Security and privacy planning policy
procedures addressing system security and privacy plan development and implementation
procedures addressing system security and privacy plan reviews and updates
system design documentation
system architecture and configuration documentation
system categorization decision
information types stored, transmitted, and processed by the system
system element/component information
stakeholder needs analysis
list of security and privacy requirements allocated to the system, system elements, and environment of operation
list of contractual requirements allocated to external providers of the system or system element
business impact analysis or criticality analysis
risk assessments
risk management strategy
organizational security and privacy policy
federal or organization-approved or mandated baselines or overlays
system security plan
privacy plan
other relevant documents or records