{ "$TMF_VERSION": "1.4", "PublicationDateTime": "2021-04-26T00:00:00.000Z", "Description": "Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control PM-1: Information Security Program Plan.", "Keywords": [ "800-53", "Information Security Program Plan", "NIST", "Program Management", "Security" ], "Issuer": { "Identifier": "https://trustmarkinitiative.org/", "PrimaryContact": { "Email": "help@trustmarkinitiative.org", "Telephone": "555-555-5555", "Kind": "PRIMARY", "WebsiteURL": "https://trustmarkinitiative.org/", "Responder": "" }, "Name": "TMI" }, "Sources": [{ "Identifier": "SP800-53R4", "Reference": "NIST Special Publication 800-53 Revision 4, Security and Privacy Controls for Federal Information Systems and Organizations, National Institute of Standards and Technology, April 2013 (Includes updates as of 01-15-2014). Available at http://dx.doi.org/10.6028/NIST.SP.800-53r4<\/a>.", "$id": "source-2112165102" }], "Name": "NIST SP 800-53 r4 Security Control PM-1: Information Security Program Plan", "TrustExpression": "TD_ref1 and TD_ref2 and TD_ref3 and TD_ref4 and TD_ref5 and TD_ref6 and TD_ref7 and TD_ref8 and TD_ref9 and TD_ref10 and TD_ref11 and TD_ref12 and TD_ref13 and TD_ref14 and TD_ref15 and TD_ref16 and TD_ref17 and TD_ref18 and TD_ref19 and TD_ref20 and TD_ref21 and TD_ref22", "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tips/nist-sp-800-53-r4-security-control-pm-1_-information-security-program-plan/4/", "Version": "4", "References": {"TrustmarkDefinitionRequirements": [ { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/information-security-program-plan---approval-of-risk---the-nation/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization develops an organization-wide information security program plan that is approved by a senior official with responsibility and accountability for the risk being incurred to the Nation.", "Number": 1, "Version": "1.0", "TrustmarkDefinitionReference": { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/information-security-program-plan---approval-of-risk---the-nation/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization develops an organization-wide information security program plan that is approved by a senior official with responsibility and accountability for the risk being incurred to the Nation.", "Number": 1, "Version": "1.0", "Name": "Information Security Program Plan - Approval of Risk - The Nation" }, "$Type": "TrustmarkDefinitionRequirement", "Name": "Information Security Program Plan - Approval of Risk - The Nation", "$id": "TD_ref1" }, { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/information-security-program-plan---development---identification-and-assignment-of-compliance/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization develops an organization-wide information security program plan that includes the identification and assignment of compliance.\n.", "Number": 2, "Version": "1.0", "TrustmarkDefinitionReference": { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/information-security-program-plan---development---identification-and-assignment-of-compliance/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization develops an organization-wide information security program plan that includes the identification and assignment of compliance.\n.", "Number": 2, "Version": "1.0", "Name": "Information Security Program Plan - Development - Identification and Assignment of Compliance" }, "$Type": "TrustmarkDefinitionRequirement", "Name": "Information Security Program Plan - Development - Identification and Assignment of Compliance", "$id": "TD_ref2" }, { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/information-security-program-plan---development---planned-management-controls/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization develops an organization-wide information security program plan that provides a description of the security program management controls planned for meeting the requirements of the information security program.", "Number": 3, "Version": "1.0", "TrustmarkDefinitionReference": { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/information-security-program-plan---development---planned-management-controls/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization develops an organization-wide information security program plan that provides a description of the security program management controls planned for meeting the requirements of the information security program.", "Number": 3, "Version": "1.0", "Name": "Information Security Program Plan - Development - Planned Management Controls" }, "$Type": "TrustmarkDefinitionRequirement", "Name": "Information Security Program Plan - Development - Planned Management Controls", "$id": "TD_ref3" }, { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/information-security-program-plan---approval-of-risk---organizational-operations/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization develops an organization-wide information security program plan that is approved by a senior official with responsibility and accountability for the risk being incurred to organizational operations.", "Number": 4, "Version": "1.0", "TrustmarkDefinitionReference": { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/information-security-program-plan---approval-of-risk---organizational-operations/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization develops an organization-wide information security program plan that is approved by a senior official with responsibility and accountability for the risk being incurred to organizational operations.", "Number": 4, "Version": "1.0", "Name": "Information Security Program Plan - Approval of Risk - Organizational Operations" }, "$Type": "TrustmarkDefinitionRequirement", "Name": "Information Security Program Plan - Approval of Risk - Organizational Operations", "$id": "TD_ref4" }, { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/information-security-program-plan---protection-from-modification/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization protects the information security program plan from unauthorized modification.", "Number": 