly defines the authorization boundary for the system; - Describes the operational context of the information system in terms of missions and business processes; - Provides the security categorization of the information system including supporting rationale; - Describes the operational environment for the information system; - Describes relationships with or connections to other information systems; - Provides an overview of the security requirements for the system; - Describes the security controls in place or planned for meeting those requirements including a rationale for the tailoring and supplementation decisions; and - Is reviewed and approved by the authorizing official or designated representative prior to plan implementation; Reviews the security plan for the information system [ Assignment: organization-defined frequency ]; and Updates the plan to address changes to the information system/environment of operation or problems identified during plan implementation or security control assessments.

Comments