{ "$TMF_VERSION": "1.4", "PublicationDateTime": "2021-04-26T00:00:00.000Z", "Description": "Profile of requirements corresponding to all supplemental security controls in NIST Special Publication 800-53, r4, under the control family of Program Management.", "Keywords": [ "800-53", "NIST", "Program Management", "Security", "Supplemental" ], "Issuer": { "Identifier": "https://trustmarkinitiative.org/", "PrimaryContact": { "Email": "help@trustmarkinitiative.org", "Telephone": "555-555-5555", "Kind": "PRIMARY", "WebsiteURL": "https://trustmarkinitiative.org/", "Responder": "" }, "Name": "TMI" }, "Sources": [{ "Identifier": "SP800-53R4", "Reference": "NIST Special Publication 800-53 Revision 4, Security and Privacy Controls for Federal Information Systems and Organizations, National Institute of Standards and Technology, April 2013 (Includes updates as of 01-15-2014). Available at http://dx.doi.org/10.6028/NIST.SP.800-53r4<\/a>.", "$id": "source-2112165102" }], "Name": "NIST SP 800-53 r4 - Security Control Family: Program Management - Supplemental Controls", "TrustExpression": "TIP_NISTSP80053r4SecurityControlPM1InformationSecurityProgramPlan and TIP_NISTSP80053r4SecurityControlPM2SeniorInformationSecurityOfficer and TIP_NISTSP80053r4SecurityControlPM3InformationSecurityResources and TIP_NISTSP80053r4SecurityControlPM4PlanofActionandMilestonesProcess and TIP_NISTSP80053r4SecurityControlPM5InformationSystemInventory and TIP_NISTSP80053r4SecurityControlPM6InformationSecurityMeasuresofPerformance and TIP_NISTSP80053r4SecurityControlPM7EnterpriseArchitecture and TIP_NISTSP80053r4SecurityControlPM8CriticalInfrastructurePlan and TIP_NISTSP80053r4SecurityControlPM9RiskManagementStrategy and TIP_NISTSP80053r4SecurityControlPM10SecurityAuthorizationProcess and TIP_NISTSP80053r4SecurityControlPM11MissionBusinessProcessDefinition and TIP_NISTSP80053r4SecurityControlPM12InsiderThreatProgram and TIP_NISTSP80053r4SecurityControlPM13InformationSecurityWorkforce and TIP_NISTSP80053r4SecurityControlPM14TestingTrainingandMonitoring and TIP_NISTSP80053r4SecurityControlPM15ContactswithSecurityGroupsandAssociations and TIP_NISTSP80053r4SecurityControlPM16ThreatAwarenessProgram", "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tips/nist-sp-800-53-r4---security-control-family_-program-management---supplemental-controls/4/", "Version": "4", "References": {"TrustInteroperabilityProfileReferences": [ { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tips/nist-sp-800-53-r4-security-control-pm-1_-information-security-program-plan/4/", "Description": "Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control PM-1: Information Security Program Plan.", "Number": 1, "Version": "4", "$Type": "TrustInteroperabilityProfileReference", "Name": "NIST SP 800-53 r4 Security Control PM-1: Information Security Program Plan", "$id": "TIP_NISTSP80053r4SecurityControlPM1InformationSecurityProgramPlan" }, { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tips/nist-sp-800-53-r4-security-control-pm-2_-senior-information-security-officer/4/", "Description": "Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control PM-2: Senior Information Security Officer.", "Number": 2, "Version": "4", "$Type": "TrustInteroperabilityProfileReference", "Name": "NIST SP 800-53 r4 Security Control PM-2: Senior Information Security Officer", "$id": "TIP_NISTSP80053r4SecurityControlPM2SeniorInformationSecurityOfficer" }, { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tips/nist-sp-800-53-r4-security-control-pm-3_-information-security-resources/4/", "Description": "Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control PM-3: Information Security Resources.", "Number": 3, "Version": "4", "$Type": "TrustInteroperabilityProfileReference", "Name": "NIST SP 800-53 r4 Security Control PM-3: Information Security Resources", "$id": "TIP_NISTSP80053r4SecurityControlPM3InformationSecurityResources" }, { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tips/nist-sp-800-53-r4-security-control-pm-4_-plan-of-action-and-milestones-process/4/", "Description": "Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control PM-4: Plan of Action and Milestones Process.", "Number": 4, "Version": "4", "$Type": "TrustInteroperabilityProfileReference", "Name": "NIST SP 800-53 r4 Security Control PM-4: Plan of Action and Milestones Process", "$id": "TIP_NISTSP80053r4SecurityControlPM4PlanofActionandMilestonesProcess" }, { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tips/nist-sp-800-53-r4-security-control-pm-5_-information-system-inventory/4/", "Description": "Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control PM-5: Information System Inventory.", "Number": 5, "Version": "4", "$Type": "TrustInteroperabilityProfileReference", "Name": "NIST SP 800-53 r4 Security Control PM-5: Information System Inventory", "$id": "TIP_NISTSP80053r4SecurityControlPM5InformationSystemInventory" }, { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tips/nist-sp-800-53-r4-security-control-pm-6_-information-security-measures-of-performance/4/", "Description": "Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control PM-6: Information Security Measures of Performance.", "Number": 6, "Version": "4", "$Type": "TrustInteroperabilityProfileReference", "Name": "NIST SP 800-53 r4 Security Control PM-6: Information Security Measures of