Introduction to NIST’s Risk Management Framework (RMF)
-
Upload
donald-hester -
Category
Technology
-
view
156 -
download
4
Transcript of Introduction to NIST’s Risk Management Framework (RMF)
Categorize
Select
Implement
Assess
Authorize
Monitor
“Certification and accreditation is the methodology
used to ensure that security controls are established for
an information system, that these controls are
functioning appropriately, and that management has
authorized the operation of the system in is current
security posture.”
- Official (ISC)2 Guide to the CAP CBK (1st ed.)
Measures that protect and defend information and
information systems by ensuring their availability,
integrity, authentication, confidentiality, and non
repudiation. These measures include providing for
restoration of information systems by incorporating
protection, detection, and reaction capabilities.
- CNSS Instruction No. 4009
“The official management decision given by a senior
organizational official to authorize operation of an
information system and to explicitly accept the risk to
organizational operations (including mission, functions,
image, or reputation), organizational assets, individuals,
other organizations, and the Nation based on the
implementation of an agreed-upon set of security
controls.”- NIST SP 800-37 rev 1
Why are Agencies riddled with security holes?
http://gcn.com/articles/2011/07/06/cyber-attacks-take-2-energy-labs-offline.aspx
//// Trainers Underground ////
The session will begin shortly.
Open/close Chat
Mute / unmute
Share Video
See attendees
Share/view
presentation
You may need an microphone plugged in
to join the Lync call