Scribd Logo
Upload

Welcome to Scribd!

  • Integrated Cybersecurity Governance Model - CMMC Version

    Uploaded by

    wenapo
    165 views1 page

    Original Title

    Integrated Cybersecurity Governance Model - CMMC version

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    165 views1 page

    Integrated Cybersecurity Governance Model - CMMC Version

    Uploaded by

    wenapo

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 1

    Integrated Cybersecurity Governance Model (ICGM)™

    Addressing Cybersecurity Maturity Model Certification (CMMC) & NIST 800-171 Compliance
    This model represents a “Plan, Do, Check & Act”
    POLICIES & S TANDARDS approach to implement and operate integrated
    MAY INFLUENCE cybersecurity and privacy governance practices. The
    GUIDELINES
    START
    PLAN SOMETIMES
    ICGM is a useful tool to help visualize CMMC & NIST 800-
    171 governance, risk and compliance-related activities.
    IDENTIFY EXTERNAL INFLUENCERS GENERATE
    [COMPLIANCE REQUIREMENTS] ARE ENFORCED
    INFLUENCE BY INFLUENCE BECOMES
    - STATUTORY & REGULATORY OBLIGATIONS POLICIES STANDARDS TOOL SELECTION
    - CONTRACTUAL OBLIGATIONS
    - INDUSTRY-RECOGNIZED PRACTICES ARE ALIGNED WITH
    COMPLIANCE OBLIGATIONS
    IDENTIFY INTERNAL INFLUENCERS ESTABLISH ARE IMPLEMENTED BY
    & PROVIDE SCOPING FOR
    [CORPORATE POLICIES & MANAGEMENT INTENT] COMPLIANCE-RELATED
    - BUSINESS PROCESSES INFLUENCE CRITERIA FOR INFLUENCES
    CONTROL OBJECTIVES [SSP I TEM]
    - RISK TOLERANCE
    - AUDIT FINDINGS IDENTIFY
    REQUIREMENTS FOR [SSP I TEM]

    CONTROLS
    SUPPORT
    800-171 PROCEDURES
    REQUIRE THE IMPLEMENTATION OF CYBERSECURITY & PRIVACY ARE IMPLEMENTED BY PROCEDURES / ARE APPLIED TO SYSTEMS, APPLICATIONS,
    MAY INFLUENCE &
    IDENTIFY CHANGES TO [INCLUDES COMPENSATING CONTROLS FOR EXCEPTION REQUESTS] [POA&M ITEM] CONTROLS CONTROL ACTIVITIES [SSP I TEM] SERVICES & PROCESSES

    DETERMINE THE PRIORITIZATION


    & IMPLEMENTATION OF DO ENABLE THE
    GENERATION OF
    ARE REVIEWED
    THROUGH

    RESOURCE PRIORITIES [C3PAO ACTIVITY] VERIFY


    EXCEPTION REQUESTS
    RISK MANAGEMENT & NON-COMPLIANT ARE LINKED TO FEED
    AFFECTS CONTROLS REQUIRE SECURITY METRICS AUDITS / ASSESSMENTS
    AFFECTS
    REMEDIATION ACTIONS ACCEPTABLE RISK TOLERANCE

    ARE ASSESSED
    [POA&M ITEM] EXCEPTION REQUESTS & NON-COMPLIANT PROCEDURES REQUIRE GENERATE
    CHECK
    AGAINST
    GENERATES [POA&M ITEM] IDENTIFIES PROVIDE OVERSIGHT CAPABILITIES TO ANALYTICS & TRENDS
    RISK ANALYSIS REQUIREMENTS FOR
    RISK MANAGEMENT COVERS THE FOLLOWING: [KPIS / KRIS / KCIS]
    - PLAN OF ACTION & MILESTONES (POA&M) SITUATIONAL
    PROVIDE GUIDANCE TO INFLUENCES AWARENESS
    - SYSTEM SECURITY PLAN (SSP) CORPORATE LEADERSHIP
    - DATA PROTECTION IMPACT ASSESSMENTS (DPIAS)
    - BUSINESS IMPACT ANALYSIS (BIA) DIRECTS
    - RISK ASSESSMENTS INFLUENCE
    - VENDOR ASSESSMENTS INFLUENCES
    - THREAT ASSESSMENTS
    - VULNERABILITY ASSESSMENTS
    ACT REQUIRE
    STAKEHOLDER CONFIDENCE

    - PENETRATION TESTING
    IDENTIFY NEEDS FOR IDENTIFY
    DEFICIENCIES

    Copyright © 2020 by ComplianceForge, LLC (ComplianceForge). All rights reserved. VERSION 2020.1
    Modification of any content, including text and images, requires the prior written permission of ComplianceForge. Requests ma y be s ent to support@ complianceforge.com.

    You might also like