PL-06 Security-Related Activity Planning

    Control: The organization plans and coordinates security-related activities affecting the information system before conducting such activities in order to reduce the impact on organizational operations (i.e., mission, functions, image, and reputation), organizational assets, and individuals.

    Supplemental Guidance: Routine security-related activities include, but are not limited to, security assessments, audits, system hardware and software maintenance, security certifications, and testing/exercises. Organizational advance planning and coordination includes both emergency and non-emergency (i.e., routine) situations.

    Control Enhancements: (0) None.

    Baseline: LOW Not Selected MOD PL-6 HIGH PL-6

    Family: Planning

    Class: Management

    ISO 17799 mapping: 15.3.1

    COBIT 4.1 mapping: None.

    PCI-DSS v2 mapping: None.