https://www.limswiki.org/index.php?action=history&feed=atom&title=Template%3ACybersecurity%2FPlanning 2026-04-26T04:02:39Z Revision history for this page on the wiki MediaWiki 1.36.1 https://www.limswiki.org/index.php?title=Template:Cybersecurity/Planning&diff=37123&oldid=prev 2019-12-13T23:08:32Z

<p>Created as needed.</p> <p><b>New page</b></p><div>====PL-1 Security planning policy and procedures====<br /> This control recommends the organization develop, document, disseminate, review, and update security planning policies and procedures. It asks organizations to not only address the purpose, scope, roles, responsibilities, and enforcement of security planning action but also to address how those policies and procedures will be implemented, reviewed, and updated. <br /> <br /> '''Additional resources''':<br /> * [https://csrc.nist.gov/publications/detail/sp/800-12/rev-1/final NIST Special Publications 800-12, Rev. 1], page 67<br /> * [https://csrc.nist.gov/publications/detail/sp/800-18/rev-1/final NIST Special Publications 800-18, Rev. 1]<br /> * [https://csrc.nist.gov/publications/detail/sp/800-100/final NIST Special Publications 800-100], pages 67–77<br /> * [https://www.limswiki.org/index.php/LII:LIMSpec/Maintaining_Laboratory_Workflow_and_Operations#7._Document_management LIMSpec 7.1, 7.2]<br /> <br /> ====PL-2 System security plan====<br /> This control recommends the organization develop, distribute, review, update, and protect a security plan for its information system. The plan should take into consideration the organization's enterprise architecture and the organizations business and cybersecurity goals, defining the logical and physical boundaries of the system based on the architecture and goals. The operational environment, classification of the system's data, security configuration requirements, and necessary and proposed security controls should also be addressed. The plan should be reviewed and approved by designated personnel.<br /> <br /> '''Additional resources''':<br /> * [https://csrc.nist.gov/publications/detail/sp/800-18/rev-1/final NIST Special Publications 800-18, Rev. 1]<br /> * No LIMSpec comp (organizational policy rather than system specification)<br /> <br /> ====PL-4 Rules of behavior====<br /> This control recommends the organization establish a set of baseline rules of behavior that address organizational expectations and personal responsibilities of users accessing the system. Each individual should sign an acknowledgment that they have read, understand, and agree to abide by the rules of behavior. Those baseline rules should be reviewed at a designated frequency, and if updates are made, the affected individuals should be required to read, understand, and sign acknowledgement of the revised rules.<br /> <br /> '''Additional resources''':<br /> * [https://csrc.nist.gov/publications/detail/sp/800-18/rev-1/final NIST Special Publications 800-18, Rev. 1]<br /> * No LIMSpec comp (organizational policy rather than system specification)</div>

Shawndouglas