Skip to main content

πŸ’Ό PM-11 Mission and Business Process Definition

  • Contextual name: πŸ’Ό PM-11 Mission and Business Process Definition
  • ID: /frameworks/nist-sp-800-53-r5/pm/11
  • Located in: πŸ’Ό PM Program Management

Description​

a. Define organizational mission and business processes with consideration for information security and privacy and the resulting risk to organizational operations, organizational assets, individuals, other organizations, and the Nation; and b. Determine information protection and personally identifiable information processing needs arising from the defined mission and business processes; and c. Review and revise the mission and business processes [Assignment: organization-defined frequency].

Similar​

  • Internal
    • ID: dec-c-8dc6f19b

Similar Sections (Give Policies To)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό DE.AE-04: The estimated impact and scope of adverse events are understood14
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό GV.OC-01: The organizational mission is understood and informs cybersecurity risk management
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό GV.OC-04: Critical objectives, capabilities, and services that external stakeholders depend on or expect from the organization are understood and communicated4
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό GV.OC-05: Outcomes, capabilities, and services that the organization depends on are understood and communicated4
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό ID.RA-04: Potential impacts and likelihoods of threats exploiting vulnerabilities are identified and recorded7
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό RC.RP-04: Critical mission functions and cybersecurity risk management are considered to establish post-incident operational norms

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlags