WhiteHouse / cyber-acquisitions

https://policy.cio.gov
Other
7 stars 36 forks source link

Cyber Risk Management #36

Open aerospaceindustriesassociation opened 9 years ago

aerospaceindustriesassociation commented 9 years ago

While many of these controls are best practice, not all have a non-trivial impact to the security posture nor upon assessment, fit into a risk managed environment. We recommend the security requirements be prioritized. A more stratified approach to control requirements would be more digestible than the current one size fits all approach. This would go a long way in enabling Industry (large, medium, and small) companies to know where they need to allocate resources and spend incremental funding based on both Govt and Industry applying a risk management process that accounts for minimally environments, situational awareness, and evolving threats.