Process Step 2 — Define the Segment Scope and Strategic Intent

Step Description and Purpose

This process step provides guidance for architects to define the segment scope and strategic intent, which includes the performance architecture through which achievement of strategic improvement opportunities will be measured. Since segments may be extremely broad from a function, process, product, service, and organizational impact standpoint, it is imperative that a clear understanding of the focus for the segment is defined up front. In order to define the segment's scope and strategic intent, the architect can use this process step to develop a comprehensive understanding of the relevant segment goals and desired outcomes, major strategic improvement opportunities, performance gaps, business mandates and drivers, and key common / mission services delivered to meet principal stakeholders' needs.

This process step synthesizes these factors toward establishing the context and scope that drive the remaining steps of this methodology. The gathering and analysis of stakeholder needs and business drivers contributes to identifying strategic improvement opportunities. There may be numerous business needs and strategic improvement opportunities identified in this process step and it is important that these opportunities be prioritized to a manageable number so that "analysis paralysis" does not occur in subsequent steps.

Analysis of the current business state from a strategic improvement perspective, through techniques such as Strengths, Weaknesses, Opportunities and Threats (SWOT) analysis, provides the foundation for defining the strategic intent of the segment. The strategic intent describes the target state vision and establishes the segment performance goals.

The segment performance architecture includes the goals, key performance indicators, measures, and metrics.  The performance architecture may be based on the Performance Accountability Report (PAR) and Program Assessment Rating Tool (PART) report(s) for programs within the scope of the segment. An example of segment performance metrics are the consolidation, standardization and optimization metrics that are derived from the IT Infrastructure Line of Business. The segment performance architecture is used to measure overall success achieved from implementing the segment transition plan in an effort to reach the target state. By examining the cause and effect of implementing forthcoming segment recommendations (e.g., enhancing new services, retiring redundant solutions), one can maintain a clear line of sight as described in the Federal Enterprise Architecture (FEA) Performance Reference Model (PRM).

In the subsequent steps in this methodology, the architect will deliver recommendations that are aligned directly with the segment scope and strategic intent defined in this process step. In addition, the subsequent steps of the methodology will feed back to this process step and provide further refinement of and updates to the segment's scope and strategic intent.

Note:  While performing this process step, the project plan must be updated to account for the size and complexity of the segment, as defined in this process step.

Key Decisions:

• Based on the high-level problem statement, what are the strategic improvement opportunities and gaps?
• What are the major common / mission services associated with the strategic improvement opportunities?
• Who are the segment stakeholders and how do they relate to the strategic improvement opportunities?
• What is the scope of the segment architecture being developed?
• What are the current segment investments, systems, and resources?
  Note:  If this question can be answered with existing information, it may be answered during this process step. However, if there is no definitive answer to this question after this process step, it may be answered in the subsequent steps.
• What are the deficiencies or the inhibitors to success within the segment?
• What is the target state vision for the segment?
• What is the performance architecture for achieving the target state vision?
• What are the important security and privacy considerations for the segment?

Note that suggested analytical techniques are included for activities within the methodology to better define what is core for a complete segment architecture in the form of descriptive (not prescriptive) guidance on how to accomplish the analysis. The suggested analytical techniques provide guidance as to what outputs are core for defining a complete segment architecture.

Step Outcome

The outcome of this step is a segment scope and set of prioritized strategic improvement opportunities based on the needs of the segment's stakeholders. The strategic intent, which consists of the target state vision, performance goals, and common / mission services target maturity levels, is also established. The subsequent process steps in this methodology will form recommendations that align to the segment strategic intent to provide a complete segment performance line-of-sight and support the achievement of the segment target state vision.

Suggested Analytical Techniques

Suggested analytical techniques are provided corresponding to each activity in this process step. Certain FSAM outputs are classified as 'core' to identify the architectural information necessary to specify a complete segment architecture. For each FSAM output, the table includes examples of analytical techniques associated with the output(s). These analytical techniques provide descriptive (not prescriptive) guidance on how to perform the analysis and capture the architectural information for each output. Agencies may employ other templates or artifacts that provide the equivalent level of information and analysis.

