Formal document that provides an overview of the security requirements for an organization-wide information security program and describes the program management controls and common controls in place or planned for meeting those requirements.
Source(s):
CNSSI 4009-2015
NIST SP 800-137
under Information Security Program Plan
NIST SP 800-30 Rev. 1
under Information Security Program Plan
NIST SP 800-37 Rev. 2
from
OMB Circular A-130 (2016)
NIST SP 800-39
under Information Security Program Plan
NIST SP 800-53 Rev. 5
from
OMB Circular A-130 (2016)
NIST SP 800-53A Rev. 5
from
OMB Circular A-130 (2016)
NIST SP 800-82 Rev. 2
under Information Security Program Plan