Performance", "$id": "TIP_NISTSP80053r4SecurityControlPM6InformationSecurityMeasuresofPerformance" }, { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tips/nist-sp-800-53-r4-security-control-pm-7_-enterprise-architecture/4/", "Description": "Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control PM-7: Enterprise Architecture.", "Number": 7, "Version": "4", "$Type": "TrustInteroperabilityProfileReference", "Name": "NIST SP 800-53 r4 Security Control PM-7: Enterprise Architecture", "$id": "TIP_NISTSP80053r4SecurityControlPM7EnterpriseArchitecture" }, { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tips/nist-sp-800-53-r4-security-control-pm-8_-critical-infrastructure-plan/4/", "Description": "Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control PM-8: Critical Infrastructure Plan.", "Number": 8, "Version": "4", "$Type": "TrustInteroperabilityProfileReference", "Name": "NIST SP 800-53 r4 Security Control PM-8: Critical Infrastructure Plan", "$id": "TIP_NISTSP80053r4SecurityControlPM8CriticalInfrastructurePlan" }, { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tips/nist-sp-800-53-r4-security-control-pm-9_-risk-management-strategy/4/", "Description": "Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control PM-9: Risk Management Strategy.", "Number": 9, "Version": "4", "$Type": "TrustInteroperabilityProfileReference", "Name": "NIST SP 800-53 r4 Security Control PM-9: Risk Management Strategy", "$id": "TIP_NISTSP80053r4SecurityControlPM9RiskManagementStrategy" }, { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tips/nist-sp-800-53-r4-security-control-pm-10_-security-authorization-process/4/", "Description": "Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control PM-10: Security Authorization Process.", "Number": 10, "Version": "4", "$Type": "TrustInteroperabilityProfileReference", "Name": "NIST SP 800-53 r4 Security Control PM-10: Security Authorization Process", "$id": "TIP_NISTSP80053r4SecurityControlPM10SecurityAuthorizationProcess" }, { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tips/nist-sp-800-53-r4-security-control-pm-11_-mission_business-process-definition/4/", "Description": "Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control PM-11: Mission/Business Process Definition.", "Number": 11, "Version": "4", "$Type": "TrustInteroperabilityProfileReference", "Name": "NIST SP 800-53 r4 Security Control PM-11: Mission/Business Process Definition", "$id": "TIP_NISTSP80053r4SecurityControlPM11MissionBusinessProcessDefinition" }, { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tips/nist-sp-800-53-r4-security-control-pm-12_-insider-threat-program/4/", "Description": "Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control PM-12: Insider Threat Program.", "Number": 12, "Version": "4", "$Type": "TrustInteroperabilityProfileReference", "Name": "NIST SP 800-53 r4 Security Control PM-12: Insider Threat Program", "$id": "TIP_NISTSP80053r4SecurityControlPM12InsiderThreatProgram" }, { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tips/nist-sp-800-53-r4-security-control-pm-13_-information-security-workforce/4/", "Description": "Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control PM-13: Information Security Workforce.", "Number": 13, "Version": "4", "$Type": "TrustInteroperabilityProfileReference", "Name": "NIST SP 800-53 r4 Security Control PM-13: Information Security Workforce", "$id": "TIP_NISTSP80053r4SecurityControlPM13InformationSecurityWorkforce" }, { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tips/nist-sp-800-53-r4-security-control-pm-14_-testing_-training_-and-monitoring/4/", "Description": "Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control PM-14: Testing, Training, and Monitoring.", "Number": 14, "Version": "4", "$Type": "TrustInteroperabilityProfileReference", "Name": "NIST SP 800-53 r4 Security Control PM-14: Testing, Training, and Monitoring", "$id": "TIP_NISTSP80053r4SecurityControlPM14TestingTrainingandMonitoring" }, { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tips/nist-sp-800-53-r4-security-control-pm-15_-contacts-with-security-groups-and-associations/4/", "Description": "Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control PM-15: Contacts with Security Groups and Associations.", "Number": 15, "Version": "4", "$Type": "TrustInteroperabilityProfileReference", "Name": "NIST SP 800-53 r4 Security Control PM-15: Contacts with Security Groups and Associations", "$id": "TIP_NISTSP80053r4SecurityControlPM15ContactswithSecurityGroupsandAssociations" }, { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tips/nist-sp-800-53-r4-security-control-pm-16_-threat-awareness-program/4/", "Description": "Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control PM-16: Threat Awareness Program.", "Number": 16, "Version": "4", "$Type": "TrustInteroperabilityProfileReference", "Name": "NIST SP 800-53 r4 Security Control PM-16: Threat Awareness Program", "$id": "TIP_NISTSP80053r4SecurityControlPM16ThreatAwarenessProgram" } ]}, "Primary": "false", "LegalNotice": "This document and the information contained herein is provided on an \"AS IS\" basis, and the Georgia Tech Research Institute disclaims all warranties, express or implied, including but not limited to any warranty that the use of the information herein will not infringe any rights or any implied warranties or merchantability or fitness for a particular purpose. In addition, the Georgia Tech Research Institute disclaims legal liability for any loss incurred as a result of the use or reliance on the document or the information contained herein.", "$Type": "TrustInteroperabilityProfile" }