|
controlPM-9
Risk Management Strategy (PM-9)
Develops a comprehensive strategy to manage: Implement the risk management strategy consistently across the organization; and Review and update the risk management strategy [organization-defined] or as required, to address organizational changes.
program-managementgovernancestrategy
Why These Connect
Supports63
These related controls work together — a change to one may affect the others.
Related Controls(41)
AC-1Policy and Procedures (AC-1)
LMH
AT-1Policy and Procedures (AT-1)LMH
AU-1Policy and Procedures (AU-1)LMH
CA-1Policy and Procedures (CA-1)LMH
CA-2Control Assessments (CA-2)LMH
CA-5Plan of Action and Milestones (CA-5)LMH
CA-6Authorization (CA-6)LMH
CA-7Continuous Monitoring (CA-7)LMH
CM-1Policy and Procedures (CM-1)LMH
CP-1Policy and Procedures (CP-1)LMH
IA-1Policy and Procedures (IA-1)LMH
IR-1Policy and Procedures (IR-1)LMH
MA-1Policy and Procedures (MA-1)LMH
MP-1Policy and Procedures (MP-1)LMH
PE-1Policy and Procedures (PE-1)LMH
PE-23Facility Location (PE-23)PL-1Policy and Procedures (PL-1)LMH
PL-2System Security and Privacy Plans (PL-2)LMH
PL-9Central Management (PL-9)PM-6Measures of Performance (PM-6)PM-8Critical Infrastructure Plan (PM-8)PM-2Information Security Program Leadership Role (PM-2)PM-18Privacy Program Plan (PM-18)PM-28Risk Framing (PM-28)PM-30Supply Chain Risk Management Strategy (PM-30)PS-1Policy and Procedures (PS-1)LMH
PT-1Policy and Procedures (PT-1)PT-2Authority to Process Personally Identifiable Information (PT-2)PT-3Personally Identifiable Information Processing Purposes (PT-3)RA-1Policy and Procedures (RA-1)LMH
RA-3Risk Assessment (RA-3)LMH
RA-9Criticality Analysis (RA-9)MH
SA-1Policy and Procedures (SA-1)LMH
SA-4Acquisition Process (SA-4)LMH
SC-1Policy and Procedures (SC-1)LMH
SC-38Operations Security (SC-38)SI-1Policy and Procedures (SI-1)LMH
SI-12Information Management and Retention (SI-12)LMH
SR-1Policy and Procedures (SR-1)LMH
SR-2Supply Chain Risk Management Plan (SR-2)LMH
PM-31Continuous Monitoring Strategy (PM-31)