III.C.1.a: To-Be Architecture
Update the to-be architecture after each budget cycle to reflect new investments and associated residual risks. Other Information:
The to-be architecture should portray the security and privacy features of the enterprise’s mission and characterize its exposure
to risks of the agency’s enterprise architecture components. i. (e.g., privacy, medical, proprietary, financial, contractor
sensitive, trade secret, investigation); and ii) information systems (e.g., mission critical, mission support, administrative).
ii. guidance in NIST SP 800-59, Guideline for Identifying an Information System as a National Security System. iii. categories
in accordance with FIPS PUB 199 and NIST SP 800-60.
Indicator(s):
|
