Information from ARCHITECTURE domain activities (such as unmitigated architectural conformance gaps) is used to update cyber risks and identify new risks
Context and Guidance: Periodic or continual evaluation should be leveraged to determine conformance gaps between the organisation's systems and networks and the cybersecurity architecture. Gaps in conformance should be logged as risks and remediation plans formed to close the gaps. The remediation plans should include information such as necessary resources to complete remediation and dates by which remediation will be completed.
Related Practices • Input From: Implementing ARCHITECTURE-1i provides input that may be useful for implementing this practice. • Progression: This practice is part of multiple practice progressions. Practice progressions are groups of related practices that represent increasingly complete or more advanced implementations of an activity. The practices in the first progression include: RISK-2a, RISK-2b, RISK-2c, RISK-2g, RISK-2h, RISK-2i, RISK-2j, RISK-2k, RISK-2l, RISK-2m. • The practices in the second progression include: RISK-2d, RISK-2e, RISK-2f, RISK-2i, RISK-2j, RISK-2k, RISK-2l, RISK-3f.