Policy and Inventory¶
Generating Inventories¶
KSI-PIY-GIV
Changelog:
- 2026-05-04: Initial reset for the Consolidated Rules for 2026 Public Preview.
Authoritative sources are used to automatically generate real-time inventories of all information resources when needed.
Related SP 800-53 Controls: CM-2.2, CM-7.5, CM-8, CM-8.1, CM-12, CM-12.1, CP-2.8
Terms: Information Resource
Reviewing Executive Support¶
KSI-PIY-RES
Changelog:
- 2026-05-04: Initial reset for the Consolidated Rules for 2026 Public Preview.
Executive support for achieving the provider's security goals is persistently reviewed and demonstrated.
Terms: Persistently
Reviewing Investments in Security¶
KSI-PIY-RIS
Changelog:
- 2026-05-04: Initial reset for the Consolidated Rules for 2026 Public Preview.
The effectiveness of the provider's investments in achieving security goals is persistently reviewed.
Related SP 800-53 Controls: AC-5, CA-2, CP-2.1, CP-4.1, IR-3.2, PM-3, SA-2, SA-3, SR-2.1
Terms: Persistently
Reviewing Security in the SDLC¶
KSI-PIY-RSD
Changelog:
- 2026-05-04: Initial reset for the Consolidated Rules for 2026 Public Preview.
The effectiveness of building security and privacy considerations into the Software Development Lifecycle and aligning with CISA Secure By Design principles is persistently reviewed.
Related SP 800-53 Controls: AC-5, AU-3.3, CM-3.4, PL-8, PM-7, SA-3, SA-8, SC-4, SC-18, SI-10, SI-11, SI-16
Terms: Persistently
Reviewing Vulnerability Disclosures¶
KSI-PIY-RVD
Changelog:
- 2026-05-04: Initial reset for the Consolidated Rules for 2026 Public Preview.
The effectiveness of the provider's vulnerability disclosure program is persistently reviewed.
Related SP 800-53 Controls: RA-5.11
Terms: Persistently, Vulnerability