PM-08-727 Critical Infrastructure Plan

Critical Infrastructure Plan

PM-08-727
Critical Infrastructure Plan
Program Management
Identify
Enterprise Security Policy, Standards and Guidelines, Security Oversight and Governance
NOT SELECTED
P1
No
Management does not have a documented critical infrastructure plan.
The organization addresses information security issues in the development, documentation, and updating of a critical infrastructure and key resources protection plan.
The organization has documented and established an enterprise infrastructure model with consideration to information security.
State implementation of this standard is incorporated into TAC 202.
Obtain Information security program policy; critical infrastructure protection policy; procedures addressing critical infrastructure plan development and implementation; procedures addressing critical infrastructure plan reviews and updates; records of critical infrastructure plan reviews and updates; other relevant documents or records and ascertain if: (I) the organization develops and documents a critical infrastructure and key resource protection plan; (ii) the organization updates the critical infrastructure and key resource protection plan; and (iii) the organization addresses information security issues in the critical infrastructure and key resource protection plan.