Description
a. Develop security and privacy architectures for the system that: 1. Describe the requirements and approach to be taken for protecting the confidentiality, integrity, and availability of organizational information; 2. Describe the requirements and approach to be taken for processing personally identifiable information to minimize privacy risk to individuals; 3. Describe how the architectures are integrated into and support the enterprise architecture; and 4. Describe any assumptions about, and dependencies on, external systems and the services that those systems provide; and b. Review and update the architectures [Assignment: organization-defined frequency] to reflect changes in the enterprise architecture.
Supplemental Guidance
The security and privacy architectures at the system level are consistent with the organization-wide security and privacy architectures described in PM-07, which are integral to and developed as part of the enterprise architecture. The architectures include an architectural description, the allocation of security and privacy functionality (including controls), security- and privacy-related information for external interfaces, information being exchanged across the interfaces, and the protection mechanisms associated with each interface.
Changes from Rev 4
No significant changes from Rev 4.