PL-2(3): Plan / Coordinate With Other Organizational Entities

Control Family:

Planning

Parent Control:

PL-2: System Security Plan

Priority:

P1: Implement P1 security controls first.

CSF v1.1 References:

PR.IP-7

Baselines:

Moderate
High

Control is withdrawn in the next version of this control set and incorporated into: PL-2: System Security and Privacy Plans.

Control Statement

The organization plans and coordinates security-related activities affecting the information system with [Assignment: organization-defined individuals or groups] before conducting such activities in order to reduce the impact on other organizational entities.

Supplemental Guidance

Security-related activities include, for example, security assessments, audits, hardware and software maintenance, patch management, and contingency plan testing. Advance planning and coordination includes emergency and nonemergency (i.e., planned or nonurgent unplanned) situations. The process defined by organizations to plan and coordinate security-related activities can be included in security plans for information systems or other documents, as appropriate.