145k views
0 votes
Which tier level in RMF addresses risk management at the DoD enterprise level?

1 Answer

3 votes

Final answer:

The tier level in the Risk Management Framework that addresses risk management at the DoD enterprise level is Tier 1, which focuses on organizational governance and enterprise-level risk management strategies.

Step-by-step explanation:

The tier level in the Risk Management Framework (RMF) that addresses risk management at the Department of Defense (DoD) enterprise level is Tier 1. The RMF is a set of criteria that provides a structured process for integrating security and risk management activities into the system development life cycle. The tiered approach helps to manage risk from an organizational perspective, categorizing the levels as follows:

  • Tier 1: Addresses risk from an organizational perspective, focusing on governance and risk management at the enterprise level.
  • Tier 2: Deals with risk at the mission/business process level and interacts with the organizational tier to address specific mission-related risks.
  • Tier 3: Operates at the system level, dealing with the implementation of security controls and the management of risks associated with particular information systems.

At Tier 1, DoD establishes risk management strategies, governance structures, and evaluates risk based on the entire organization's appetite and tolerance for risk, facilitating informed decision-making for security and risk management processes.

User Ishank
by
7.8k points

Related questions

1 answer
5 votes
214k views
1 answer
2 votes
165k views