AAC-03: Information System Regulatory Mapping

Control Family:

CSF v1.1 References:

ID.AM-5
ID.GV-3
ID.RM-3
PR.IP-7
DE.DP-2

PF v1.0 References:

GV.PO-P5
GV.RM-P3
PR.PO-P5

Control Statement

Organizations shall create and maintain a control framework which captures standards, regulatory, legal, and statutory requirements relevant for their business needs. The control framework shall be reviewed at least annually to ensure changes that could affect the business processes are reflected.

Control Statement

Related Controls

NIST Special Publication 800-53 Revision 5

NIST Special Publication 800-53 Revision 4