Step 2 At-a-Glance

	Process Step 2 Activities
	Establish segment scope and context	Identify and prioritize strategic improvement opportunities	Define segment strategic intent	Validate and communicate the scope and strategic intent
Who Participates in This Activity?	Core team Business owner Executive sponsor Segment architect	Core team Business owner Stakeholders Executive sponsor Segment architect	Core team Business owner Executive sponsor Segment architect	Executive sponsor Core team Segment architect
What Are the Inputs to This Activity?	Segment architecture development purpose statement Core team roster Core team formation memorandum  Core team charter Project plan Communications strategy List of affected organizations and their business owner(s) EA knowledge base Agency strategic plans Agency policies Executive orders Legislation President's budget Preliminary list of affected PART Measures Preliminary list of affected PAR Measures	Stakeholders and their relationships Business drivers and mandates Segment scope Segment context Segment architecture development purpose statement  Project plan Communications strategy List of affected organizations and their business owner(s) Agency strategic plans Agency policies Executive orders Legislation President's budget PART PAR	Stakeholder needs Risks and impacts Performance gaps Strategic improvement opportunities	Segment scope Segment context Strategic intent
What are the Outputs from This Activity?	Stakeholders and their relationships Business drivers and mandates Segment scope Segment context	Stakeholder needs Strategic improvement opportunities Risks and impacts Performance gaps	Segment performance goals and objectives Common / mission services target maturity framework Segment architecture vision summary Performance scorecard	Segment scope and Strategic intent presentation
Which Stakeholders / Customers Will Use the Outputs from This Activity?	Senior agency leadership Segment architects Business owner(s) Strategic planning team	Strategic planning team Budget and capital planning officials	Senior agency leadership Business owner(s) Strategic planning team Chief Information Officer(s) Budget and capital planning official(s) Program manager(s) IT infrastructure manager(s) Information Assurance team member(s) Project manager(s) Software architect(s) and developer(s)	Senior agency leadership Business owner(s) Strategic planning team Chief Information Officer(s) Budget and capital planning official(s) Program manager(s) IT infrastructure manager(s) Information Assurance team member(s) Project manager(s) Software architect(s) and developer(s)
What are the Associated FEA Profiles?	Security	Geospatial Security Records	Records Security	None
Touch Points to NIST 800-39		Leveraged to assist with identifying security requirements for the segment
Touch Points to NIST 800-60		Leveraged to assist with identifying security requirements for the segment
Considerations for Enterprise Services		Reuse of enterprise services
Considerations for Business Services		Cross-cutting opportunities related to business services
What is the Relative Complexity of This Activity?

 
Activity Details

Activity 2.1:  Establish segment scope and context

Activity Description:

This activity consists of identifying at a high-level the segment stakeholders, business domains, common / mission services, information exchanges, systems, security, and technical focus areas in the context of the "segment architecture development purpose statement" from process step 1. Some of these items may not be known at this point. However, the more information that is available to describe the proposed segment scope and formulate a clear understanding with the core team, the better.

Activity 2.1:  Establish segment scope and context

Activity Inputs:

• Segment architecture development purpose statement
• Core team roster
• Core team formation memorandum
• Core team charter
• Project plan
• Communications strategy
• List of affected organizations and their business owner(s)
• EA knowledge base
• Agency strategic plans
• Agency policies
• Executive orders
• Legislation
• President's budget
• Preliminary list of affected PART measures
• Preliminary list of affected PAR measures\

Tasks:

2.1.1      Review segment architecture development purpose statement

The core team reviews the problem statement developed in process step 1 with the business owner(s) and executive sponsor to establish a firm understanding of the segment business drivers and mandates associated with the problem statement. The business drivers and mandates are the foundation from which the segment's performance architecture will be built, demonstrating the linkage to the strategic, business, and investment improvement opportunities identified in subsequent activities and process steps. Business drivers and mandates may include agency strategic plans, policies, executive orders, legislation, budget priorities, and available PART and PAR program assessments.

2.1.2      Identify organization components

With a firm understanding of the problem statement and the organizations affected by the problem statement, the core team identifies the high-level relationships between the affected organization(s) and the organization components, as well as the relationships between those components, through any number of means, including the review of any existing enterprise architecture (EA) knowledge bases, PAR, and PART reports.

Organization components may include, when applicable and available, organization units, business functions and processes, common / mission services, applications and information exchanges. Any known relationships between each of the organization components are also identified within this task.

2.1.3      Identify stakeholders

This task requires a review of the organization components and the segment architecture development purpose statement in order to identify the segment stakeholders (e.g., consumers, participants, functional representatives). Each stakeholder may have a different perspective on how to overcome the business challenges articulated through the segment architecture development purpose statement.  This task includes identifying the appropriate stakeholders and the relationships between them and the servicing organization(s).

