Risk Management Framework Process Map
PNNL-28347
Risk Management Framework Process Map
Prepared for the Federal Energy Management Program
November 2018
ME Mylrea SNG Gourisetti M Touhiduzzaman
MD Watson JE Castleberry
Prepared for the U.S. Department of Energy under Contract DE-AC05-76RL01830
AO ISO ISSO NIST POA&M RAR RMF SAR SCA SCTM SP SSP
Acronyms and Abbreviations
Authorizing Official Information System Owner Information System Security Officer National Institute of Standards & Technology Plan of Action and Milestones Risk Assessment Report Risk Management Framework Security Assessment Report Security Control Assessor Security Controls Traceability Matrix Special Publication System Security Plan
iii
Contents
Acronyms and Abbreviations ...................................................................................................................... iii 1.0 Introduction .......................................................................................................................................... 1 2.0 The Risk Management Framework ...................................................................................................... 1 3.0 RMF Roles and Responsibilities .......................................................................................................... 3 4.0 RMF Step 1--Categorize Information System..................................................................................... 4 5.0 RMF Step 2--Select Security Controls ................................................................................................ 4 6.0 RMF Step 3--Implement Security Controls ........................................................................................ 5 7.0 RMF Step 4--Assess Security Controls............................................................................................... 6 8.0 RMF Step 5--Authorize Information System...................................................................................... 7 9.0 RMF Step 6--Monitor Security Controls............................................................................................. 8 10.0 References .......................................................................................................................................... 11 Appendix A ? Updates to the Risk Management Framework .................................................................. A.1
iv
Figures
1. RMF for Information and Platform Information Technology Systems .................................................... 1 2. Document Mapping for RMF ................................................................................................................... 2 3. Multi-Tiered Risk Management Strategy ................................................................................................. 2
Tables
1. RMF Step 1 ? Categorize Information System ......................................................................................... 4 2. RMF Step 2--Select Security Controls .................................................................................................... 5 3. RMF Step 3--Implement Security Controls............................................................................................. 6 4. RMF Step 4--Assess Security Controls ................................................................................................... 6 5. RMF Step 5--Authorize Information System .......................................................................................... 7 6. RMF Step 6--Monitor Security Controls ................................................................................................. 9
v
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related download
- and organizations a system life cycle approach for nist
- risk management framework for information
- nist publications usalearning
- continuous certification and accreditation c a
- understanding nist 800 37 fisma requirements
- risk management framework rmf v2
- nist risk management framework overview
- risk management framework for information systems nist
- nist sp 800 37 rev 2 bai rmf resource center
- cyber supply chain risk management in nist publications