Skip to content

SI-1: Policy and Procedures

An OSCAL Control

Statement

    • a.

      Develop, document, and disseminate to :

      • 1.

        system and information integrity policy that:

        • (a)

          Addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and

        • (b)

          Is consistent with applicable laws, executive orders, directives, regulations, policies, standards, and guidelines; and

      • 2.

        Procedures to facilitate the implementation of the system and information integrity policy and the associated system and information integrity controls;

    • b.

      Designate an to manage the development, documentation, and dissemination of the system and information integrity policy and procedures; and

    • c.

      Review and update the current system and information integrity:

      • 1.

        Policy and following ; and

      • 2.

        Procedures and following .