Embedded Files
This page is classified as INTERNAL.
NIST 800-53 (r4) Control:
The organization plans and coordinates security-related activities affecting the information system with [Assignment: organization-defined individuals or groups] before conducting such activities in order to reduce the impact on other organizational entities.
NIST 800-53 (r4) Supplemental Guidance:
Security-related activities include, for example, security assessments, audits, hardware and software maintenance, patch management, and contingency plan testing. Advance planning and coordination includes emergency and nonemergency (i.e., planned or nonurgent unplanned) situations. The process defined by organizations to plan and coordinate security-related activities can be included in security plans for information systems or other documents, as appropriate. Related controls: CP-4, IR-4.
References: NIST Special Publication 800-18.
NIST 800-53 (r5) Discussion: None
38North Guidance:
Meets Minimum Requirement:
Defines the individuals or groups with whom security-related activities are coordinated
Maintains a list of activities mapped to points of contact for each activity
Maintains meetings minutes, reports, or other correspondence showing that coordination occurred with the identified individuals or groups
Best Practice:
Security assessment and continuous monitoring activities should be coordinated with sponsoring agencies, if applicable
System maintenance activities should be coordinated with customers so as not to disrupt operations
All CSP teams with responsibility of implementing security controls should be involved in security assessments, contingency, and incident response testing.
External service providers may be involved in contingency or incident response testing
Coordination should be incorporated into the Configuration Management Plan and in Configuration Control Board Meetings
Unofficial FedRAMP Guidance: None
Assessment Evidence:
Meetings minutes, reports, or other correspondence showing that coordination occurred with the identified individuals or groups
CSP Implementation Tips:
Amazon Web Services (AWS): TBD
Microsoft Azure: TBD
Google Cloud Platform: TBD
Page updated
Report abuse