Chapter 1: Introduction to Assessments
Chapter 2: Risk, Security, and Assurance
Chapter 3: Statutory and Regulatory GRC
Executive Orders/Presidential Directives
OMB requirements for each agency
Chapter 4: Federal RMF Requirements
Chapter 5: Risk Management Framework
Chapter 6: Roles and Responsibilities
Evaluation methods and their attributes
Chapter 9: Assessment Techniques for Each Kind of Control
Security assessment plan developmental process
Chapter 10: System and Network Assessments
Network testing purpose and scope
Testing roles and responsibilities
Four phases of penetration testing
General schedule for testing categories
Chapter 11: Security Component Fundamentals for Assessment
Management areas of consideration
Information security resources
Measures of performance (SP 800-55)
Federal enterprise architecture
System and services acquisition (SA)
Information security and external parties
CA – security assessment and authorization
PL – planning family and family plans
Critical success factors to information security management
Operational areas of consideration
Operational security controls key concepts
Technical areas of consideration
Identification and authentication
Systems and communications protection
Chapter 12: Evidence of Assessment
Key elements for assessment reporting
Privacy impact assessment report
Appendix B: FedRAMP Assessment Process and Templates