800-53|PM-11

Title

MISSION/BUSINESS PROCESS DEFINITION

Description

The organization:

Supplemental

Information protection needs are technology-independent, required capabilities to counter threats to organizations, individuals, or the Nation through the compromise of information (i.e., loss of confidentiality, integrity, or availability). Information protection needs are derived from the mission/business needs defined by the organization, the mission/business processes selected to meet the stated needs, and the organizational risk management strategy. Information protection needs determine the required security controls for the organization and the associated information systems supporting the mission/business processes. Inherent in defining an organization's information protection needs is an understanding of the level of adverse impact that could result if a compromise of information occurs. The security categorization process is used to make such potential impact determinations. Mission/business process definitions and associated information protection requirements are documented by the organization in accordance with organizational policy and procedure.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Related: PM-7,PM-8,RA-2

Category: PROGRAM MANAGEMENT

Family: PROGRAM MANAGEMENT

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
Building Threat Protection Layers	amazon_aws	Tenable AWS Best Practice Audit
Conclusion	amazon_aws	Tenable AWS Best Practice Audit
Using Additional Application Security Practices	amazon_aws	Tenable AWS Best Practice Audit

Detections

Analytics