💼 PM-11 Mission and Business Process Definition
- ID:
/frameworks/nist-sp-800-53-r5/pm/11
Description​
a. Define organizational mission and business processes with consideration for information security and privacy and the resulting risk to organizational operations, organizational assets, individuals, other organizations, and the Nation; and b. Determine information protection and personally identifiable information processing needs arising from the defined mission and business processes; and c. Review and revise the mission and business processes [Assignment: organization-defined frequency].
Similar​
- Internal
- ID:
dec-c-8dc6f19b
- ID:
Similar Sections (Give Policies To)​
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| 💼 NIST CSF v2.0 → 💼 DE.AE-04: The estimated impact and scope of adverse events are understood | 14 | no data | |||
| 💼 NIST CSF v2.0 → 💼 GV.OC-01: The organizational mission is understood and informs cybersecurity risk management | no data | ||||
| 💼 NIST CSF v2.0 → 💼 GV.OC-04: Critical objectives, capabilities, and services that external stakeholders depend on or expect from the organization are understood and communicated | 3 | no data | |||
| 💼 NIST CSF v2.0 → 💼 GV.OC-05: Outcomes, capabilities, and services that the organization depends on are understood and communicated | 3 | no data | |||
| 💼 NIST CSF v2.0 → 💼 ID.RA-04: Potential impacts and likelihoods of threats exploiting vulnerabilities are identified and recorded | 7 | no data | |||
| 💼 NIST CSF v2.0 → 💼 RC.RP-04: Critical mission functions and cybersecurity risk management are considered to establish post-incident operational norms | no data |
Sub Sections​
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|