PRM-05 ยท Cybersecurity & Data Protection Requirements Definition

Control Description

Mechanisms exist to identify critical system components and functions by performing a criticality analysis for critical Technology Assets, Applications and/or Services (TAAS) at pre-defined decision points in the Secure Development Life Cycle (SDLC).

Control Question
Assessment question for control validation

Does the organization identify critical system components and functions by performing a criticality analysis for critical Technology Assets, Applications and/or Services (TAAS) at pre-defined decision points in the Secure Development Life Cycle (SDLC)?

Control Weighting
9
Validation Cadence
Annual
NIST CSF Function
Identify
Supply Chain Risk Management (SCRM) Tiers
Applicable SCRM tier levels for this control
Tier 1 - Strategic
Tier 2 - Operational
Tier 3 - Tactical
Core Control Designations
Special designations and baseline inclusions
MAD: PRM-05
ESP Level 2: PRM-05
ESP Level 3: PRM-05
AI Model: PRM-05
Additional Metadata
Applicability (Process):
x
Errata & Additional Notes

- wordsmithed control - renamed