|
|
Line 9: |
Line 9: |
| EXECUTING THE RISK MANAGEMENT FRAMEWORK TASKS | | EXECUTING THE RISK MANAGEMENT FRAMEWORK TASKS |
| | | |
| + | As an overall comment I find that the blocks of text making up these tasks are too dense and need to be broken up into shorter, more targetted segments. NIST SP 800-53r3 made excellent use of exploding out lists which had previously been embedded in paragraphs (e.g., (i) ..., (ii) ..., etc.). Reading security documents is often difficult for people who feel overwhelmed trying to the different data elements to each other. Good writing practice and formatting can make reading dense guidance wording easier, much as good writing and formatting can make reading source code easier. [[User:Dan Philpott|Dan Philpott]] 04:10, 8 December 2009 (UTC) |
| | | |
| === APPLICATION OF THE RISK MANAGEMENT FRAMEWORK === | | === APPLICATION OF THE RISK MANAGEMENT FRAMEWORK === |
Revision as of 04:10, 8 December 2009
CHAPTER THREE
THE PROCESS
EXECUTING THE RISK MANAGEMENT FRAMEWORK TASKS
As an overall comment I find that the blocks of text making up these tasks are too dense and need to be broken up into shorter, more targetted segments. NIST SP 800-53r3 made excellent use of exploding out lists which had previously been embedded in paragraphs (e.g., (i) ..., (ii) ..., etc.). Reading security documents is often difficult for people who feel overwhelmed trying to the different data elements to each other. Good writing practice and formatting can make reading dense guidance wording easier, much as good writing and formatting can make reading source code easier. Dan Philpott 04:10, 8 December 2009 (UTC)
APPLICATION OF THE RISK MANAGEMENT FRAMEWORK
3.1 RMF STEP 1 - CATEGORIZE INFORMATION SYSTEM
TASK 1-1 SECURITY CATEGORIZATION
TASK
Primary Responsibility
Supporting Roles
System Development Life Cycle Phase
Supplemental Guidance
References
TASK 1-2 INFORMATION SYSTEM DESCRIPTION
TASK
Primary Responsibility
Supporting Roles
System Development Life Cycle Phase
Supplemental Guidance
References
TASK 1-3 INFORMATION SYSTEM REGISTRATION
TASK
Primary Responsibility
Supporting Roles
System Development Life Cycle Phase
Supplemental Guidance
References
Milestone Checkpoint #1
3.2 RMF STEP 2 - SELECT SECURITY CONTROLS
TASK 2-1 SECURITY CONTROL SELECTION
TASK
Primary Responsibility
Supporting Roles
System Development Life Cycle Phase
Supplemental Guidance
References
TASK 2-2 COMMON CONTROL IDENTIFICATION
TASK
Primary Responsibility
Supporting Roles
System Development Life Cycle Phase
Supplemental Guidance
References
TASK 2-3 MONITORING STRATEGY
TASK
Primary Responsibility
Supporting Roles
System Development Life Cycle Phase
Supplemental Guidance
References
TASK 2-4 SECURITY PLAN APPROVAL
TASK
Primary Responsibility
Supporting Roles
System Development Life Cycle Phase
Supplemental Guidance
References
Milestone Checkpoint #2
3.3 RMF STEP 3 - IMPLEMENT SECURITY CONTROLS
TASK 3-1 SECURITY CONTROL IMPLEMENTATION
TASK
Primary Responsibility
Supporting Roles
System Development Life Cycle Phase
Supplemental Guidance
References
TASK 3-2 SECURITY CONTROL DOCUMENTATION
TASK
Primary Responsibility
Supporting Roles
System Development Life Cycle Phase
Supplemental Guidance
References
Milestone Checkpoint #3
3.4 RMF STEP 4 - ASSESS SECURITY CONTROLS
TASK 4-1 ASSESSMENT PREPARATION
TASK
Primary Responsibility
Supporting Roles
System Development Life Cycle Phase
Supplemental Guidance
References
TASK 4-2 SECURITY CONTROL ASSESSMENT
TASK
Primary Responsibility
Supporting Roles
System Development Life Cycle Phase
Supplemental Guidance
References
TASK 4-3 SECURITY ASSESSMENT REPORT
TASK
Primary Responsibility
Supporting Roles
System Development Life Cycle Phase
Supplemental Guidance
References
Milestone Checkpoint #4
3.5 RMF STEP 5 - AUTHORIZE INFORMATION SYSTEM
TASK 5-1 REMEDIATION ACTIONS
TASK
Primary Responsibility
Supporting Roles
System Development Life Cycle Phase
Supplemental Guidance
References
TASK 5-2 PLAN OF ACTION AND MILESTONES
TASK
Primary Responsibility
Supporting Roles
System Development Life Cycle Phase
Supplemental Guidance
References
TASK 5-3 SECURITY AUTHORIZATION PACKAGE
TASK
Primary Responsibility
Supporting Roles
System Development Life Cycle Phase
Supplemental Guidance
References
TASK 5-4 RISK DETERMINATION
TASK
Primary Responsibility
Supporting Roles
System Development Life Cycle Phase
Supplemental Guidance
References
TASK 5-5 RISK ACCEPTANCE
TASK
Primary Responsibility
Supporting Roles
System Development Life Cycle Phase
Supplemental Guidance
References
Milestone Checkpoint #5
3.6 RMF STEP 6 - MONITOR SECURITY CONTROLS
TASK 6-1 INFORMATION SYSTEM AND ENVIRONMENT CHANGES
TASK
Primary Responsibility
Supporting Roles
System Development Life Cycle Phase
Supplemental Guidance
References
TASK 6-2 ONGOING SECURITY CONTROL ASSESSMENTS
TASK
Primary Responsibility
Supporting Roles
System Development Life Cycle Phase
Supplemental Guidance
References
TASK 6-3 ONGOING REMEDIATION ACTIONS
TASK
Primary Responsibility
Supporting Roles
System Development Life Cycle Phase
Supplemental Guidance
References
TASK 6-4 CRITICAL UPDATES
TASK
Primary Responsibility
Supporting Roles
System Development Life Cycle Phase
Supplemental Guidance
References
TASK 6-5 SECURITY STATUS REPORTING
TASK
Primary Responsibility
Supporting Roles
System Development Life Cycle Phase
Supplemental Guidance
References
TASK 6-6 ONGOING RISK DETERMINATION AND ACCEPTANCE
TASK
Primary Responsibility
Supporting Roles
System Development Life Cycle Phase
Supplemental Guidance
References
TASK 6-7 INFORMATION SYSTEM REMOVAL AND DECOMMISSIONING
TASK
Primary Responsibility
Supporting Roles
System Development Life Cycle Phase
Supplemental Guidance
References
Milestone Checkpoint #6