CCI-003072

CCI-003072 Definition

Develop security architectures for the system.

Status
Type	CheckType.policy

The controls below (if any) were marked by NIST as being related to CCI-003072.

Control	Description
PL-8	The organization: a: Develops an information security architecture for the information system that: 1: Describes the overall philosophy, requirements, and approach to be taken with regard to protecting the confidentiality, integrity, and availability of organizational information; 2: Describes how the information security architecture is integrated into and supports the enterprise architecture; and 3: Describes any information security assumptions about, and dependencies on, external services; b: Reviews and updates the information security architecture [one of ] to reflect updates in the enterprise architecture; and c: Ensures that planned information security architecture changes are reflected in the security plan, the security Concept of Operations (CONOPS), and organizational procurements/acquisitions.

Control

Description

a: Develops an information security architecture for the information system that:
- 1: Describes the overall philosophy, requirements, and approach to be taken with regard to protecting the confidentiality, integrity, and availability of organizational information;
- 2: Describes how the information security architecture is integrated into and supports the enterprise architecture; and
- 3: Describes any information security assumptions about, and dependencies on, external services;

b: Reviews and updates the information security architecture [one of ] to reflect updates in the enterprise architecture; and

c: Ensures that planned information security architecture changes are reflected in the security plan, the security Concept of Operations (CONOPS), and organizational procurements/acquisitions.