Hello all,
Let's say i'm in executing and a SO report comes into the org that says we must implement NIST Cybersecurity requirements.
Question is what should the PM do next? (yes this was a recent sample test question)
1. Tell the team to implement the requirements b/c it's a legal requirement?
2. Submit a change request through the PICC process?
Reason I ask is this, I was told recently that since it's a legal requirement, you don't have a choice but to comply. While I agree with that statement, shouldn't the CCB have say in the matter, since they might choose to deny the CR and terminate the project?
Seems like in the PMI world, you don't do much unless it is either to the plan or approved to change the plan
Am I off base here?
Thanks, Rick