Chapter 8

Risk Management Framework Steps 3 & 4

Information in this chapter:

• Working with Security Control Baselines

• Key Roles and Responsibilities

• Tasks in RMF Step 3: Implement Security Controls

• Tasks in RMF Step 4: Assess Security Controls

Security control selection culminates in the specification of a tailored set of security controls—documented in the system security plan and approved by the system’s authorizing official—that the system owner and the organization agree will satisfy the minimum security requirements for the system. Having reached agreement on what security controls the system needs, the focus of the Risk Management Framework process shifts to implementing the selected security controls and ensuring that the controls ...

Get FISMA and the Risk Management Framework now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.