IAO-03: System Security & Privacy Plan (SSPP)

IAO-03 · System Security & Privacy Plan (SSPP)

Control Description

Mechanisms exist to generate System Security & Privacy Plans (SSPPs), or similar document repositories, to identify and maintain key architectural information on each critical Technology Assets, Applications and/or Services (TAAS), as well as influence inputs, entities and TAAS, providing a historical record of the data and its origins.

Control Question

Assessment question for control validation

Does the organization generate System Security & Privacy Plans (SSPPs), or similar document repositories, to identify and maintain key architectural information on each critical Technology Assets, Applications and/or Services (TAAS), as well as influence inputs, entities and TAAS, providing a historical record of the data and its origins?

Control Weighting

Validation Cadence

Annual

NIST CSF Function

Identify

Supply Chain Risk Management (SCRM) Tiers

Applicable SCRM tier levels for this control

Tier 3 - Tactical

Core Control Designations

Special designations and baseline inclusions

MAD: IAO-03

ESP Level 1: IAO-03

ESP Level 2: IAO-03

ESP Level 3: IAO-03

AI Model: IAO-03

Additional Metadata

Applicability (Process):

Errata & Additional Notes

- wordsmithed control