Environment(s) of operation
|“||[is] [t]he physical surroundings in which an information system processes, stores, and transmits information.||”|
|“||include but are not limited to threats; vulnerabilities; mission and business processes; enterprise and cybersecurity architectures; ITs; personnel; facilities; supply chain relationships; organizational governance and culture; procurement and acquisition processes; organizational policies and procedures; and organizational assumptions, constraints, risk tolerance, and priorities and trade-offs.||”|
- NIST Special Publication 800-39, at B-4.
- Electricity Subsector Cybersecurity Risk Management Process, at 10 n.15.