Description
The organization develops and implements a security plan for the information system that provides an overview of the security requirements for the system and a description of the security controls in place or planned for meeting those requirements. Designated officials within the organization review and approve the plan.\n
Supplemental Guidance
The security plan is aligned with the organization’s information system architecture and information security architecture. NIST Special Publication 800-18 provides guidance on security planning.\n
Changes from Rev 4
Title changed from 'System Security Plan' Adds requirements to identify individuals and information types; adds requirement to describe specific threats; adds requirement to provide results of privacy risk assessment for systems processing PII Numerous changes to control text wording New parameter for specifying individuals or groups for coordination Discussion significantly expanded; reference to CNSSI No. 1253 removed Incorporates withdrawn control PL-2(3)
Enhancements
(0) None.\n