Log In
Or create an account ->
Imperial Library
Home
About
News
Upload
Forum
Help
Login/SignUp
Index
Cover image
Title page
Table of Contents
Copyright page
Dedication
Acknowledgments
About the Author
Technical Editor
Companion Website
Chapter 1: Introduction
Book Overview and Key Learning Points
Book Audience
The Risk Management Framework (RMF)
Why This Book Is Different
A Note about National Security Systems
Book Organization
Part 1
Introduction
Chapter 2: Laws, Regulations, and Guidance
Abstract
Chapter Overview and Key Learning Points
The Case for Legal and Regulatory Requirements
Legal and Regulatory Organizations
Laws, Policies, and Regulations
National Institute of Standards and Technology (NIST) Publications
Chapter 3: Integrated Organization-Wide Risk Management
Abstract
Chapter Overview and Key Learning Points
Risk Management
Risk Management and the RMF
Components of Risk Management
Multi-tiered Risk Management
Risk Executive (Function)
Chapter 4: The Joint Task Force Transformation Initiative
Abstract
Chapter Overview and Key Learning Points
Before the Joint Task Force Transformation Initiative
The Joint Task Force Transformation Initiative
Chapter 5: System Development Life Cycle (SDLC)
Abstract
System Development Life Cycle (SDLC)
Traditional Systems Development Life Cycle (SDLC)
Traditional SDLC Considerations
Agile System Development
Chapter 6: Transitioning from the C&A Process to RMF
Abstract
Chapter Overview and Key Learning Points
C&A to RMF
The Certification and Accreditation (C&A) Process
Introducing the RMF (A High-Level View)
Transition
Chapter 7: Key Positions and Roles
Abstract
Chapter Overview and Key Learning Points
Key Roles to Implement the RMF
Part 2
Introduction
Chapter 8: Lab Organization
Abstract
Chapter Overview and Key Learning Points
The Department of Social Media (DSM)
Organizational Structure
Risk Executive (Function)
Chapter 9: RMF Phase 1: Categorize the Information System
Abstract
Chapter Overview and Key Learning Points
Phase 1, Task 1: Security Categorization
Phase 1, Task 2: Information Systems Description
Common Control Providers
Phase 1, Task 3: Information System Registration
Chapter 9 Lab Exercises: Information System Categorization
Chapter 10: RMF Phase 2: Selecting Security Controls
Abstract
Chapter Overview and Key Learning Points
Selecting Security Controls
Chapter 10 Lab Exercises: Selecting Security Controls
Chapter 11: RMF Phase 3: Implementing Security Controls
Abstract
Chapter Overview and Key Learning Points
Phase 3, Task 1: Security Control Implementation
Phase 3, Task 2: Security Control Documentation
Chapter 11 Lab Exercises: Selecting Security Controls
Chapter 12: RMF Phase 4: Assess Security Controls
Abstract
Chapter Overview and Key Learning Points
Assessing Security Controls
Chapter 12 Lab Exercises: Assessing Security Controls
Chapter 13: RMF Phase 5: Authorizing the Information System
Abstract
Chapter Overview and Key Learning Points
Phase 5, Task 1: Developing the Plan of Action and Milestones (POA&M)
Phase 5, Task 2: Assembly of the Authorization Package
Phase 5, Task 3: Determining Risk
Phase 5, Task 4: Accepting Risk
Chapter 13 Lab Exercises: Authorizing the Information System
Chapter 14: RMF Phase 6: Monitoring Security Controls
Abstract
Chapter Overview and Key Learning Points
Phase 6, Task 1: Monitoring Information System and Environment Changes
Phase 6, Task 2: Ongoing Security Control Assessment
Phase 6, Task 3: Ongoing Remediation Actions
Phase 6, Task 4: Updating the Security Documentation
Phase 6, Task 5: Security Status Reporting
Phase 6, Task 6: Ongoing Risk Determination and Acceptance
Phase 6, Task 7: System Removal and Decommissioning
Chapter 14 Lab Exercises: Monitoring Security Controls
Chapter 15: The Expansion of the RMF
Abstract
Chapter Overview and Key Learning Points
The Transition to the RMF
Future Updates to the RMF Process
Using the RMF with Other Control Sets and Requirements
Conclusion
Appendix A: Answers to Exercises in Chapters 9 through 14
Chapter 9
Chapter 10
Chapter 11
Chapter 12
Chapter 13
Chapter 14
Appendix B: Control Families and Classes
Appendix C: Security Control Assessment Requirements
NIST SP 800-53A Assessment Methods
Security Control Baseline Categorization
CNSSI 1253 Baseline Categorization
New Controls Planned in Revision 4
FedRAMP Controls
SP 800-53 Security Controls to HIPAA Security Rule
PCI DSS Standards
Appendix D: Assessment Method Definitions, Applicable Objects, and Attributes
Glossary
Common Acronyms in this Book
References
Index
← Prev
Back
Next →
← Prev
Back
Next →