5, "Version": "1.0", "TrustmarkDefinitionReference": { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/information-security-program-plan---protection-from-modification/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization protects the information security program plan from unauthorized modification.", "Number": 5, "Version": "1.0", "Name": "Information Security Program Plan - Protection From Modification" }, "$Type": "TrustmarkDefinitionRequirement", "Name": "Information Security Program Plan - Protection From Modification", "$id": "TD_ref5" }, { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/information-security-program-plan---development---requirements/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization develops an organization-wide information security program plan that provides an overview of the requirements for the security program.", "Number": 6, "Version": "1.0", "TrustmarkDefinitionReference": { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/information-security-program-plan---development---requirements/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization develops an organization-wide information security program plan that provides an overview of the requirements for the security program.", "Number": 6, "Version": "1.0", "Name": "Information Security Program Plan - Development - Requirements" }, "$Type": "TrustmarkDefinitionRequirement", "Name": "Information Security Program Plan - Development - Requirements", "$id": "TD_ref6" }, { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/information-security-program-plan---development---identification-and-assignment-of-roles/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization develops an organization-wide information security program plan that includes the identification and assignment of roles.", "Number": 7, "Version": "1.0", "TrustmarkDefinitionReference": { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/information-security-program-plan---development---identification-and-assignment-of-roles/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization develops an organization-wide information security program plan that includes the identification and assignment of roles.", "Number": 7, "Version": "1.0", "Name": "Information Security Program Plan - Development - Identification and Assignment of Roles" }, "$Type": "TrustmarkDefinitionRequirement", "Name": "Information Security Program Plan - Development - Identification and Assignment of Roles", "$id": "TD_ref7" }, { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/information-security-program-plan---updates-from-implementation/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization updates the organization-wide information security plan to address organizational changes and problems identified during plan implementation.", "Number": 8, "Version": "1.0", "TrustmarkDefinitionReference": { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/information-security-program-plan---updates-from-implementation/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization updates the organization-wide information security plan to address organizational changes and problems identified during plan implementation.", "Number": 8, "Version": "1.0", "Name": "Information Security Program Plan - Updates From Implementation" }, "$Type": "TrustmarkDefinitionRequirement", "Name": "Information Security Program Plan - Updates From Implementation", "$id": "TD_ref8" }, { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/information-security-program-plan---protection-from-disclosure/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization protects the information security program plan from unauthorized disclosure.", "Number": 9, "Version": "1.0", "TrustmarkDefinitionReference": { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/information-security-program-plan---protection-from-disclosure/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization protects the information security program plan from unauthorized disclosure.", "Number": 9, "Version": "1.0", "Name": "Information Security Program Plan - Protection From Disclosure" }, "$Type": "TrustmarkDefinitionRequirement", "Name": "Information Security Program Plan - Protection From Disclosure", "$id": "TD_ref9" }, { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/information-security-program-plan---reviews/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization reviews the organization-wide information security program plan at an organization-defined frequency.", "Number": 10, "Version": "1.0", "TrustmarkDefinitionReference": { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/information-security-program-plan---reviews/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization reviews the organization-wide information security program plan at an organization-defined frequency.", "Number": 10, "Version": "1.0", "Name": "Information Security Program Plan - Reviews" }, "$Type": "TrustmarkDefinitionRequirement", "Name": "Information Security Program Plan - Reviews", "$id": "TD_ref10" }, { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/information-security-program-plan---development---management-controls-in-place/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization develops an organization-wide information security program plan that provides a description of the security program management controls in place for meeting the requirements of the information security program.", "Number": 11, "Version": "1.0", "TrustmarkDefinitionReference": { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/information-security-program-plan---development---management-controls-in-place/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization develops an organization-wide information security program plan that provides a description of the security program management controls in place for meeting the requirements of the information security program.", "Number": 11, "Version": "1.0", "Name": "Information Security Program Plan - Development - Management Controls In Place" }, "$Type": "TrustmarkDefinitionRequirement", "Name": "Information Security Program Plan - Development - Management