Joint task force transformation initiative



Yüklə 5,64 Mb.
səhifə117/186
tarix08.01.2019
ölçüsü5,64 Mb.
#93199
1   ...   113   114   115   116   117   118   119   120   ...   186


PL-9 CENTRAL MANAGEMENT


Control: The organization centrally manages [Assignment: organization-defined security controls and related processes].

Supplemental Guidance: Central management refers to the organization-wide management and implementation of selected security controls and related processes. Central management includes planning, implementing, assessing, authorizing, and monitoring the organization-defined, centrally managed security controls and processes. As central management of security controls is generally associated with common controls, such management promotes and facilitates standardization of security control implementations and management and judicious use of organizational resources. Centrally-managed security controls and processes may also meet independence requirements for assessments in support of initial and ongoing authorizations to operate as part of organizational continuous monitoring. As part of the security control selection process, organizations determine which controls may be suitable for central management based on organizational resources and capabilities. Organizations consider that it may not always be possible to centrally manage every aspect of a security control. In such cases, the security control is treated as a hybrid control with the control managed and implemented either centrally or at the information system level. Controls and control enhancements that are candidates for full or partial central management include, but are not limited to: AC-2 (1) (2) (3) (4); AC-17 (1) (2) (3) (9); AC-18 (1) (3) (4) (5); AC-19 (4); AC-22; AC-23; AT-2 (1) (2); AT-3 (1) (2) (3); AT-4; AU-6 (1) (3) (5) (6) (9); AU-7 (1) (2); AU-11, AU-13, AU-16, CA-2 (1) (2) (3); CA-3 (1) (2) (3); CA-7 (1); CA-9; CM-2 (1) (2); CM-3 (1) (4); CM-4; CM-6 (1); CM-7 (4) (5); CM-8 (all); CM-9 (1); CM-10; CM-11; CP-7 (all); CP-8 (all); SC-43; SI-2; SI-3; SI-7; and SI-8.

Control Enhancements: None.

References: NIST Special Publication 800-37.

Priority and Baseline Allocation:

P0

LOW Not Selected

MOD Not Selected

HIGH Not Selected



FAMILY: PERSONNEL SECURITY

PS-1 PERSONNEL SECURITY POLICY AND PROCEDURES


Control: The organization:

  1. Develops, documents, and disseminates to [Assignment: organization-defined personnel or roles]:

  1. A personnel security policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and

  2. Procedures to facilitate the implementation of the personnel security policy and associated personnel security controls; and

  1. Reviews and updates the current:

  1. Personnel security policy [Assignment: organization-defined frequency]; and

  2. Personnel security procedures [Assignment: organization-defined frequency].

Supplemental Guidance: This control addresses the establishment of policy and procedures for the effective implementation of selected security controls and control enhancements in the PS family. Policy and procedures reflect applicable federal laws, Executive Orders, directives, regulations, policies, standards, and guidance. Security program policies and procedures at the organization level may make the need for system-specific policies and procedures unnecessary. The policy can be included as part of the general information security policy for organizations or conversely, can be represented by multiple policies reflecting the complex nature of certain organizations. The procedures can be established for the security program in general and for particular information systems, if needed. The organizational risk management strategy is a key factor in establishing policy and procedures. Related control: PM-9.

Control Enhancements: None.

References: NIST Special Publications 800-12, 800-100.

Priority and Baseline Allocation:

P1

LOW PS-1

MOD PS-1

HIGH PS-1


Yüklə 5,64 Mb.

Dostları ilə paylaş:
1   ...   113   114   115   116   117   118   119   120   ...   186




Verilənlər bazası müəlliflik hüququ ilə müdafiə olunur ©muhaz.org 2024
rəhbərliyinə müraciət

gir | qeydiyyatdan keç
    Ana səhifə


yükləyin