659.23—System security plan: contents.
The system security plan must, at a minimum address the following:
(a)
Identify the policies, goals, and objectives for the security program endorsed by the agency's chief executive.
(b)
Document the rail transit agency's process for managing threats and vulnerabilities during operations, and for major projects, extensions, new vehicles and equipment, including integration with the safety certification process;
(d)
Document the rail transit agency's process for conducting internal security reviews to evaluate compliance and measure the effectiveness of the system security plan; and
(e)
Document the rail transit agency's process for making its system security plan and accompanying procedures available to the oversight agency for review and approval.