Controls In Place", "$id": "TD_ref11" }, { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/information-security-program-plan---reflects-coordination/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization develops an organization-wide information security program plan that reflects coordination among organizational entities responsible for the different aspects of information security (i.e., technical, physical, personnel, cyber-physical).", "Number": 12, "Version": "1.0", "TrustmarkDefinitionReference": { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/information-security-program-plan---reflects-coordination/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization develops an organization-wide information security program plan that reflects coordination among organizational entities responsible for the different aspects of information security (i.e., technical, physical, personnel, cyber-physical).", "Number": 12, "Version": "1.0", "Name": "Information Security Program Plan - Reflects Coordination" }, "$Type": "TrustmarkDefinitionRequirement", "Name": "Information Security Program Plan - Reflects Coordination", "$id": "TD_ref12" }, { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/information-security-program-plan---dissemination---requirements/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization disseminates an organization-wide information security program plan.", "Number": 13, "Version": "1.0", "TrustmarkDefinitionReference": { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/information-security-program-plan---dissemination---requirements/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization disseminates an organization-wide information security program plan.", "Number": 13, "Version": "1.0", "Name": "Information Security Program Plan - Dissemination - Requirements" }, "$Type": "TrustmarkDefinitionRequirement", "Name": "Information Security Program Plan - Dissemination - Requirements", "$id": "TD_ref13" }, { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/information-security-program-plan---approval-of-risk---other-organizations/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization develops an organization-wide information security program plan that is approved by a senior official with responsibility and accountability for the risk being incurred to other organizations.", "Number": 14, "Version": "1.0", "TrustmarkDefinitionReference": { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/information-security-program-plan---approval-of-risk---other-organizations/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization develops an organization-wide information security program plan that is approved by a senior official with responsibility and accountability for the risk being incurred to other organizations.", "Number": 14, "Version": "1.0", "Name": "Information Security Program Plan - Approval of Risk - Other Organizations" }, "$Type": "TrustmarkDefinitionRequirement", "Name": "Information Security Program Plan - Approval of Risk - Other Organizations", "$id": "TD_ref14" }, { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/information-security-program-plan---approval-of-risk---organizational-assets/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization develops an organization-wide information security program plan that is approved by a senior official with responsibility and accountability for the risk being incurred to organizational assets.", "Number": 15, "Version": "1.0", "TrustmarkDefinitionReference": { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/information-security-program-plan---approval-of-risk---organizational-assets/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization develops an organization-wide information security program plan that is approved by a senior official with responsibility and accountability for the risk being incurred to organizational assets.", "Number": 15, "Version": "1.0", "Name": "Information Security Program Plan - Approval of Risk - Organizational Assets" }, "$Type": "TrustmarkDefinitionRequirement", "Name": "Information Security Program Plan - Approval of Risk - Organizational Assets", "$id": "TD_ref15" }, { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/information-security-program-plan---development---identification-and-assignment-of-management-commitment/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization develops an organization-wide information security program plan that includes the identification and assignment of management commitment.", "Number": 16, "Version": "1.0", "TrustmarkDefinitionReference": { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/information-security-program-plan---development---identification-and-assignment-of-management-commitment/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization develops an organization-wide information security program plan that includes the identification and assignment of management commitment.", "Number": 16, "Version": "1.0", "Name": "Information Security Program Plan - Development - Identification and Assignment of Management Commitment" }, "$Type": "TrustmarkDefinitionRequirement", "Name": "Information Security Program Plan - Development - Identification and Assignment of Management Commitment", "$id": "TD_ref16" }, { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/information-security-program-plan---development---identification-and-assignment-of-responsibilities/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization develops an organization-wide information security program plan that includes the identification and assignment of responsibilities.", "Number": 17, "Version": "1.0", "TrustmarkDefinitionReference": { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/information-security-program-plan---development---identification-and-assignment-of-responsibilities/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization develops an organization-wide information security program plan that includes the identification and assignment of responsibilities.", "Number": 17, "Version": "1.0", "Name": "Information Security Program Plan - Development - Identification