https://artifacts.trustmarkinitiative.org/lib/tips/nist-sp-800-53-r4-security-control-pm-1_-information-security-program-plan/4/NIST SP 800-53 r4 Security Control PM-1: Information Security Program Plan4Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control PM-1: Information Security Program Plan.2021-04-26T00:00:00.000ZfalseThis document and the information contained herein is provided on an "AS IS" basis, and the Georgia Tech Research Institute disclaims all warranties, express or implied, including but not limited to any warranty that the use of the information herein will not infringe any rights or any implied warranties or merchantability or fitness for a particular purpose. In addition, the Georgia Tech Research Institute disclaims legal liability for any loss incurred as a result of the use or reliance on the document or the information contained herein.https://trustmarkinitiative.org/TMIPRIMARYhelp@trustmarkinitiative.org555-555-5555https://trustmarkinitiative.org/800-53Information Security Program PlanNISTProgram ManagementSecurityhttps://artifacts.trustmarkinitiative.org/lib/tds/information-security-program-plan---approval-of-risk---the-nation/1.0/1Information Security Program Plan - Approval of Risk - The Nation1.0Defines conformance and assessment criteria for verifying that an organization develops an organization-wide information security program plan that is approved by a senior official with responsibility and accountability for the risk being incurred to the Nation.https://artifacts.trustmarkinitiative.org/lib/tds/information-security-program-plan---development---identification-and-assignment-of-compliance/1.0/2Information Security Program Plan - Development - Identification and Assignment of Compliance1.0Defines conformance and assessment criteria for verifying that an organization develops an organization-wide information security program plan that includes the identification and assignment of compliance. .https://artifacts.trustmarkinitiative.org/lib/tds/information-security-program-plan---development---planned-management-controls/1.0/3Information Security Program Plan - Development - Planned Management Controls1.0Defines conformance and assessment criteria for verifying that an organization develops an organization-wide information security program plan that provides a description of the security program management controls planned for meeting the requirements of the information security program.https://artifacts.trustmarkinitiative.org/lib/tds/information-security-program-plan---approval-of-risk---organizational-operations/1.0/4Information Security Program Plan - Approval of Risk - Organizational Operations1.0Defines conformance and assessment criteria for verifying that an organization develops an organization-wide information security program plan that is approved by a senior official with responsibility and accountability for the risk being incurred to organizational operations.https://artifacts.trustmarkinitiative.org/lib/tds/information-security-program-plan---protection-from-modification/1.0/5Information Security Program Plan - Protection From Modification1.0Defines conformance and assessment criteria for verifying that an organization protects the information security program plan from unauthorized modification.https://artifacts.trustmarkinitiative.org/lib/tds/information-security-program-plan---development---requirements/1.0/6Information Security Program Plan - Development - Requirements1.0Defines conformance and assessment criteria for verifying that an organization develops an organization-wide information security program plan that provides an overview of the requirements for the security program.https://artifacts.trustmarkinitiative.org/lib/tds/information-security-program-plan---development---identification-and-assignment-of-roles/1.0/7Information Security Program Plan - Development - Identification and Assignment of Roles1.0Defines conformance and assessment criteria for verifying that an organization develops an organization-wide information security program plan that includes the identification and assignment of roles.https://artifacts.trustmarkinitiative.org/lib/tds/information-security-program-plan---updates-from-implementation/1.0/8Information Security Program Plan - Updates From Implementation1.0Defines conformance and assessment criteria for verifying that an organization updates the organization-wide information security plan to address organizational changes and problems identified during plan implementation.https://artifacts.trustmarkinitiative.org/lib/tds/information-security-program-plan---protection-from-disclosure/1.0/9Information Security Program Plan - Protection From Disclosure1.0Defines conformance and assessment criteria for verifying that an organization protects the information security program plan from unauthorized disclosure.https://artifacts.trustmarkinitiative.org/lib/tds/information-security-program-plan---reviews/1.0/10Information Security Program Plan - Reviews1.0Defines conformance and assessment criteria for verifying that an organization reviews the organization-wide information security program plan at an organization-defined frequency.https://artifacts.trustmarkinitiative.org/lib/tds/information-security-program-plan---development---management-controls-in-place/1.0/11Information Security Program Plan - Development - Management Controls In Place1.0Defines conformance and assessment criteria for verifying that an organization develops an organization-wide information security