2.1.4      Establish segment summary description

After identifying the business drivers and mandates (e.g., GAO reports) for the segment, the organization components, and the stakeholders, the core team now establishes a segment summary description. The summary description is the synthesis of these items into a cohesive document that supports the segment architecture development purpose statement.   The summary description also includes an overview of security and privacy requirements and drivers for the segment. This is a critical task, as it also summarizes the components and stakeholders that are engaged in subsequent activities to elaborate on the business' needs to meet the intended purpose of the segment.

This task also includes augmenting the summary description with an illustration that depicts the current state of the operating environment.  The summary description and the illustration provide the scope and context through which the subsequent process steps are bound.   Defining segment scope helps build consensus within the core team on the range of strategic improvement opportunities and helps focus core team working sessions. Documenting the current-state operating environment could be depicted visually through a simple current operating environment diagram (e.g., Current state Concept of Operations or DoDAF OV-1), which will help to provide a visual context around the problem statement.

2.1.5      Validate / approve segment scope and context

The core team formalizes the segment scope and context. Taking all available information into consideration, the executive sponsor and business owners validate and approve the parameters that define the segment boundaries.

2.1.6      Optional Task — Refine / update scope and context

It is understood that a more detailed analysis of the business and information in Process Step 3 and the technology and services in Process Step 4 may warrant adjustments to the segment scope and context.  This task consolidates that information for consideration by the executive sponsor and business owners. The goal of this activity is to remain flexible on the scope while avoiding any arbitrary injection of scope creep in the segment architecture development process.

Communications Considerations:

The segment architect may need to facilitate meetings or provide other communication support to structure the decision-making process that occurs between the core team, executive sponsor, and business owner(s). The executive sponsor can be consulted to develop or adjust the communication strategy by which consensus can best be achieved.

Activity Outputs:

• Stakeholders and their relationships
• Business drivers and mandates
• Segment scope
• Segment context

Suggested Analytical Techniques

Output	Core	FEA Layers					Suggested Analytical Technique	Examples/Templates	Contributing Agency/Team
		P	B	D	S	T
Stakeholders and their relationships	Yes		X				Stakeholder map	Stakeholder map	Department of Health and Human Services (HHS)
Business drivers and mandates	Yes	X					Driver and policy map	Driver and policy map	Department of Health and Human Services (HHS)
Segment scope	Yes	X					Segment summary	Segment summary	Department of Health and Human Services (HHS)
Segment context	No		X	X			Current operating environment diagram	Current operating environment diagram	Environmental Protection Agency (EPA)
		Key to FEA Layers P = Performance B = Business D = Data S = Service T = Technology

Activity 2.2:  Identify and prioritize strategic improvement opportunities

Activity Description:

This activity consists of identifying the segment stakeholder needs, segment risks and impacts, and performance gaps. The core team uses this information to formulate the segment business needs and identify a set of high-level strategic improvement opportunities. The segment's strategic improvement opportunities are then prioritized and selected to form the foundation through which the segment strategic intent is developed.

Activity 2.2:  Identify and prioritize strategic improvement opportunities

Activity Inputs:

• Stakeholders and their relationships
• Business drivers and mandates
• Segment scope
• Segment context
• Segment architecture development purpose statement
• Project plan
• Communications strategy
• List of affected organizations and their business owners
• Agency strategic plans
• Agency policies
• Executive orders
• Legislation
• President's budget
• PART
• PAR

Tasks:

2.2.1      Review segment scope and context

This task includes analyzing the business drivers and mandates, the segment scope, and the segment context to begin discerning the business needs of the impacted organization(s). This includes the consideration of factors that led to the overall prioritization and selection of the segment architecture development effort such as agency strategic plans, policies, executive orders, legislation, budget priorities, and available PART and PAR program assessments.

Three tasks (2.2.2, 2.2.3 and 2.2.4) are aimed at understanding the current performance state of the segment scope from three vantage points:  the stakeholders' viewpoint; unaddressed risks and impacts; and existing performance gaps (i.e., PAR, PART, and other existing performance measures).

2.2.2      Determine stakeholders' needs

By establishing the segment scope, the core team has identified its stakeholders and their relationships and is now able to engage them in a coordinated, effective, and efficient manner. The core team engages the stakeholders to identify their key business needs, requirements and objectives / outcomes. The needs of each stakeholder (owner, participant, producer, and consumer) are elicited to provide a basis for formulating the consolidated business needs of the segment.

