All federal systems have some level of sensitivity and require protection as part of good management practice. The protection of a system must be documented in a system security plan. The completion of system security plans is a requirement of the Office of Management and Budget Circular A-130. The plan should be viewed as documentation of the structured process of planning adequate, cost-effective security protection for a system. Additional information may be included in the basic plan and the structure and format organized according to agency needs.”]