With 205 Controls, 423 enhancements and 1,394 definitions, it's overwhelming! Lucky for you, ISL's Cyber Security Professionals are here to help.

Contact us so we can discuss what Cyber Security controls mean to your organization.

PM-7 : ENTERPRISE ARCHITECTURE

FAMILY: Program ManagementCLASS: Management

PM-7 : ENTERPRISE ARCHITECTURE

The organization develops an enterprise architecture with consideration for information security and the resulting risk to organizational operations, organizational assets, individuals, other organizations, and the Nation. The enterprise architecture developed by the organization is aligned with the Federal Enterprise Architecture. The integration of information security requirements and associated security controls into the organization?s enterprise architecture helps to ensure that security considerations are addressed by organizations early in the system development life cycle and are directly and explicitly related to the organization?s mission/business processes. This also embeds into the enterprise architecture, an integral security architecture consistent with organizational risk management and information security strategies. Security requirements and control integration are most effectively accomplished through the application of the Risk Management Framework and supporting security standards and guidelines. The Federal Segment Architecture Methodology provides guidance on integrating information security requirements and security controls into enterprise architectures. Related controls: PL-2, PM-11, RA-2.
Control Enhancements:
(1) The organization reassesses the integrity of software and information by performing [Assignment: organization-defined frequency] integrity scans of the information system.
(2) The organization employs automated tools that provide notification to designated individuals upon discovering discrepancies during integrity verification.
(3) The organization employs centrally managed integrity verification tools.
(4) The organization requires use of tamper-evident packaging for [Assignment: organization-defined information system components] during [Selection: transportation from vendor to operational site; during operation; both].
References: NIST Special Publication 800-39; Web: WWW.FSAM.GOV.
Priority and Baseline Allocation:
P1 LOW PM-7 MOD PM-7 HIGH PM-7