In the picture discusses the cloud-adapted risk management framework (CRMF). They do not list specific roles or departments within an organization who should perform each of the 6 steps. Provide your opinion of who you feel would be the best people/units within an organization to perform each of the 6 steps.

Thank you to all who review it!

CRMF CRMF Steps on 1- Use an impact analysis to categorize the information system that has been migrated to the cloud, and the information that is processed. stored, and transmitted by that system. (This step is very similar to Step 1 of the traditional RMF.) Risk Assessment Step 2 - Identify the security requirements of the system by performing a risk assessment (the Confidentiality, Integrity, and Availability (CIA) analysis is recommended). Select the baseline and tailored supplemental security controls. Step 3 - Select the cloud ecosystem architecture that best suits the assess- ment results for the system. Risk Treatment Step 4 - Assess your service provider options. Identify the security controls needed for the system the cloud provider has implemented. Negotiate the implementation of any additional security controls that are identi- fied. Identify any remaining security controls that fall under the cloud consumer's responsibility for their implementation. Step 5 - Select and authorize a cloud provider to host the cloud consumer's information system. Draft up a service agreement and SLA that list the negotiated contractual terms and conditions. Risk Control Step 6 Monitor the cloud provider to ensure that all service agreement and SLA terms are being met. Ensure that the cloud-based system main- tains the necessary security posture. Monitor the security controls that fall under the cloud consumer's responsibility