Enterprise Architecture, Roadmap and Emerging Technology
NOT SELECTED
P1
Yes
February 15, 2018
The Agency takes information security imperatives, including TAC 202 and this control catalog, into consideration when designing and implementing the enterprise architecture.
Management does not review new or modifications of existing technology infrastructure to ensure implementations are in line with strategic goals.
The organization develops an enterprise architecture with consideration for information security and the resulting risk to organizational operations, organizational assets, individuals, other organizations, and the Nation.
If an organization follows the requirements in TAC 202 and the Control Catalog such as inventories and risk based decision making, it will lead the organization to an enterprise architecture approach.
State implementation of this standard isan outcome of TAC 202 implementation.
Obtain Information security program policy; enterprise architecture policy; procedures addressing information security-related aspects of enterprise architecture development; system development life cycle documentation; enterprise architecture documentation; enterprise security architecture documentation; other relevant documents or records and ascertain if:
(I) the organization develops an enterprise architecture with consideration for information security and the resulting risk to organizational operations, organizational assets, individuals, other organizations, and the Nation
