SG-12—Security Roles and Responsibilities: Risk Designations

>Control Description

Organization defined security roles and responsibilities are assigned risk designations and reviewed at least once every three years.

Theme

Process

Type

Preventive

Policy/Standard

Information Security Management Standard

>Implementation Guidance

1. Ensure there is a risk management policy, and risk matrix (which consists of risk severity, risk treatment, risk mitigation plan, and compensatory control) which are updated once in every 3 years or on a need-to-know basis.

>Testing Procedure

1. Inspect Organization's Risk Management policy and risk control matrix and ensure they are updated once in every 3 years or on a need-to-know basis.

>Audit Artifacts

E-SG-11

E-SG-12

>Framework Mappings

Cross-framework mappings provided by Adobe CCF Open Source under Creative Commons License.

Ask AI

Configure your API key to use AI features.

>Control Description

Theme

Type

Policy/Standard

>Implementation Guidance

>Testing Procedure

>Audit Artifacts

>Framework Mappings

CIS Controls1

FedRAMP Rev 51

PCI DSS1

TX-RAMP1

Ask AI

CIS Controls
1

FedRAMP Rev 5
1

PCI DSS
1

TX-RAMP
1