Navigate

CCI-000227

CCI-000227 Definition

The organization develops a comprehensive strategy to manage risk to organizational operations and assets, individuals, other organizations, and the Nation associated with the operation and use of information systems.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

DoD Risk Management Framework meets the requirement for a comprehensive organizational risk strategy. DoD components are automatically compliant with this CCI because they are covered by the DoD Risk Management Framework (DoDI 8510.01).

Validation Procedures

Compelling Evidence

Automatically compliant per DoDI 8510.01.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-000227.

Control	Description
PM-9	The organization: PM-9a.: Develops a comprehensive strategy to manage risk to organizational operations and assets, individuals, other organizations, and the Nation associated with the operation and use of information systems; PM-9b.: Implements the risk management strategy consistently across the organization; and PM-9c.: Reviews and updates the risk management strategy [Assignment: organization-defined frequency] or as required, to address organizational changes.

Control

Description

PM-9

The organization:

PM-9a.: Develops a comprehensive strategy to manage risk to organizational operations and assets, individuals, other organizations, and the Nation associated with the operation and use of information systems;

PM-9b.: Implements the risk management strategy consistently across the organization; and

PM-9c.: Reviews and updates the risk management strategy [Assignment: organization-defined frequency] or as required, to address organizational changes.