There are varying methods by which stakeholders can be engaged. For instance, stakeholders might be engaged in working sessions which may include developing read-ahead materials and then facilitating working sessions to identify needs. Another possibility for engaging stakeholders is to issue a data call to collect stakeholders' key business needs, requirements and objectives / outcomes.

2.2.3      Identify segment risks and impacts

NIST 800-39, Sec. 3.2: The first step in building an effective organization-wide information security program is to conduct a thorough analysis of the organization's mission and business processes informed by the organization's enterprise architecture, identifying the types of information that will be processed, stored, and transmitted by the information systems supporting those processes.


NIST 800-60, Sec. 2.0: Security categorization provides a vital step in integrating security into the government agency's business and information technology management functions and establishes the foundation for security standardization amongst their information systems. Security categorization starts with the identification of what information supports which government lines of business, as defined by the Federal Enterprise Architecture (FEA). Subsequent steps focus on the evaluation of the need for security in terms of confidentiality, integrity, and availability. The result is strong linkage between missions, information, and information systems with cost effective information security.

The core team identifies potential high-level risks and impacts associated with the segment scope and context. For example, security and privacy items that are not adequately addressed in the current environment may be identified here as risks. Segment architects can leverage the latest version of the Security and Privacy Profile and NIST 800-39, Managing Risk from Information Systems, to facilitate discussions to ensure adequate security controls are identified up front for addressing confidentiality, integrity and availability of key business functions. The core team may engage relevant resources by documenting factors that influence or are influenced by the identified risks and impacts. For example, the EA knowledge base(s) could be accessed to identify potentially impacted components. This task includes guidance for architects to provide valuable contextual information for each of the identified risks in order to develop viable mitigation strategies and plans. Working collaboratively with the relevant resources (e.g., EA, security), the core team identifies high-level strategies for mitigating potential risks and impacts. Additionally, a determination at a high-level can be made as to the security categorization / security needs of the segment scope and context. Segment architects can leverage NIST 800-60 to help identify the security needs for the segment.

2.2.4      Identify performance gaps

This task includes a review of any pre-existing performance architectures, OIG/GAO reports, customer surveys, or deficiencies in achieving PAR and PART metrics that are within the segment scope identified in activity 2.1. Customer, business, process / activity, and technology performance information is collected for the "current state" in order to identify, quantify, and prioritize segment performance gaps between current and target performance metrics.

Identification of performance gaps should also include consideration and identification of opportunities within the existing segment IT strategic portfolio (e.g., overall size and complexity of the existing portfolio). This will help ensure that strategic IT portfolio opportunities are factored into the overall direction and focus of the segment architecture. For segments that include business services, this identification should also include the identification of strategic opportunities related to the optimization of the IT portfolio as it supports cross-cutting business services.

2.2.5      Formulate and prioritize business needs

This task involves the consolidation of the segment scope and context, specifically the business drivers and mandates, stakeholder needs, risks and impacts, and pre-existing performance architecture(s) and metrics. The collection of these various business needs forms the foundation through which strategic improvement opportunities are identified.

After it consolidates the business needs, the core team conducts a review and prioritization of the business needs to determine the significance of the needs in relation to the segment architecture development purpose statement. The output of this task is a set of business needs that have been prioritized and categorized based on their respective sources.

2.2.6      Formulate and prioritize strategic improvement opportunities

Having prioritized and categorized the segment business needs, the core team reviews the business needs and identifies strategic improvement opportunities, which can address any number of business needs the core team deems significant.

Strategic improvement opportunities are reviewed to identify internal and external factors which may contribute to or detract from the achievement of the improvement(s) identified. In doing so, the prioritization and selection of the strategic improvement opportunities is aligned with the prioritized business needs of the organization as a whole.

Strategic improvement opportunities can also include the identification of specific technology improvements that can help close mission performance gaps. An example of this would be the identification of enterprise services (e.g., authentication) to close gaps related to mission risk.

Where possible, the prioritization of strategic opportunities should reflect opportunities for cost savings, cost avoidance, or other agency performance improvements that can be derived from greater precision and timeliness of specific investments. For example, the cost performance metrics and benchmark data from the IT Infrastructure Line of Business (ITILoB) can be used to identify potential cost savings / cost avoidance opportunities associated with cost efficiencies or operational improvements in providing IT infrastructure services.

