Appendix C: Security Policies and Procedures
This needs work that may have been completed elsewhere and nees to be moved into here.
This needs MVP and Normalized content examples
MVP Key Points Include:
- Each -1 control should have
linksentries to the relevant plolicy and procedure documents
This is not normalized and is only for legacy conversion MVP
Target StateNormalized Key points include:
- attach each document as back-matter/
resourcesentries- From each component, add a
linksentry that references theresource(#uuid-value)
- From each component, add a
- create a component for each policy document
- create a component for each procedure document
attach each document as a back-matter/resource and link to the document from the component- each -1 control has
by-componentsentries that cite the appropriate policy and procedure components
Reference Components [need citation - there may be a page for document-type compnents ] and Attachments pages. Don't duplicate those explanations here.
Policies and procedures are required by the first control in each NIST SP 800-53 control family, commonly refered to as the "dash one" or "-1 controls"