cosmic view during night time

Organizational Security Policy

Policy is the First Step in Implementing Cybersecurity

Risk Assessment

POL.RM.L2-3.11.1

Planet Security will schedule a Zoom call with the CLIENT at approximately the 30 day mark to cover operational security requirements, policies, procedures, and best practices that the CLIENT will need to perform completely to hold up their end of the Statement of Shared Responsibilities.

Planet Security shall come onsite to CLIENT primary location at approximately the 60 day mark from when the contract is signed and assess the operational controls that are required for adherence to the requirements identified in the NIST SP800-171. It is expected that the CLIENT will have implemented all required measures of operational security before this meeting.

Documented findings of non-compliance shall be delivered to CLIENT leadership via Signal Messenger within a week after our visit. The client shall submit documented proof of remediation of the findings within 10 calendar days of receipt of the reporting.

Planet Security shall come onsite (11th month) and annually assess the risk to organizational operations (including mission, functions, image, or reputation), organizational assets, and individuals, resulting from the operation of organizational systems and the associated processing, storage, or transmission of CUI. During this visit, we will pay particular attention to operational security efforts and controls which we do not have visibility from a remote location.

Documented findings of non-compliance shall be delivered to CLIENT leadership via Signal Messenger within a week after our visit. The client shall submit documented proof of remediation of the findings within 10 calendar days of receipt of the reporting.

POL.RM.L2-3.11.2

Planet Security, Inc. shall scan the CPE/SPE environement at least monthly for vulnerabilities monthly on the 15th of each month. In practice (Non-binding), our SIEM tool scans constantly and vulnerabilities are detected within minutes and remediation occurs after COB of the same day of the detection.

POL.RM.L2-3.11.3

When new vulnerabilities affecting systems and applications are identified, remediation shall take place based on the following timetable:

  • Urgent: Within 24 Hours

  • Critical: Within 48 Hours

  • High: Within 1 Week

  • Medium: Within 1 Month

  • Low: Within 60 Days

  • Informational: Remediation not required



For questions regarding this Information Security Policy, please reach out to your Planet Security, Inc. Support Engineers using Signal.

Download Your Policy
Planet Security, Inc.

5325 S Fort Apache Rd.Suite D2 Las Vegas , NV 89148

Signal Messenger: helpdesk.100

© 1993-2025. Planet Security Inc. All rights reserved.

Phone: 725.246.0191

helpme@planetsecurity.net

★★★★★

protecting cui protects the american warfighter

CUI Protected enclave | Small Protected Enclave