PM 29 RISK MANAGEMENT PROGRAM LEADERSHIP ROLES - NIST-SP-800-53-R5/NIST-SP-800-53-R5.github.io GitHub Wiki

PM-29 RISK MANAGEMENT PROGRAM LEADERSHIP ROLES

Control:

  • a. Appoint a Senior Accountable Official for Risk Management to align organizational information security and privacy management processes with strategic, operational, and budgetary planning processes; and
  • b. Establish a Risk Executive (function) to view and analyze risk from an organization-wide perspective and ensure management of risk is consistent across the organization.

Discussion: The senior accountable official for risk management leads the risk executive (function) in organization-wide risk management activities.

Related Controls: PM-2, PM-19.

Control Enhancements: None.

References: [SP 800-37].

⚠️ **GitHub.com Fallback** ⚠️