afeld
commented
4 years ago Let's scope this down a bit to be "proposal presented to leadership," since the steps and timeline between that and having a budget line are more murky.
Open its-a-lisa-at-work opened 4 years ago
afeld
commented
4 years ago Let's scope this down a bit to be "proposal presented to leadership," since the steps and timeline between that and having a budget line are more murky.
pburkholder
commented
3 years ago This is terrific. We have a finding from our Annual Assessment because we couldn't readily point to our line item.
On Mon, Feb 8, 2021 at 7:16 PM Alyssa Feola notifications@github.com wrote:
Background Information
Per NIST RMF, having a line item for Cybersecurity Budget is necessary. This is something that makes greater sense to do at the TTS level rather than at each product level. Implementation Steps
- Bring up at #g-compliance-security guild
- Set up follow up meeting
- Research requirements
- Talk to folks that are stakeholders
Acceptance Criteria
- Proposal presented to leadership
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/18F/Security-Compliance/issues/15, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAJHWCQRKWPPP6ZLH47ZEJTS6B5G7ANCNFSM4XJ7KZ7Q .
*Peter Burkholder | *cloud.gov https://cloud.gov compliance & security please use cloud-gov-compliance@gsa.gov for cloud.gov matters
202-709-2028 <(202)%20209-2028> | peter.burkholder@gsa.gov peter.burkholder@gsa.gov
| pronouns he-him https://www.mypronouns.org/he-him Free/Busy Calendar https://calendar.google.com/calendar/embed?src=peter.burkholder@gsa.gov
Background Information
Per NIST RMF, having a line item for Cybersecurity Budget is necessary. This is something that makes greater sense to do at the TTS level rather than at each product level.
Implementation Steps
Acceptance Criteria