Navigate

CCI-000228

CCI-000228 Definition

Implement the risk management strategy consistently across the organization.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

DoD Risk Management Framework meets the requirement for a comprehensive organizational risk strategy. DoD components are automatically compliant with this CCI because they are covered by the DoD Risk Management Framework (DoDI 8510.01).

Validation Procedures

Compelling Evidence

Automatically compliant per DoDI 8510.01.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-000228.

Control	Description
PM-9	The organization: a: Develops a comprehensive strategy to manage risk to organizational operations and assets, individuals, other organizations, and the Nation associated with the operation and use of information systems; b: Implements the risk management strategy consistently across the organization; and c: Reviews and updates the risk management strategy [one of ] or as required, to address organizational changes.

Control

Description

PM-9

The organization:

a: Develops a comprehensive strategy to manage risk to organizational operations and assets, individuals, other organizations, and the Nation associated with the operation and use of information systems;

b: Implements the risk management strategy consistently across the organization; and

c: Reviews and updates the risk management strategy [one of ] or as required, to address organizational changes.