Risk Management Framework Process Map

PNNL-28347

Risk Management Framework

Process Map

Prepared for the Federal Energy Management Program

November 2018

ME Mylrea

SNG Gourisetti

M Touhiduzzaman

MD Watson

JE Castleberry

Prepared for the U.S. Department of Energy

under Contract DE-AC05-76RL01830

Acronyms and Abbreviations

AO

Authorizing Official

ISO

Information System Owner

ISSO

Information System Security Officer

NIST

National Institute of Standards & Technology

POA&M

Plan of Action and Milestones

RAR

Risk Assessment Report

RMF

Risk Management Framework

SAR

Security Assessment Report

SCA

Security Control Assessor

SCTM

Security Controls Traceability Matrix

SP

Special Publication

SSP

System Security Plan

iii

Contents

Acronyms and Abbreviations ...................................................................................................................... iii

1.0 Introduction .......................................................................................................................................... 1

2.0 The Risk Management Framework ...................................................................................................... 1

3.0 RMF Roles and Responsibilities .......................................................................................................... 3

4.0 RMF Step 1��Categorize Information System..................................................................................... 4

5.0 RMF Step 2��Select Security Controls ................................................................................................ 4

6.0 RMF Step 3��Implement Security Controls ........................................................................................ 5

7.0 RMF Step 4��Assess Security Controls ............................................................................................... 6

8.0 RMF Step 5��Authorize Information System ...................................................................................... 7

9.0 RMF Step 6��Monitor Security Controls............................................................................................. 8

10.0 References .......................................................................................................................................... 11

Appendix A �C Updates to the Risk Management Framework .................................................................. A.1

iv

Figures

1. RMF for Information and Platform Information Technology Systems .................................................... 1

2. Document Mapping for RMF ................................................................................................................... 2

3. Multi-Tiered Risk Management Strategy ................................................................................................. 2

Tables

1. RMF Step 1 �C Categorize Information System ......................................................................................... 4

2. RMF Step 2��Select Security Controls .................................................................................................... 5

3. RMF Step 3��Implement Security Controls ............................................................................................. 6

4. RMF Step 4��Assess Security Controls ................................................................................................... 6

5. RMF Step 5��Authorize Information System .......................................................................................... 7

6. RMF Step 6��Monitor Security Controls ................................................................................................. 9

v

 ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download