STIGhub
STIGs
RMF Controls
Compare
← All Controls
PM-1
Program Management
Rev 3
Information Security Program Plan
CCI Identifiers (17)
CCI-000023
The organization develops an organization-wide information security program plan that provides sufficient information about the program management controls and common controls (including specification of parameters for any assignment and selection operations either explicitly or by reference) to enable an implementation that is unambiguously compliant with the intent of the plan, and a determination of the risk to be incurred if the plan is implemented as intended.
CCI-000073
Develop an organization-wide information security program plan that provides an overview of the requirements for the security program and a description of the security program management controls and common controls in place or planned for meeting those requirements.
CCI-000074
Develop an organization-wide information security program plan that is approved by a senior official with responsibility and accountability for the risk being incurred to organizational operations (including mission, functions, image, and reputation), organizational assets, individuals, other organizations, and the Nation.
CCI-000075
Review and update the organization-wide information security program plan on an organization-defined frequency.
CCI-000076
Defines the frequency with which to review and update the organization-wide information security program plan.
CCI-000077
The organization updates the plan to address organizational changes and problems identified during plan implementation or security control assessments.
CCI-001543
The organization disseminates the most recent information security program plan to appropriate entities in the organization that includes roles, responsibilities, management commitment, coordination among organizational entities, and compliance.
CCI-001680
Develop an organization-wide information security program plan that includes the identification and assignment of roles, responsibilities, management commitment, coordination among organizational entities, and compliance.
CCI-002984
Develop an organization-wide information security program plan that reflects the coordination among organizational entities responsible for information security.
CCI-002985
Disseminate an organization-wide information security program plan that provides an overview of the requirements for the security program and a description of the security program management controls and common controls in place or planned for meeting those requirements.
CCI-002986
Disseminate an organization-wide information security program plan that includes the identification and assignment of roles, responsibilities, management commitment, coordination among organizational entities, and compliance.
CCI-002987
Disseminate an organization-wide information security plan that reflects the coordination among organizational entities responsible for information security.
CCI-002988
Disseminate an organization-wide information security program plan that is approved by a senior official with responsibility and accountability for the risk being incurred to organizational operations (including mission, functions, image, and reputation), organizational assets, individuals, other organizations, and the Nation.
CCI-002989
Protect the information security program plan from unauthorized disclosure.
CCI-002990
Protect the information security program plan from unauthorized modification.
CCI-004312
Review and update the organization-wide information security program plan following organization-defined events.
CCI-004313
Defines the events for reviewing and updating the organization-wide information security program plan.
Linked STIG Checks (0)
No STIG checks reference this control.