SC-01 Policy and Procedures
a. Develop, document, and disseminate to sc-1_prm_1:
1. sc-01_odp.03 system and communications protection policy that:
(a) Addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and
(b) Is consistent with applicable laws, executive orders, directives, regulations, policies, standards, and guidelines; and
2. Procedures to facilitate the implementation of the system and communications protection policy and the associated system and communications protection controls;
b. Designate an sc-01_odp.04 to manage the development, documentation, and dissemination of the system and communications protection policy and procedures; and
c. Review and update the current system and communications protection:
1. Policy sc-01_odp.05 and following sc-01_odp.06 ; and
2. Procedures sc-01_odp.07 and following sc-01_odp.08.
|sc-1_prm_1||organization-defined personnel or roles|
|sc-01_odp.01||personnel or roles|
|sc-01_odp.02||personnel or roles|
- OMB A-130 Office of Management and Budget Memorandum Circular A-130, *Managing Information as a Strategic Resource* , July 2016.
- SP 800-12 Nieles M, Pillitteri VY, Dempsey KL (2017) An Introduction to Information Security. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-12, Rev. 1.
- SP 800-100 Bowen P, Hash J, Wilson M (2006) Information Security Handbook: A Guide for Managers. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-100, Includes updates as of March 7, 2007.
Related controls 4
- PM-09 Risk Management Strategy L M H P
- PS-08 Personnel Sanctions L M H P
- SA-08 Security and Privacy Engineering Principles L M H P
- SI-12 Information Management and Retention L M H P