Navigate

CCI-002994

CCI-002994 Definition

The organization reviews and updates the risk management strategy in accordance with organization-defined frequency or as required, to address organizational changes.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

DoD Risk Management Framework meets the requirement for a comprehensive organizational risk strategy. DoD components are automatically compliant with this CCI because they are covered by the DoD Risk Management Framework (DoDI 8510.01).

Validation Procedures

Compelling Evidence

Automatically compliant per DoDI 8510.01.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-002994.

Control	Description
PM-9	The organization: PM-9a.: Develops a comprehensive strategy to manage risk to organizational operations and assets, individuals, other organizations, and the Nation associated with the operation and use of information systems; PM-9b.: Implements the risk management strategy consistently across the organization; and PM-9c.: Reviews and updates the risk management strategy [Assignment: organization-defined frequency] or as required, to address organizational changes.

Control

Description

PM-9

The organization:

PM-9a.: Develops a comprehensive strategy to manage risk to organizational operations and assets, individuals, other organizations, and the Nation associated with the operation and use of information systems;

PM-9b.: Implements the risk management strategy consistently across the organization; and

PM-9c.: Reviews and updates the risk management strategy [Assignment: organization-defined frequency] or as required, to address organizational changes.