Governance Definitions (comments)

[lachellel]

Received June 2019 - a federal agency comment for updating governance service definitions

Comments:

Item	Current Text	Recommended Change	Change	Rationale
Enterprise Governance	Developing and implementing the policies, rules, and procedures to manage and improve an ICAM program.	none
Auditing & Reporting	Monitoring, reviewing, and reporting on an ICAM program's conformance with rules, policies, and requirements.	none
Redress	Fixing problems and vulnerabilities that occur during standard operation of an ICAM program.	Mitigating risks, threats, and vulnerabilities that occur during operation of an ICAM program.	1) Change "Fixing" to "Mitigating" 2) Change "problems" to "risks, threats"	1) Mitigation is broader than "fixing" and recognizes cannot always eliminate vulnerabilities 2) Risks and threats are broader than "problems".
Recovery	Preparing the procedures and assets that would be needed to recover from a security or privacy breach and ensure continuity or service.	Preparing the procedures and assets needed to recover from failures or breaches associated with ICAM to ensure the security and continuity of service.	1) Change "a security or privacy breach" to "failures or breaches" 2) Add "associated with ICAM" 3) Add "the security and"	1) Recovery responsibilities must address more than just breaches 2) Limit scope to ICAM 3) Scope must include more than continuity of service

[lachellel]

Alternative comments for governance definitions update

• Update the governance services and applications view
• Focus on (and update) identity governance versus broader governance activities for approaches in the service definitions view
• Align with CDM definitions
• Remove "software" from the applications sub-components definitions and view

[lachellel]

addressed during architecture update working sessions - closing