PM-32 Purposing
Analyze pm-32_odp supporting mission essential services or functions to ensure that the information resources are being used consistent with their intended purpose.
| Parameter ID | Definition |
|---|---|
| pm-32_odp | systems or system components |
Baselines
- L
- M
- H
- P
Guidance
Systems are designed to support a specific mission or business function. However, over time, systems and system components may be used to support services and functions that are outside of the scope of the intended mission or business functions. This can result in exposing information resources to unintended environments and uses that can significantly increase threat exposure. In doing so, the systems are more vulnerable to compromise, which can ultimately impact the services and functions for which they were intended. This is especially impactful for mission-essential services and functions. By analyzing resource use, organizations can identify such potential exposures.
References 2
- SP 800-160-1 Ross RS, Oren JC, McEvilley M (2016) Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-160, Vol. 1, Includes updates as of March 21, 2018.
- SP 800-160-2 Ross RS, Pillitteri VY, Graubart R, Bodeau D, McQuaid R (2019) Developing Cyber Resilient Systems: A Systems Security Engineering Approach. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-160, Vol. 2.
Related controls 4
- CA-07 Continuous Monitoring L M H P
- PL-02 System Security and Privacy Plans L M H P
- RA-03 Risk Assessment L M H P
- RA-09 Criticality Analysis L M H P