CCI-000212

Develop an enterprise architecture with consideration for information security and the resulting risk to organizational operations, organizational assets, individuals, other organizations, and the Nation.

Implementation Guidance

Determine if: - an enterprise architecture is developed with consideration for information security. - an enterprise architecture is maintained with consideration for information security. - an enterprise architecture is developed with consideration for privacy. - an enterprise architecture is maintained with consideration for privacy. - an enterprise architecture is developed with consideration for the resulting risk to Organizational operations and assets, individuals, other organizations, and the Nation. - an enterprise architecture is maintained with consideration for the resulting risk to Organizational operations and assets, individuals, other organizations, and the Nation.

Validation Procedures

Examine: [SELECT FROM: Information security program plan; privacy program plan; enterprise architecture documentation; procedures addressing enterprise architecture development; results of risk assessments of enterprise architecture; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with information security and privacy program planning and plan implementation responsibilities; organizational personnel responsible for developing enterprise architecture; organizational personnel responsible for risk assessments of enterprise architecture; organizational personnel with information security and privacy responsibilities]. Test: [SELECT FROM: Organizational processes for enterprise architecture development; mechanisms supporting the enterprise architecture and its development].

The controls below (if any) were marked by NIST as being related to CCI-000212.