PL-06 Security-Related Activity Planning

Control: The organization plans and coordinates security-related activities affecting the information system before conducting such activities in order to reduce the impact on organizational operations (i.e., mission, functions, image, and reputation), organizational assets, and individuals.

Supplemental Guidance: Routine security-related activities include, but are not limited to, security assessments, audits, system hardware and software maintenance, security certifications, and testing/exercises. Organizational advance planning and coordination includes both emergency and non-emergency (i.e., routine) situations.

Control Enhancements: (0) None.

Baseline: LOW Not Selected MOD PL-6 HIGH PL-6

Family: Planning

Class: Management

ISO 17799 mapping: 15.3.1

COBIT 4.1 mapping: None.

PCI-DSS v2 mapping: None.