User talk:Kenneth Roman/sandbox

Week 9 Completed. No Suggestions were made. I plan on elaborating on the RMF steps.

My Edits:

Step 1: Categorize System

• Initiate the Security Assessment Plan (SAP)

• Register System with DoD Component Cybersecurity Program

• Assign qualified personnel to RMF roles

Step 2: Select Security Controls

• Common Control Identification

• Select security Controls

• Develop system-level continuous monitoring strategy

• Review and approve SAP and continuous monitoring strategy

• Apply overlays and tailor

Step 3: Implement Security Controls

• Implement control solutions consistent with DoD Component Cybersecurity architectures

• Document security control implementation in Security Assessment Report (SAR)

Step 4: Assess Security Controls

• Develop and approve SAP

• Assess security controls

• Prepare a SAR for approval

• Conduct initial remediation actions

Step 5: Authorize System

• Prepare the Plan of Action and Milestones (POA&M)

• Submit Security Authorization Package

• AO conducts final risk determination

• AO makes authorization decision

Step 6: Monitor Security Controls (Maintain)

• Determine impact of changes to the system and environment

• Asses selected controls annually

• Conduct needed remediation

• Update SAP, SAR and PO&M

• Report security status to AO

• AO reviews reported status

• Implement system decommissioning strategy — Preceding unsigned comment added by Kenneth Roman (talk • contribs) 00:35, 8 December 2019 (UTC)

Sources:

1. Computer Security Division, et al. “Risk Management Framework (RMF) Overview - FISMA Implementation Project.” CSRC, https://csrc.nist.gov/Projects/Risk-Management/Risk-Management-Framework-(RMF)-Overview.

2. “BAI – Risk Management Framework I What Is RMF?” BAI RMF Resource Center, 12 Dec. 2019, https://rmf.org/what-is-rmf/.

3. “Risk Management Framework (RMF).” AcqNotes, http://acqnotes.com/acqnote/careerfields/risk-management-framework-rmf-dod-information-technology.

4. “Home.” Defense Counterintelligence and Security Agency, https://www.dcsa.mil/mc/ctp/tools/.

5. Petters, Jeff. “Risk Management Framework (RMF): An Overview.” Inside Out Security, 6 Apr. 2018, https://www.varonis.com/blog/risk-management-framework/. — Preceding unsigned comment added by Kenneth Roman (talk • contribs) 01:52, 16 December 2019 (UTC)