Introduction

Introduction to the Policies and Plans Package

The 4PS: Policies, Plans, Procedures, Standards, and Practices

Policies

Policy Overview

Overarching Information Security Policy

Acceptable Use Policy

Access Control Policy

Audit and Situational Awareness Policy

Awareness and Training Policy

Configuration Management Policy

Data Governance and Protection Policy

Identification and Authentication Policy

Incident Response Policy

Information Security Risk Management Policy

Maintenance Policy

Personnel Security Policy

Physical Protection Policy

Recovery Policy

Systems Integrity and Protection Policy

Plans

Audit and Accountability Plan (AAP)

Configuration Management Plan (CMP)

Controlled Unclassified Information Management Plan (CUIMP)

Incident Response Plan (IRP)

Risk Management Plan (RMP)

System Security Plan (SSP)

Vulnerability Management Plan (VMP)

Procedures

Standards (a.k.a., Organization-Defined Parameters (ODP))

NIST SP 800-53 Revision 5 & ODPs

ODPs and NIST SP 800-171

Implementing ODPs

Risk Management Plan (RMP)