program plan that provides a description of the security program management controls in place for meeting the requirements of the information security program.https://artifacts.trustmarkinitiative.org/lib/tds/information-security-program-plan---reflects-coordination/1.0/12Information Security Program Plan - Reflects Coordination1.0Defines conformance and assessment criteria for verifying that an organization develops an organization-wide information security program plan that reflects coordination among organizational entities responsible for the different aspects of information security (i.e., technical, physical, personnel, cyber-physical).https://artifacts.trustmarkinitiative.org/lib/tds/information-security-program-plan---dissemination---requirements/1.0/13Information Security Program Plan - Dissemination - Requirements1.0Defines conformance and assessment criteria for verifying that an organization disseminates an organization-wide information security program plan.https://artifacts.trustmarkinitiative.org/lib/tds/information-security-program-plan---approval-of-risk---other-organizations/1.0/14Information Security Program Plan - Approval of Risk - Other Organizations1.0Defines conformance and assessment criteria for verifying that an organization develops an organization-wide information security program plan that is approved by a senior official with responsibility and accountability for the risk being incurred to other organizations.https://artifacts.trustmarkinitiative.org/lib/tds/information-security-program-plan---approval-of-risk---organizational-assets/1.0/15Information Security Program Plan - Approval of Risk - Organizational Assets1.0Defines conformance and assessment criteria for verifying that an organization develops an organization-wide information security program plan that is approved by a senior official with responsibility and accountability for the risk being incurred to organizational assets.https://artifacts.trustmarkinitiative.org/lib/tds/information-security-program-plan---development---identification-and-assignment-of-management-commitment/1.0/16Information Security Program Plan - Development - Identification and Assignment of Management Commitment1.0Defines conformance and assessment criteria for verifying that an organization develops an organization-wide information security program plan that includes the identification and assignment of management commitment.https://artifacts.trustmarkinitiative.org/lib/tds/information-security-program-plan---development---identification-and-assignment-of-responsibilities/1.0/17Information Security Program Plan - Development - Identification and Assignment of Responsibilities1.0Defines conformance and assessment criteria for verifying that an organization develops an organization-wide information security program plan that includes the identification and assignment of responsibilities.https://artifacts.trustmarkinitiative.org/lib/tds/information-security-program-plan---development---planned-common-controls/1.0/18Information Security Program Plan - Development - Planned Common Controls1.0Defines conformance and assessment criteria for verifying that an organization develops an organization-wide information security program plan that provides a description of the common controls planned for meeting the requirements of the information security program.https://artifacts.trustmarkinitiative.org/lib/tds/information-security-program-plan---updates-from-assessments/1.0/19Information Security Program Plan - Updates From Assessments1.0Defines conformance and assessment criteria for verifying that an organization updates the organization-wide information security plan to address organizational changes and problems identified during security control assessments.https://artifacts.trustmarkinitiative.org/lib/tds/information-security-program-plan---approval-of-risk---individuals/1.0/20Information Security Program Plan - Approval of Risk - Individuals1.0Defines conformance and assessment criteria for verifying that an organization develops an organization-wide information security program plan that is approved by a senior official with responsibility and accountability for the risk being incurred to individuals.https://artifacts.trustmarkinitiative.org/lib/tds/information-security-program-plan---development---common-controls-in-place/1.0/21Information Security Program Plan - Development - Common Controls In Place1.0Defines conformance and assessment criteria for verifying that an organization develops an organization-wide information security program plan that provides a description of the common controls in place for meeting the requirements of the information security program.https://artifacts.trustmarkinitiative.org/lib/tds/information-security-program-plan---development---identification-and-assignment-of-coordination/1.0/22Information Security Program Plan - Development - Identification and Assignment of Coordination1.0Defines conformance and assessment criteria for verifying that an organization develops an organization-wide information security program plan that includes the identification and assignment of coordination among organizational entities. .SP800-53R4NIST Special Publication 800-53 Revision 4, Security and Privacy Controls for Federal Information Systems and Organizations, National Institute of Standards and Technology, April 2013 (Includes updates as of 01-15-2014). Available at <a href="http://dx.doi.org/10.6028/NIST.SP.800-53r4">http://dx.doi.org/10.6028/NIST.SP.800-53r4</a>.