N
|
controlPL-2

System Security and Privacy Plans (PL-2)

Develop security and privacy plans for the system that: Distribute copies of the plans and communicate subsequent changes to the plans to [organization-defined]; Review the plans [organization-defined]; Update the plans to address changes to the system and environment of operation or problems identified during plan implementation or control assessments; and Protect the plans from unauthorized disclosure and modification.

Security Baselines

LOWMODERATEHIGH
planningsecurity-plan

Why These Connect

Baselined In3

This control is included in the linked security baseline (LOW, MODERATE, or HIGH).

Supports59

These related controls work together — a change to one may affect the others.

Enhances3

These enhancements add specific capabilities or refinements to the base control.

Related Controls(41)

AC-6Least Privilege (AC-6)
MH
AC-14Permitted Actions Without Identification or Authentication (AC-14)
LMH
AC-17Remote Access (AC-17)
LMH
AC-20Use of External Systems (AC-20)
LMH
CA-3Information Exchange (CA-3)
LMH
CA-7Continuous Monitoring (CA-7)
LMH
CM-9Configuration Management Plan (CM-9)
MH
CP-2Contingency Plan (CP-2)
LMH
CP-4Contingency Plan Testing (CP-4)
LMH
IR-4Incident Handling (IR-4)
LMH
IR-8Incident Response Plan (IR-8)
LMH
MA-4Nonlocal Maintenance (MA-4)
LMH
MP-4Media Storage (MP-4)
MH
MP-5Media Transport (MP-5)
MH
AC-2Account Management (AC-2)
LMH
CA-2Control Assessments (CA-2)
LMH
CM-13Data Action Mapping (CM-13)MA-5Maintenance Personnel (MA-5)
LMH
PL-7Concept of Operations (PL-7)PL-8Security and Privacy Architectures (PL-8)
MH
PL-10Baseline Selection (PL-10)
LMH
PL-11Baseline Tailoring (PL-11)
LMH
PM-1Information Security Program Plan (PM-1)PM-7Enterprise Architecture (PM-7)PM-8Critical Infrastructure Plan (PM-8)PM-9Risk Management Strategy (PM-9)PM-10Authorization Process (PM-10)PM-11Mission and Business Process Definition (PM-11)RA-3Risk Assessment (RA-3)
LMH
RA-8Privacy Impact Assessments (RA-8)RA-9Criticality Analysis (RA-9)
MH
SA-5System Documentation (SA-5)
LMH
SA-17Developer Security and Privacy Architecture and Design (SA-17)
H
SA-22Unsupported System Components (SA-22)
LMH
SI-12Information Management and Retention (SI-12)
LMH
SR-2Supply Chain Risk Management Plan (SR-2)
LMH
SR-4Provenance (SR-4)PM-31Continuous Monitoring Strategy (PM-31)PM-32Purposing (PM-32)PS-2Position Risk Designation (PS-2)
LMH
RA-2Security Categorization (RA-2)
LMH

Control Enhancements(3)

PL-2(1)Concept of Operations (PL-2(1))W
PL-2(2)Functional Architecture (PL-2(2))W
PL-2(3)Plan and Coordinate with Other Organizational Entities (PL-2(3))W

See Also

@SP 800-53 OverviewCompare Baselines