and Assignment of Responsibilities" }, "$Type": "TrustmarkDefinitionRequirement", "Name": "Information Security Program Plan - Development - Identification and Assignment of Responsibilities", "$id": "TD_ref17" }, { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/information-security-program-plan---development---planned-common-controls/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization develops an organization-wide information security program plan that provides a description of the common controls planned for meeting the requirements of the information security program.", "Number": 18, "Version": "1.0", "TrustmarkDefinitionReference": { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/information-security-program-plan---development---planned-common-controls/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization develops an organization-wide information security program plan that provides a description of the common controls planned for meeting the requirements of the information security program.", "Number": 18, "Version": "1.0", "Name": "Information Security Program Plan - Development - Planned Common Controls" }, "$Type": "TrustmarkDefinitionRequirement", "Name": "Information Security Program Plan - Development - Planned Common Controls", "$id": "TD_ref18" }, { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/information-security-program-plan---updates-from-assessments/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization updates the organization-wide information security plan to address organizational changes and problems identified during security control assessments.", "Number": 19, "Version": "1.0", "TrustmarkDefinitionReference": { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/information-security-program-plan---updates-from-assessments/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization updates the organization-wide information security plan to address organizational changes and problems identified during security control assessments.", "Number": 19, "Version": "1.0", "Name": "Information Security Program Plan - Updates From Assessments" }, "$Type": "TrustmarkDefinitionRequirement", "Name": "Information Security Program Plan - Updates From Assessments", "$id": "TD_ref19" }, { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/information-security-program-plan---approval-of-risk---individuals/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization develops an organization-wide information security program plan that is approved by a senior official with responsibility and accountability for the risk being incurred to individuals.", "Number": 20, "Version": "1.0", "TrustmarkDefinitionReference": { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/information-security-program-plan---approval-of-risk---individuals/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization develops an organization-wide information security program plan that is approved by a senior official with responsibility and accountability for the risk being incurred to individuals.", "Number": 20, "Version": "1.0", "Name": "Information Security Program Plan - Approval of Risk - Individuals" }, "$Type": "TrustmarkDefinitionRequirement", "Name": "Information Security Program Plan - Approval of Risk - Individuals", "$id": "TD_ref20" }, { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/information-security-program-plan---development---common-controls-in-place/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization develops an organization-wide information security program plan that provides a description of the common controls in place for meeting the requirements of the information security program.", "Number": 21, "Version": "1.0", "TrustmarkDefinitionReference": { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/information-security-program-plan---development---common-controls-in-place/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization develops an organization-wide information security program plan that provides a description of the common controls in place for meeting the requirements of the information security program.", "Number": 21, "Version": "1.0", "Name": "Information Security Program Plan - Development - Common Controls In Place" }, "$Type": "TrustmarkDefinitionRequirement", "Name": "Information Security Program Plan - Development - Common Controls In Place", "$id": "TD_ref21" }, { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/information-security-program-plan---development---identification-and-assignment-of-coordination/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization develops an organization-wide information security program plan that includes the identification and assignment of coordination among organizational entities.\n.", "Number": 22, "Version": "1.0", "TrustmarkDefinitionReference": { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/information-security-program-plan---development---identification-and-assignment-of-coordination/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization develops an organization-wide information security program plan that includes the identification and assignment of coordination among organizational entities.\n.", "Number": 22, "Version": "1.0", "Name": "Information Security Program Plan - Development - Identification and Assignment of Coordination" }, "$Type": "TrustmarkDefinitionRequirement", "Name": "Information Security Program Plan - Development - Identification and Assignment of Coordination", "$id": "TD_ref22" } ]}, "Primary": "false", "LegalNotice": "This document and the information contained herein is provided on an \"AS IS\" basis, and the Georgia Tech Research Institute disclaims all warranties, express or implied, including but not limited to any warranty that the use of the information herein will not infringe any rights or any implied warranties or merchantability or fitness for a particular purpose. In addition, the Georgia Tech Research Institute disclaims legal liability for any loss incurred as a result of the use or reliance on the document or the information contained herein.", "$Type": "TrustInteroperabilityProfile" }