A number of analytical techniques can be leveraged to prioritize the strategic improvement opportunities. One such technique is the SWOT analysis. Additional information regarding SWOT analysis is provided in the suggested analytical technique table below, along with other techniques that can be applied during this activity.

2.2.7      Validate strategic improvement opportunities

The executive sponsor reviews and validates the prioritized strategic improvement opportunities and formally approves or rejects them.

Considerations for Enterprise Services:

Strategic opportunity analysis should include the consideration of reuse of enterprise services (e.g., trusted internet connection reuse, authentication, etc.). This analysis will ensure that technology reuse opportunities are factored into the overall strategic direction and focus of the segment architecture.

Considerations for Business Services:

Business services provide a strategic opportunity to leverage existing investments across multiple segments. Identification of performance gaps should also include consideration and identification of opportunities related to the optimization of the IT portfolio as it supports cross-cutting segment business services.

Communications Considerations:

The segment architect may need to facilitate meetings or to provide other communication support to structure the information-gathering with the stakeholders. The executive sponsor can also be consulted to develop or adjust the communication strategy by which the stakeholders can best be engaged.

Activity Outputs:

• Stakeholder needs
• Risks and impacts
• Performance gaps
• Strategic improvement opportunities

Suggested Analytical Techniques

Output	Core	FEA Layers					Suggested Analytical Technique	Examples/Templates	Contributing Agency/Team
		P	B	D	S	T
Stakeholder needs	No	X	X	X	X	X	Stakeholder needs	Stakeholder needs	Federal Segment Architecture Working Group (FSAWG)
Risks and impacts	No	X	X	X	X	X	Risk capture template	Risk capture template	Department of Transportation (DOT)
Performance gaps	Yes	X					Performance gap analysis	Performance gap analysis	Department of Housing and Urban Development (HUD)
Strategic improvement opportunities	Yes	X					SWOT analysis	SWOT analysis	Department of Defense (DoD)
		X					Strategic improvement opportunities analysis	Strategic improvement opportunities analysis	Department of Housing and Urban Development (HUD)
		Key to FEA Layers P = Performance = Service T = Technology

Activity 2.3:  Define segment strategic intent

Activity Description:

This activity, which results in the segment strategic intent, consists of reviewing the prioritized strategic improvement opportunities and developing the language to describe the target state vision, goals, outcomes, performance indicators, and the target product(s) and/or service(s) target maturity levels.
Note:  If this is a common service segment, business scenarios may be defined at this point to describe the strategic improvement opportunities and clarify the vision of the segment.

In addition, the segment scope is collated with the outputs developed within this activity to produce a comprehensive document which summarizes the overall segment scope and strategic intent. This document is the final output of process step 2 and is validated and approved (or rejected) by the business owner(s) and/or the executive sponsor.

Activity 2.3:  Define segment strategic intent
 

Activity Inputs:

• Stakeholder needs
• Risks and impacts
• Performance gaps
• Strategic improvement opportunities

Activity Tasks:

2.3.1      Describe segment target state vision

With a firm understanding of the prioritized strategic improvement opportunities, the core team develops a simple one-page graphic illustrating the target state vision for the segment (e.g., Target Concept of Operations or DoDAF OV-1). The illustration should be a high-level description of the proposed operating environment—including planned changes to stakeholder interactions, business processes, information sharing, applications, and technology—to address the strategic improvement opportunities. This graphic is meant only to illustrate the target state and will be enhanced by additional analysis in subsequent process steps.  Additional variations of the graphic should be developed throughout the segment architecture development process.  The graphic should be complemented by a summary vision statement describing the target operating environment and its linkage to the respective business drivers and mandates.

2.3.2      Establish segment's strategic performance

Strategic performance is designed to measure how a segment supports the strategic goals of the agency. The purpose of the segment performance is to create a reporting framework to measure the activities and investments within a segment. Performance metrics may cover a wide range of systems, technologies, processes, activities and outcomes within a segment. A successful segment architecture will feature a line of sight from IT investment performance up to strategic success.  Segment line of sight is developed by gathering metrics from many layers that are aligned to a common purpose. This line of sight will show strategic performance that is supported by segment performance that is supported by program performance that is supported by investment performance.  

