Appendix C: Security Policies and Procedures
This needs work that may have been completed elsewhere and nees to be moved into here.
MVP Key Points Include:
- Each -1 control should have
linksentries to the relevant plolicy and procedure documents
This is not normalized and is only for legacy conversion MVP
Target State Key points include:
- create a component for each policy document
- create a component for each procedure document
- attach each document as a back-matter/resource and link to the document from the component
- each -1 control has
by-componentsentries that cite the appropriate policy and procedure components
Policies and procedures are required by the first control in each NIST SP 800-53 control family, commonly refered to as the "dash one" or "-1 controls"