Rmf to-Do List Task 4

2127 Words9 Pages
Part A. RMF To-Do List RMF Tasks Status (done/not done) Discuss how you determined the status of each task. Consider the following: If done, is it complete? Where is it located? If not done, what are the recommendations for completing? Where the results should be saved? External documents needed for task RMF Step 1: Categorize Information Systems 1.1 Security Categorization Using either FIPS 199 or CNSS 1253, categorize the information system. The completed categorization should be included in the security plan. Not done As highlighted in the risk assessment, there is no security plan done (p.18). Add the security categorization information to the security plan. The security categorization that was completed in the risk assessment can be included in the security plan. The full categorization can be found on pp. 14-16. The categorization done in the risk analysis is based on FIPS 199. FIPS 199 for non-national security systems, CNSS 1253 for national security systems 1.2 Information System Description Is a description of the information system included in the security plan? Done Found within the Scope section (pg. 7-8) explain the technology and applications presently used by HBWC. NIST 800-37 Rev. 1 1.3 Information System Registration Identify offices that the information system should be registered with. These can be organizational or management offices. Not done This phase begins once information systems have been identified in the organizations inventory and is assigned a section, person, or location to take direct responsibility over. (this is to be accomplished per organization standard operating procedures.) Information can be found in NIST 800-37 Rev. 1 chapter 3.1 pg 22. NIST 800-37 Rev. 1 RMF Step 2: Select Security Controls 2.1 Common Control Identification Describe common security controls in place in the organization. Are

More about Rmf to-Do List Task 4

Open Document