CCI-004342

Defines the non-essential functions or services to be offloaded to other systems, system components, or an external provider.

Implementation Guidance

Determine if [PM-07(01)_ODP; non-essential functions or services to be offloaded are defined] are offloaded to other systems, system components, or an external provider.

Validation Procedures

Examine: [SELECT FROM: Information security program plan; privacy program plan; enterprise architecture documentation; procedures addressing enterprise architecture development; procedures for identifying and offloading functions or services; results of risk assessments of enterprise architecture; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with information security and privacy program planning and plan implementation responsibilities; organizational personnel responsible for developing enterprise architecture; organizational personnel responsible for risk assessments of enterprise architecture; organizational personnel with information security and privacy responsibilities]. Test: [SELECT FROM: Organizational processes for enterprise architecture development; mechanisms supporting the enterprise architecture and its development; mechanisms for offloading functions and services].

The controls below (if any) were marked by NIST as being related to CCI-004342.