PL-02 System Security Plan
Control: The organization develops and implements a security plan for the information system that provides an overview of the security requirements for the system and a description of the security controls in place or planned for meeting those requirements. Designated officials within the organization review and approve the plan.
Supplemental Guidance: The security plan is aligned with the organization’s information system architecture and information security architecture. NIST Special Publication 800-18 provides guidance on security planning.
Control Enhancements: (0) None.
Baseline: LOW PL-2 MOD PL-2 HIGH PL-2
ISO 17799 mapping: 6.1
COBIT 4.1 mapping: PO1.4, DS5.2
PCI-DSS v2 mapping: 12.1