This task includes establishing the performance scorecard, which is focused on providing a complete picture of segment performance from the highest level of strategic performance down to business and investment performance to measure the success in achieving the segment goals and vision.

Note:  When developing the performance scorecard, not all performance indicators, measures, and metrics may be known at this point. Subsequent process steps may identify additional indicators, measures, and metrics through which the segment will be measured.

Performance indicators should be structured according to the FEA PRM to ensure the segment has a balanced set of outcomes. These performance linkages will enhance understanding of the success the implementation of the segment architecture has had on the organization(s).

2.3.3      Identify target maturity levels for common / mission services

The in-scope common or mission services have been identified within the context of the vision for the segment. In this case, services refer to the high-level end services delivered to the stakeholders and customers.  These services often encompass multiple FEA service domains, types, and components. This task establishes the target maturity levels that will contribute to achieving the segment vision while aligning to the segment strategic performance. With the establishment of these maturity levels, the strategic performance architecture has been completed and forms the foundation to which the business and technical performance must align.

This is a key task in that the maturity levels that are defined here will be the targets through which business and investment improvement opportunities identified in subsequent process steps will ultimately align.

2.3.4      Document the strategic intent

Consolidating the segment vision, key performance indicators, measures, metrics, and common / mission target maturity levels into the segment strategic intent provides a clear line of sight to the inputs, outputs, outcomes, and understanding of the performance goals of the segment. The subsequent process steps are leveraged to identify how the business and/or investments will contribute to achieve the performance goals of the segment.

Communications Considerations:

Identification of the target maturity levels for common / mission services may require that key stakeholders or subject-matter experts be consulted to identify existing maturity levels.

Activity Outputs:

• Segment performance goals and objectives
• Common / mission services target maturity levels
• Segment architecture vision summary
• Performance scorecard

Suggested Analytical Techniques

Output	Core	FEA Layers					Suggested Analytical Technique	Examples/Templates	Contributing Agency/Team
		P	B	D	S	T
Segment performance goals and objectives	Yes	X					Strategic alignment of opportunities	Strategic alignment of opportunities	Department of Housing and Urban Development (HUD)
Common / mission services target maturity levels	No	X	X		X		Common / mission services maturity framework	Common / mission services maturity framework	Department of the Interior (DOI)
Segment architecture vision summary	No	X	X	X	X	X	Segment summary	Segment summary  (MS Word Format)	Department of Health and Human Services (HHS)
Performance scorecard	Yes	X					Performance scorecard	Performance scorecard	Federal Segment Architecture Working Group (FSAWG)
		Key to FEA Layers P = Performance B = Business D = Data S = Service T = Technology

Activity 2.4:  Validate and communicate the scope and strategic intent

Activity Description:

This activity includes packaging and gaining approval of the segment scope and strategic intent from the executive sponsor and business owner(s).

Activity 2.4:  Validate and communicate the scope and strategic intent

Activity Inputs:

• Segment scope
• Segment context
• Segment strategic intent

Activity Tasks:

2.4.1      Package the scope and strategic intent

The architect should develop a package that summarizes the segment scope and strategic intent.

2.4.2      Present the scope and strategic intent for approval

A presentation that includes the segment scope and strategic intent should be prepared by the architect. The architect should conduct a detailed workshop review of these architecture products for the core team. The core team then decides whether to proceed to process step 3 or to refine the segment scope and strategic intent. The review should also include the agency Chief Architect to ensure that the proposed scope and strategic intent is aligned with the overall enterprise architecture.

It is recommended that there be a formal sign-off of the scope by the executive sponsor and business owner. In order to solicit further management support for the segment scope and strategic intent based on the underlying strategic performance improvement opportunities, optional sign-off of the scope and strategic intent should also include other key segment leadership roles such as the performance improvement officer (PIO), chief information officer (CIO), and the change management officer (CMO),

Communications Considerations:

After the segment scope and strategic intent are approved, the appropriate business and/or technical architects and stakeholders within the organization must be engaged. This may require developing different messages for the various stakeholders to articulate the scope and strategic intent in terms with which the stakeholders are familiar.

Activity Outputs:

• Segment scope and strategic intent presentation

Suggested Analytical Techniques:

None

Step References

NIST Special Publication 800-60, Vol. I, Rev. 1, Guide for Mapping Types of Information and Information Systems to Security Categories , August 2008

NIST Special Publication 800-39, [DRAFT] Managing Risk from Information Systems: An Organizational Perspective , April 2008