Information Systems Security Plan is a critical document used to support security standards in an organization. It is a culmination of security principles and systems that outline policies, procedures, controls both physical and technical, and the roles and responsibilities of the major stake holders within the organization.
- WIKIBOOKS (2018 February 12) "Fundamentals of Information Systems Security/Information Security and Risk Management" retrieved from <https://en.wikibooks.org/wiki/Fundamentals_of_Information_Systems_Security/Information_Security_and_Risk_Management>
- ConvoCourses (2016, July 06). "Risk Management Framework NIST 800-37 Step 2: Select security controls intro" Retrieved February 23, 2018, from <https://youtu.be/iKlMYW23ZIs>
- Rapid7 (2013, August 27). "Security Controls Testing" Retrieved February 23, 2018, from https://youtu.be/2VGOz5knADk
- Oyelakin, P. (2017, December 04). "3 1 System A A RMF STEP 4 Assessing security controls" Retrieved February 23, 2018, from <https://www.youtube.com/watch?v=y0NFKNpZr94>.
- Palmer, M., Robinson, C., Patilla, J., Moser, E. P., (2000) "META Security Group Information Security Policy Framework" <http://horseproject.wiki/images/1/18/Information-Security-Policy-Framework-Research-Report.pdf>
- NIST Special Publication 800-18 (2006 February) “Guide to Developing Security Plans for Federal Information Systems” retrieved from < https://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-18r1.pdf>
- FIPS PUB 199 (2004, February) "Standards for Security Categorization of Federal Information and Information Systems" retrieved from <https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.199.pdf>
- NIST Special Publication 800-53 Revision 5 (2017 August) "Security and Privacy Controls for Information Systems and Organizations" <https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/draft>
- Draft NIST Special Publication 800-37rev.2 (2017, September) "Risk Management Framework for Systems and Organizations: A System Life Cycle Approach for Security and Privacy” retrieved from <https://ole.sandiego.edu/bbcswebdav/courses/CSOL-530-MASTER/M2/800-37%20Rev2%20v2.8-clean.pdf>
- FedRAMP (2018, February 21) "Plan of Actions and Milestones (POA&M) Template Completion Guide Version 2.1" retreived from <https://www.fedramp.gov/assets/resources/documents/CSP_POAM_Template_Completion_Guide.pdf>