CCI-003075

CCI-003075 Definition

Develop security architectures for the system that describe any assumptions about, and dependencies on, external systems and services.

Status
Type	CheckType.policy

The controls below (if any) were marked by NIST as being related to CCI-003075.

Control	Description
PL-8	The organization: a: Develops an information security architecture for the information system that: 1: Describes the overall philosophy, requirements, and approach to be taken with regard to protecting the confidentiality, integrity, and availability of organizational information; 2: Describes how the information security architecture is integrated into and supports the enterprise architecture; and 3: Describes any information security assumptions about, and dependencies on, external services; b: Reviews and updates the information security architecture [one of ] to reflect updates in the enterprise architecture; and c: Ensures that planned information security architecture changes are reflected in the security plan, the security Concept of Operations (CONOPS), and organizational procurements/acquisitions.

Control

Description

a: Develops an information security architecture for the information system that:
- 1: Describes the overall philosophy, requirements, and approach to be taken with regard to protecting the confidentiality, integrity, and availability of organizational information;
- 2: Describes how the information security architecture is integrated into and supports the enterprise architecture; and
- 3: Describes any information security assumptions about, and dependencies on, external services;

b: Reviews and updates the information security architecture [one of ] to reflect updates in the enterprise architecture; and

c: Ensures that planned information security architecture changes are reflected in the security plan, the security Concept of Operations (CONOPS), and organizational procurements/acquisitions.