NIST Risk Management Framework Quick Start Guide ROLES AND ...
NIST Risk Management Framework
Quick Start Guide
ROLES AND RESPONSIBILITIES
CROSSWALK
(October 1, 2021)
2021-10-01
NIST RMF Quick Start Guide
Roles and Responsibilities Crosswalk
Legend:
P:
C:
S:
I:
A:
R:
M:
ORG:
SYS:
Prepare (step)
Categorize (step)
Select (step)
Implement (step)
Assess (step)
Authorize (step)
Monitor (step)
Organizational (responsibility)
System (responsibility)
2021-10-01
NIST RMF Quick Start Guide
Roles and Responsibilities Crosswalk
Index:
? AUTHORIZING OFFICIAL OR AUTHORIZING ? RISK EXECUTIVE (FUNCTION) OR SENIOR
OFFICIAL DESIGNATED REPRESENTATIVE
ACCOUNTABLE OFFICIAL FOR RISK
MANAGEMENT
? CHIEF ACQUISITION OFFICER
? SECURITY OR PRIVACY ARCHITECT
? CHIEF INFORMATION OFFICER
? SENIOR AGENCY INFORMATION SECURITY
? COMMON CONTROL PROVIDER
OFFICER
? CONTROL ASSESSOR
? SENIOR AGENCY OFFICIAL FOR PRIVACY
? ENTERPRISE ARCHITECT
? SYSTEM ADMINISTRATOR
? HEAD OF AGENCY
? SYSTEM OWNER
? INFORMATION OWNER OR STEWARD
? SYSTEM SECURITY OR PRIVACY ENGINEER
(OR SYSTEM OWNER)
? SYSTEM SECURITY OR PRIVACY OFFICER
? MISSION OR BUSINESS OWNER
? USER
2021-10-01
NIST RMF Quick Start Guide
Roles and Responsibilities Crosswalk
ROLE
P
C
S
I
A
R
M
O
R
G
S
Y
S
RESPONSIBILITIES
?
HEAD OF
AGENCY
X
?
?
X
INDEX
?
?
MISSION OR
BUSINESS
OWNER
ENTERPRISE
ARCHITECT
X
X
X
X
X
X
SECURITY OR
PRIVACY
ARCHITECT
X
X
?
Assist in development of organization-wide tailored control baselines and/or profiles (Task P-4
[Optional])
?
Define mission and business functions and processes that the system is intended to support
?
?
Implement an enterprise architecture strategy that facilitates effective security and privacy
solutions
Collaborate with system owners and authorizing officials to facilitate authorization boundary
determinations
Coordinate with security and privacy architects on security and privacy issues
?
Determine placement of system within the enterprise architecture
?
?
Liaise between the enterprise architect and the system security or privacy engineer
Allocate controls in coordination with system owners, common control providers, and system
security or privacy officers
Advise senior leadership on a range of security and privacy issues
Manage aspects of the enterprise architecture that protect information and systems from
unauthorized system activity or behavior; that ensure compliance with privacy requirements;
and that manage privacy risks to individuals associated with the processing of personally
identifiable information
?
X
Designate a senior accountable official for risk management, senior agency official for privacy,
and chief acquisition officer
Oversee risk management process
Provide an organization-wide forum to consider all sources of risk, and to promote collaboration
and cooperation
Institute a commitment to effectively manage security and privacy risk
Coordinate with risk executive (function) to establish a risk management strategy
?
?
Steps¡ªP: Prepare; C: Categorize; S: Select; I: Implement; A: Assess; R: Authorize; M: Monitor. Responsibility¡ªORG: Organizational; SYS: System
2021-10-01
NIST RMF Quick Start Guide
Roles and Responsibilities Crosswalk
ROLE
CHIEF
ACQUISITION
OFFICER
P
C
S
I
A
R
M
O
R
G
S
Y
S
RESPONSIBILITIES
?
?
X
X
?
?
Manage and monitor the performance of acquisition programs and activities
Establish clear lines of authority, accountability, and responsibility for acquisition decisionmaking
Establish procurement policies, procedures, and practices
Ensure that security and privacy requirements are defined in organizational procurements and
acquisitions
INDEX
Steps¡ªP: Prepare; C: Categorize; S: Select; I: Implement; A: Assess; R: Authorize; M: Monitor. Responsibility¡ªORG: Organizational; SYS: System
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related download
- the risk management framework and cyber resiliency
- ai risk management framework concept paper
- nist risk management framework overview
- risk management framework process map
- risk management framework rmf v2
- nist risk management framework rmf process nisp workflow
- automated nist risk management framework kdm analytics
- servicenow continuous authorization and monitoring
- nist risk management framework quick start guide roles and
- integrating the risk management framework rmf with devops
Related searches
- nist risk management guide
- nist risk management framework pdf
- nist risk management process
- nist risk management framework 2019
- enterprise risk management framework coso
- enterprise risk management framework template
- enterprise risk management framework examples
- risk management framework template
- enterprise risk management framework models
- enterprise risk management framework pdf
- enterprise risk management framework ppt
- coso risk management framework pdf