scope:

The guidance provided in this Telecommunications Systems Bulletin (TSB) is intended to address only the management of cyber security related risk derived from or associated with the operation and use of information technology and systems and/or the environments in which they operate. The guidance is not intended to replace or subsume other risk-related activities, programs, processes, or approaches that organizations have implemented or intend to implement addressing areas of risk management covered by other legislation, regulation, policies, programmatic initiatives, or mission and business requirements. Additionally, this guidance is not part of any regulatory framework. Rather, the cyber security risk mitigation guidance described herein is complementary to and should be used as part of a more comprehensive enterprise risk management program.