Risk Assessments and Organizational Approvals from NIST 800-53 v5 framework

SAMMY UI is optimized for resolutions with a width 1024px and higher.

Access Control
Awareness and Training
Audit and Accountability
Assessment, Auithorization and Monitoring
Configuration Management
Contingency Planning
Identification and Authentication
Incident Response
Maintenance
Media Protection
Physical and Environmental Protection
Planning
Program Management
Personnel Security
Personally Identifiable Information Processing and Transparency
Risk Assessment
System and Services Acquisition
System and Communications Protection
System and Information Integrity
Supply Chain Risk Management

SA-9(1): Risk Assessments and Organizational Approvals

Risk Assessments and Organizational Approvals

SA-9(1): Risk Assessments and Organizational Approvals

(a) Conduct an organizational assessment of risk prior to the acquisition or outsourcing of information security services; and
(b) Verify that the acquisition or outsourcing of dedicated information security services is approved by [Assignment: organization-defined personnel or roles].

Description

Information security services include the operation of security devices, such as firewalls or key management services as well as incident monitoring, analysis, and response. Risks assessed can include system, mission or business, security, privacy, or supply chain risks.