PM-29: Risk Management Program Leadership Roles

Control Family:

Program Management

CSF v1.1 References:

PF v1.0 References:

Baselines:

  • Low

    N/A

  • Moderate

    N/A

  • High

    N/A

  • Privacy

    N/A

Info icon.

Control is new to this version of the control set.

Control Statement

  1. Appoint a Senior Accountable Official for Risk Management to align organizational information security and privacy management processes with strategic, operational, and budgetary planning processes; and
  2. Establish a Risk Executive (function) to view and analyze risk from an organization-wide perspective and ensure management of risk is consistent across the organization.

Supplemental Guidance

The senior accountable official for risk management leads the risk executive (function) in organization-wide risk management activities.

Related Controls

NIST Special Publication 800-53 Revision 5