NIST Risk Management Framework Quick Start Guide ROLES …
NIST Risk Management Framework Quick Start Guide
ROLES AND RESPONSIBILITIES CROSSWALK
(October 1, 2021)
2021-10-01
NIST RMF Quick Start Guide Roles and Responsibilities Crosswalk
Legend: P: Prepare (step) C: Categorize (step) S: Select (step) I: Implement (step) A: Assess (step) R: Authorize (step) M: Monitor (step) ORG: Organizational (responsibility) SYS: System (responsibility)
2021-10-01
NIST RMF Quick Start Guide Roles and Responsibilities Crosswalk
Index:
? AUTHORIZING OFFICIAL OR AUTHORIZING ? RISK EXECUTIVE (FUNCTION) OR SENIOR
OFFICIAL DESIGNATED REPRESENTATIVE ACCOUNTABLE OFFICIAL FOR RISK
? CHIEF ACQUISITION OFFICER
MANAGEMENT
? CHIEF INFORMATION OFFICER
? SECURITY OR PRIVACY ARCHITECT
? COMMON CONTROL PROVIDER
? SENIOR AGENCY INFORMATION SECURITY OFFICER
? CONTROL ASSESSOR
? SENIOR AGENCY OFFICIAL FOR PRIVACY
? ENTERPRISE ARCHITECT
? SYSTEM ADMINISTRATOR
? HEAD OF AGENCY
? SYSTEM OWNER
? INFORMATION OWNER OR STEWARD (OR SYSTEM OWNER)
? SYSTEM SECURITY OR PRIVACY ENGINEER
? MISSION OR BUSINESS OWNER
? SYSTEM SECURITY OR PRIVACY OFFICER
? USER
2021-10-01
NIST RMF Quick Start Guide Roles and Responsibilities Crosswalk
ROLE
HEAD OF AGENCY
MISSION OR BUSINESS OWNER
OS PC S I ARMR Y
GS
RESPONSIBILITIES
? Designate a senior accountable official for risk management, senior agency official for privacy,
and chief acquisition officer
? Oversee risk management process
X
X
? Provide an organization-wide forum to consider all sources of risk, and to promote collaboration
and cooperation
? Institute a commitment to effectively manage security and privacy risk
? Coordinate with risk executive (function) to establish a risk management strategy
X
X
? Assist in development of organization-wide tailored control baselines and/or profiles (Task P-4 [Optional])
X
X ? Define mission and business functions and processes that the system is intended to support
ENTERPRISE
X
ARCHITECT
? Implement an enterprise architecture strategy that facilitates effective security and privacy
solutions
X
? Collaborate with system owners and authorizing officials to facilitate authorization boundary
determinations
? Coordinate with security and privacy architects on security and privacy issues
X
X ? Determine placement of system within the enterprise architecture
SECURITY OR PRIVACY ARCHITECT
? Liaise between the enterprise architect and the system security or privacy engineer
? Allocate controls in coordination with system owners, common control providers, and system
security or privacy officers
X
? Advise senior leadership on a range of security and privacy issues ? Manage aspects of the enterprise architecture that protect information and systems from
unauthorized system activity or behavior; that ensure compliance with privacy requirements;
and that manage privacy risks to individuals associated with the processing of personally
identifiable information
Steps--P: Prepare; C: Categorize; S: Select; I: Implement; A: Assess; R: Authorize; M: Monitor. Responsibility--ORG: Organizational; SYS: System
INDEX
2021-10-01
NIST RMF Quick Start Guide Roles and Responsibilities Crosswalk
ROLE
OS PC S I ARMR Y
GS
RESPONSIBILITIES
CHIEF ACQUISITION
OFFICER
? Manage and monitor the performance of acquisition programs and activities
? Establish clear lines of authority, accountability, and responsibility for acquisition decision-
X
X
making ? Establish procurement policies, procedures, and practices
? Ensure that security and privacy requirements are defined in organizational procurements and
acquisitions
Steps--P: Prepare; C: Categorize; S: Select; I: Implement; A: Assess; R: Authorize; M: Monitor. Responsibility--ORG: Organizational; SYS: System
INDEX
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related download
- standard operating procedure sop for delegation of roles
- free invnetory controller job description pdf template
- roles responsibilities
- template for toastmaster role and responsibilities
- roles and responsibilities teaching service
- roles and responsibilities matrix sdlcforms
- nist risk management framework quick start guide roles
- template for grammarian role and responsibilities
- board and committee roles and responsibilities
- job description writing guide human resources
Related searches
- nist risk management guide
- nist risk management framework pdf
- nist risk management process
- nist risk management framework 2019
- enterprise risk management framework coso
- enterprise risk management framework template
- enterprise risk management framework examples
- risk management framework template
- enterprise risk management framework models
- enterprise risk management framework pdf
- enterprise risk management framework ppt
- coso risk management framework pdf