Develop security and privacy plans for the system that describe the controls in place or planned for meeting the security and privacy requirements, including a rationale for any tailoring decisions.
No STIG checks reference this CCI.