💼 PM-28 Risk Framing

• Contextual name: 💼 PM-28 Risk Framing
• ID: /frameworks/nist-sp-800-53-r5/pm/28
• Located in: 💼 PM Program Management

Description

a. Identify and document:

1. Assumptions affecting risk assessments, risk responses, and risk monitoring;
2. Constraints affecting risk assessments, risk responses, and risk monitoring;
3. Priorities and trade-offs considered by the organization for managing risk; and
4. Organizational risk tolerance; b. Distribute the results of risk framing activities to [Assignment: organization-defined personnel]; and c. Review and update risk framing considerations [Assignment: organization-defined frequency].

Similar

• Internal
  • ID: dec-c-4d817ec8

Similar Sections (Give Policies To)

Section	Sub Sections	Internal Rules	Policies	Flags
💼 NIST CSF v2.0 → 💼 DE.AE-04: The estimated impact and scope of adverse events are understood			14
💼 NIST CSF v2.0 → 💼 GV.OC-03: Legal, regulatory, and contractual requirements regarding cybersecurity - including privacy and civil liberties obligations - are understood and managed			2
💼 NIST CSF v2.0 → 💼 GV.RM-04: Strategic direction that describes appropriate risk response options is established and communicated
💼 NIST CSF v2.0 → 💼 GV.RM-06: A standardized method for calculating, documenting, categorizing, and prioritizing cybersecurity risks is established and communicated
💼 NIST CSF v2.0 → 💼 GV.RM-07: Strategic opportunities (i.e., positive risks) are characterized and are included in organizational cybersecurity risk discussions
💼 NIST CSF v2.0 → 💼 GV.SC-09: Supply chain security practices are integrated into cybersecurity and enterprise risk management programs, and their performance is monitored throughout the technology product and service life cycle

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags