Definitions[]
Environment(s) of operation
| “ | [is] [t]he physical surroundings in which an information system processes, stores, and transmits information.[1] | ” |
| “ | include but are not limited to threats; vulnerabilities; mission and business processes; enterprise and cybersecurity architectures; ITs; personnel; facilities; supply chain relationships; organizational governance and culture; procurement and acquisition processes; organizational policies and procedures; and organizational assumptions, constraints, risk tolerance, and priorities and trade-offs.[2] | ” |
References[]
- ↑ NIST Special Publication 800-39, at B-4.
- ↑ Electricity Subsector Cybersecurity Risk Management Process, at 10 n.15.