Risk Mitigation Plan in API Integration Using NIST SP 800 - 37

Integrating the backend system or external system in recent business system is a must. Complexity in operational system makes company or organization should have a good plan in integration. The best and easy way in integration is using application programming interface (API) that can help us integrating the system without doing lots of modification. But, integrating the API or the system using API can lead into some risky situation, such as data format problem, security, or non-standard API development issue. The risk issue need to encounter by preparing proper mitigation plan. It can be done by implementing framework for risk management or assessment such as explained on NIST SP 800-37 documents. On this research, we implement the risk assessment on integration problem at PT.X, which provide online services and needs to process data from customer, sales, and financial information. The data analysis from risk assessment shows that there are three top risks need to resolve which are accountability, hesitating over API utilization, and lack of Security. Based on this result, we also propose some mitigation plan to reduce the impact, such as establish roles and responsibility for API development and maintenance, socialized and promote API utilization, and increase the security capability.