Navigate

CCI-000563

CCI-000563 Definition

The organization develops and documents a security planning policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

DoDI 8510.01 meets the requirements for a security planning policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance. DoD Components are automatically compliant with this CCI because they are covered by DoD level policy, DoDI 8510.01.

Validation Procedures

DoD Components are automatically compliant with this CCI because they are covered by DoD level policy, DoDI 8510.01.

Compelling Evidence

Automatically compliant per DoDI 8510.01.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-000563.

Control	Description
PL-1	The organization: PL-1a.: Develops, documents, and disseminates to [Assignment: organization-defined personnel or roles]: PL-1a.1.: A security planning policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and PL-1a.2.: Procedures to facilitate the implementation of the security planning policy and associated security planning controls; and PL-1b.: Reviews and updates the current: PL-1b.1.: Security planning policy [Assignment: organization-defined frequency]; and PL-1b.2.: Security planning procedures [Assignment: organization-defined frequency].

Control

Description

PL-1

The organization:

PL-1a.: Develops, documents, and disseminates to [Assignment: organization-defined personnel or roles]:
- PL-1a.1.: A security planning policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and
- PL-1a.2.: Procedures to facilitate the implementation of the security planning policy and associated security planning controls; and

PL-1b.: Reviews and updates the current:
- PL-1b.1.: Security planning policy [Assignment: organization-defined frequency]; and
- PL-1b.2.: Security planning procedures [Assignment: organization-defined frequency].