Risk Management

Mechanisms exist to develop a plan for Supply Chain Risk Management (SCRM) associated with the development, acquisition, maintenance and disposal of systems, system components and services, including documenting selected mitigating actions and monitoring performance against those plans.

Login

Risk Management

Mechanisms exist to periodically assess supply chain risks associated with systems, system components and services.

Login

Risk Management

Mechanisms exist to address Artificial Intelligence (AI) and Autonomous Technologies (AAT)-related risks and benefits arising from the organization's supply chain, including third-party software and data.

Login

Risk Management

Mechanisms exist to conduct a Data Protection Impact Assessment (DPIA) on systems, applications and services that store, process and/or transmit Personal Data (PD) to identify and remediate reasonably-expected risks.

Login

Risk Management

Level N/A

Mechanisms exist to ensure risk monitoring as an integral part of the continuous monitoring strategy that includes monitoring the effectiveness of cybersecurity & data privacy controls, compliance and change management.

Login

Risk Management

Level N/A

Mechanisms exist to ensure teams are committed to a culture that considers and communicates technology-related risk.

Login

Secure Engineering & Architecture

Mechanisms exist to facilitate the implementation of industry-recognized cybersecurity & data privacy practices in the specification, design, development, implementation and modification of systems and services.

Login

Secure Engineering & Architecture

Mechanisms exist to centrally-manage the organization-wide management and implementation of cybersecurity & data privacy controls and related processes.

Login

Secure Engineering & Architecture

Mechanisms exist to achieve resilience requirements in normal and adverse situations.

Login

Secure Engineering & Architecture

Mechanisms exist to develop an enterprise architecture, aligned with industry-recognized leading practices, with consideration for cybersecurity & data privacy principles that addresses risk to organizational operations, assets, individuals, other organizations.

Login