Information Security Program Plan

class

Management

family

Program Management

number

PM-1

priority

P1

impact

LOW_MODERATE_HIGH

The organization: Develops and disseminates an organization-wide information security program plan that: - Provides an overview of the requirements for the security program and a description of the security program management controls and common controls in place or planned for meeting those requirements; - Provides sufficient information about the program management controls and common controls (including specification of parameters for any assignment and selection operations either explicitly or by reference) to enable an implementation that is unambiguously compliant with the intent of the plan and a determination of the risk to be incurred if the plan is implemented as intended; - Includes roles, responsibilities, management commitment, coordination among organizational entities, and compliance; - Is approved by a senior official with responsibility and accountability for the risk being incurred to organizational operations (including mission, functions, image, and reputation), organizational assets, individuals, other organizations, and the Nation; Reviews the organization-wide information security program plan [ Assignment: organization-defined frequency ]; and Revises the plan to address organizational changes and problems identified during plan implementation or security control assessments.

Comments