myctrl.tools
Compare

PM-8Critical Infrastructure Plan

PRIVACY

>Control Description

Address information security and privacy issues in the development, documentation, and updating of a critical infrastructure and key resources protection plan.

>Cross-Framework Mappings

SCF

BCD-01
Compare
CPL-01
Compare

>Supplemental Guidance

Protection strategies are based on the prioritization of critical assets and resources. The requirement and guidance for defining critical infrastructure and key resources and for preparing an associated critical infrastructure protection plan are found in applicable laws, executive orders, directives, policies, regulations, standards, and guidelines.

>Related Controls

CP-2
CP-4
PE-18
PL-2
PM-9
PM-11
PM-18
RA-3
SI-12

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What is the process for assessing and managing critical infrastructure and key resources?
  • How does the organization identify systems and components that are critical to mission operations?
  • Who is responsible for overseeing critical infrastructure protection?
  • How are critical infrastructure risks assessed and mitigated?
  • What governance exists for coordinating critical infrastructure protection with continuity planning and incident response?

Technical Implementation:

  • How are critical systems and components identified and tracked?
  • What enhanced monitoring or protection technologies are deployed for critical infrastructure?
  • How are dependencies and interdependencies of critical systems documented?
  • What special security controls are technically implemented for critical infrastructure?

Evidence & Documentation:

  • Provide critical infrastructure and key resource identification documentation.
  • Provide criticality assessments for identified systems.
  • Provide evidence of enhanced protections for critical infrastructure.
  • Provide records of critical infrastructure risk assessments and mitigation.

Ask AI

Configure your API key to use AI features.