Controls
This control aligns account management processes with personnel termination and transfer processes
AC-2.l
Plan of action and milestones
POAM
This control defines when to automatically terminate a user session after organization-defined conditions or trigger events occur.
AC-12
P-ATO
Provisional Authority to Operate
This control identifies the types of events that the system is capable of logging in support of the audit function
AU-2.a
This document outlines the procedures and controls to be assessed when evaluating a system's security measures
Security Assessment Plan (SAP)
This control documents, as part of each exchange agreement, the interface characteristics, security and privacy requirements, controls, and responsibilities for each system, and the impact level of the information communicated
CA-3.b
The analysis conducted by an organizational official to determine the extent to which changes to the information system have affected the security state of the system
Security Impact Analysis (SIA)
This control defines when to conduct backups of system documentation, including security- and privacy-related documentation based on organization-defined frequency consistent with recovery time and recovery point objectives
CP-9.c
This document contains predictions of the consequences of a disruption to your business, and gathers information needed to develop recovery strategies
Business Impact Analysis (BIA)