home || catalog: SP800-53rev3 / class: Management / family: (PM) Program Management ||
search controls:
search nistpubs:

AC
AT
AU
CA
CM
CP
IA
IR
MA
MP
PE
PL
PM

PM-01
PM-02
PM-03
PM-04
PM-05
PM-06
PM-07 *
PM-08
PM-09
PM-10
PM-11

PS
RA
SA
SC
SI
MMMMM

  PM-07: Enterprise Architecture  

base control objective:
The organization develops an enterprise architecture with consideration for information security and the resulting risk to organizational operations, organizational assets, individuals, other organizations, and the Nation.

supplemental objective information:
The enterprise architecture developed by the organization is aligned with the Federal Enterprise Architecture. The integration of information security requirements and associated security controls into the organization’s enterprise architecture helps to ensure that security considerations are addressed by organizations early in the system development life cycle and are directly and explicitly related to the organization’s mission/business processes. This also embeds into the enterprise architecture, an integral security architecture consistent with organizational risk management and information security strategies. Security requirements and control integration are most effectively accomplished through the application of the Risk Management Framework and supporting security standards and guidelines. The Federal Segment Architecture Methodology provides guidance on integrating information security requirements and security controls into enterprise architectures. (see: http://www.fasm.gov)

enhancements to the base objective:

(1) None.

mapping to FIPS199 baseline:

  LOW: org     MOD: org     HIGH: org  

related (regimented) controls:

None.

documents referenced in SP800-53rev3 for PM-07:

None.

Document Date Status Title

Search SP800-53rev3 catalog: