Governance & Program Info

Cyber Threat Detection & Response — Governance

Cross-builder institution context and per-item ownership, due dates, status, and next actions for the governance-relevant checklist items in this builder.

← Back to checklist
Institution context
Program info
Applies across every builder in the app. Stored locally; nothing leaves the browser.
Checklist governance
Items (0 of 13 marked complete)
Annotate ownership, due date, status, and next action. Items on the left come from the builder's governance / compliance phases.
05 · Governance & Compliance
Complete RMF package (DoDI 8510.01) for the detection system
required
System categorization (FIPS 199 / CNSSI 1253), SSP, SAR, POA&M, and ATO artifacts covering the model, data, and SOAR.
05 · Governance & Compliance
Map controls to NIST SP 800-53 Rev 5
required
Explicit mapping of detection model outputs, audit logs, and automated responses to specific 800-53 Rev 5 control families (AU, SI, CA, SR).
05 · Governance & Compliance
Map CUI handling to NIST SP 800-171 Rev 3 / CMMC 2.0
required
For DIB and CUI-handling systems — 800-171 Rev 3 is the control catalog underneath CMMC Level 2.
05 · Governance & Compliance
Confirm FIPS 140-3 cryptographic module compliance
required
Any cryptography used by the detection stack (TLS, data-at-rest, model artifact signing) must use FIPS 140-3 validated modules for federal deployment.
05 · Governance & Compliance
Meet DFARS 252.204-7012 safeguarding requirements
required
Required for any DoD contractor system processing CUI — includes rapid incident reporting (72 hours to DoD) and media preservation.
05 · Governance & Compliance
Map model outputs to DoD ZT Reference Architecture pillars
required
Explicit mapping from each detection output to one or more of the seven ZT pillars — primarily Visibility & Analytics and Automation & Orchestration.
05 · Governance & Compliance
Feed continuous behavioral score into ZT policy decision point
recommended
The model's confidence score should be consumable as a continuous risk signal by the ZT PDP — not just a binary alert.
05 · Governance & Compliance
Document model purpose, lineage, and known failure modes
required
Analogous to SR 11-7 in commercial finance — what the model does, what it does not, data lineage, and documented adversarial weaknesses.
05 · Governance & Compliance
Independent model validation
required
Second-line or external team validates detection logic, data, assumptions, and performance claims before ATO.
05 · Governance & Compliance
Enforce model artifact signing and supply chain integrity
requiredtrinidy
Every deployed model artifact is cryptographically signed; rollback to last verified checkpoint is automated on signature failure.
05 · Governance & Compliance
ITAR and export-control review for model artifacts
required
Models trained on ITAR-controlled data or deployed to coalition networks must pass export control review before sharing.
05 · Governance & Compliance
Adversarial robustness testing
recommended
Deliberately probe the detection model with evasion attacks (adversarial examples, poisoning, model-extraction) before and during deployment.
05 · Governance & Compliance
Continuous audit trail for every detection and response action
requiredtrinidy
Immutable log of every model output, analyst action, and SOAR execution — evidence for CMMC, RMF, and incident-response.