Vlt 2 Task 4

4005 words 17 pages
RMF Tasks | Status (done/not done) | Discuss how you determined the status of each task. Consider the following: If done, is it complete? Where is it located?If not done, what are the recommendations for completing? Where the results should be saved? | External documents needed for task | RMF Step 1: Categorize Information Systems | 1.1Security CategorizationUsing either FIPS 199 or CNSS 1253, categorize the information system. The completed categorization should be included in the security plan. | Not done | As highlighted in the risk assessment, there is no security plan done (p.18). Add the security categorization information to the security plan.The security categorization that was completed in the risk assessment can be included …show more content…

| NIST 800-37CNSS Instructions 1253FIPS Publication 200 Page 26 | 2.3Monitoring StrategyWhat security control monitoring strategies should be used to protect the information system and its environment of operation? | No | The security monitoring strategies must be proactive. However, monitoring process should be included in the security controls selection. Security operation should be monitoring and the strategies must revise every so often. Any change in process should be included in the business security plan | NIST 800-37Page 26/27 | 2.4Security Plan ApprovalHas the security plan been reviewed and approved? | No | Organization must use security best practices if they want to implement proper security controls. Typically, the information security engineer with the help from information security officers use a better security engineering approach that captures and refines the security requirement and ensure the proper integration of these requirements into IT products. To sum up, Information security professional must review and analyze the security plan. They could recommend any positive change of the security plan before the final approval. | NIST 800-37Page 28 | RMF Step 3: | Implement Security Controls | 3.1Security Control ImplementationHave the security controls specified in the security plan been implemented? | Not done | Security controls implementation


  • Tan Sri Lim Goh Tong Biography
    7581 words | 31 pages