STIGs RMF Controls Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
RMF Controls
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 5 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← All Controls

PL-2

PlanningRev 3

System Security and Privacy Plans

CCI Identifiers (27)

CCI-000573Review the plans in accordance with organization-defined frequency.CCI-000570The organization develops a security plan for the information system that is consistent with the organization's enterprise architecture; explicitly defines the authorization boundary for the system; describes the operational context of the information system in terms of mission and business processes; provides the security category and impact level of the information system, including supporting rationale; describes the operational environment for the information system; describes relationships with, or connections to, other information systems; provides an overview of the security requirements for the system; and describes the security controls in place or planned for meeting those requirements, including a rationale for the tailoring and supplemental decisions.CCI-000571Develop security and privacy plans for the system that are reviewed and approved by the authorizing official or designated representative prior to plan implementation.CCI-000572Defines the frequency for reviewing the plans for the system.CCI-000574Update the plans to address changes to the system and environment of operation or problems identified during plan implementation or control assessments.CCI-003049Develop security and privacy plans for the system.CCI-003050Develop security and privacy plans for the system that are consistent with the organization's enterprise architecture.CCI-003051Develop security and privacy plans for the system that explicitly defines the authorization boundary for the system.CCI-003052Develop security and privacy plans for the system that describes the operational context of the system in terms of missions and business processes.CCI-003053Develop security and privacy plans for the system that provide the security categorization of the system, including supporting rationale.CCI-003054Develop security and privacy plans for the system that describe the operational environment for the system and any dependencies on or connections to, other systems or system components.CCI-003055Develop security and privacy plans for the system that provide an overview of the security and privacy requirements for the system.CCI-003056Develop security and privacy plans for the system that identify any relevant control baselines or overlays, if applicable.CCI-003057Develop security and privacy plans for the system that describe the controls in place or planned for meeting the security and privacy requirements, including a rationale for any tailoring decisions.CCI-003058The organization distributes copies of the security plan to organization-defined personnel or roles.deprecated CCI-003059Distribute copies of the plans to organization-defined personnel or roles.CCI-003060Defines the personnel or roles to whom copies of the plans are distributed.CCI-003061Communicate subsequent changes to the plans to organization-defined personnel or roles.CCI-003062Defines the personnel or roles to whom changes to the plans are communicated.CCI-003063Protect the plans from unauthorized disclosure.CCI-003064Protect the plans from unauthorized modification.CCI-004278Develop security and privacy plans for the system that identify the individuals that fulfill system roles and responsibilities.CCI-004279Develop security and privacy plans for the system that identify the information types processed, stored, and transmitted by the system.CCI-004280Develop security and privacy plans for the system that describe any specific threats to the system that are of concern to the organization.CCI-004281Develop security and privacy plans for the system that provide the results of a privacy risk assessment for the systems processing personally identifiable information.CCI-004282Develop security and privacy plans for the system that include risk determinations for security and privacy architecture and design decisions.CCI-004283Develop security and privacy plans for the system that include security- and privacy-related activities affecting the system that require planning and coordination with organization-defined individuals or groups.

Linked STIG Checks (0)

No STIG checks reference this control.