Project & Resource Management

Mechanisms exist to ensure changes to systems within the Secure Development Life Cycle (SDLC) are controlled through formal change control procedures.

Login

Project & Resource Management

Mechanisms exist to manage the organizational knowledge of the cybersecurity & data privacy staff.

Login

Risk Management

Mechanisms exist to facilitate the implementation of risk management controls.

Login

Risk Management

Level N/A

Mechanisms exist to identify: â–ª Assumptions affecting risk assessments, risk response and risk monitoring; â–ª Constraints affecting risk assessments, risk response and risk monitoring; â–ª The organizational risk tolerance; and â–ª Priorities and trade-offs considered by the organization for managing risk.

Login

Risk Management

Mechanisms exist to reduce the magnitude or likelihood of potential impacts by resourcing the capability required to manage technology-related risks.

Login

Risk Management

Level N/A

Mechanisms exist to define organizational risk tolerance, the specified range of acceptable results.

Login

Risk Management

Level N/A

Mechanisms exist to define organizational risk threshold, the level of risk exposure above which risks are addressed and below which risks may be accepted.

Login

Risk Management

Level N/A

Mechanisms exist to define organizational risk appetite, the degree of uncertainty the organization is willing to accept in anticipation of a reward.

Login

Risk Management

Mechanisms exist to categorize systems and data in accordance with applicable local, state and Federal laws that: â–ª Document the security categorization results (including supporting rationale) in the security plan for systems; and â–ª Ensure the security categorization decision is reviewed and approved by the asset owner.

Login

Risk Management

Mechanisms exist to prioritize the impact level for systems, applications and/or services to prevent potential disruptions.

Login