Appendix C: Security Policies and Procedures

~~This needs work that may have been completed elsewhere and nees to be moved into here. This needs MVP and Normalized content examples~~

~~MVP Key Points Include:~~

~~Each -1 control should have~~ links ~~entries to the relevant plolicy and procedure documents~~

~~This is not normalized and is only for legacy conversion MVP~~

~~Normalized Key points include:~~

~~attach each document as back-matter/~~resources ~~entries~~
- ~~From each component, add a~~ links ~~entry that references the~~ resource ~~(#uuid-value)~~

~~create a component for each policy document~~

~~create a component for each procedure document~~

~~each -1 control has~~ by-components ~~entries that cite the appropriate policy and procedure components~~

~~Reference Components [need citation - there may be a page for document-type compnents ] and~~See ~~Attachments~~Control ~~pages.~~Response: ~~Don't duplicate those explanations here.~~

Policies and ~~procedures are required by the first control in each NIST SP 800-53 control family, commonly refered to as the "dash one" or "-1 controls"~~Procedures.