Security and Privacy Controls for Information Systems and Organizations

PROGRAM MANAGEMENT

The PROGRAM MANAGEMENT Playbook addresses the following areas:

  • Information Security Program Plan
  • Information Security Program Leadership Role
  • Information Security and Privacy Resources
  • Plan of Action and Milestones Process
  • System Inventory
  • Measures of Performance
  • Enterprise Architecture
  • Critical Infrastructure Plan
  • Risk Management Strategy
  • Authorization Process
  • Mission and Business Process Definition
  • Insider Threat Program
  • Security and Privacy Workforce
  • Testing, Training, and Monitoring
  • Security and Privacy Groups and Associations
  • Threat Awareness Program
  • Protecting Controlled Unclassified Information on External Systems
  • Privacy Program Plan
  • Privacy Program Leadership Role
  • Dissemination of Privacy Program Information
  • Accounting of Disclosures
  • Personally Identifiable Information Quality Management
  • Data Governance Body
  • Data Integrity Board
  • Minimization of Personally Identifiable Information Used in Testing, Training, and Research
  • Complaint Management
  • Privacy Reporting
  • Risk Framing
  • Risk Management Program Leadership Roles
  • Supply Chain Risk Management Strategy
  • Continuous Monitoring Strategy
  • Purposing

The PROGRAM MANAGEMENT Playbook is included in the Security and Privacy Controls for Information Systems and Organizations (NIST 80-53) Library which has been developed by the U.S. Department of Commerce's  National Institute of Standards and Technology (NIST).  It establishes controls for systems and organizations. The controls can be implemented within any organization or system that processes, stores, or transmits information.  

Back (Small2)