Talk:Industry:Project Review/NIST SP 800-37r1 FPD Chapter 3

1 APPLICATION OF THE RISK MANAGEMENT FRAMEWORK 2 3.1 RMF STEP 1 - CATEGORIZE INFORMATION SYSTEM 2.1 TASK 1-1 SECURITY CATEGORIZATION 2.1.1 TASK 2.1.2 Primary Responsibility 2.1.3 Supporting Roles 2.1.4 System Development Life Cycle Phase 2.1.5 Supplemental Guidance 2.1.6 References 2.2 TASK 1-2 INFORMATION SYSTEM DESCRIPTION 2.2.1 TASK 2.2.2 Primary Responsibility 2.2.3 Supporting Roles 2.2.4 System Development Life Cycle Phase 2.2.5 Supplemental Guidance 2.2.6 References 2.3 TASK 1-3 INFORMATION SYSTEM REGISTRATION 2.3.1 TASK 2.3.2 Primary Responsibility 2.3.3 Supporting Roles 2.3.4 System Development Life Cycle Phase 2.3.5 Supplemental Guidance 2.3.6 References 2.4 Milestone Checkpoint #1 3 3.2 RMF STEP 2 - SELECT SECURITY CONTROLS 3.1 TASK 2-1 SECURITY CONTROL SELECTION 3.1.1 TASK 3.1.2 Primary Responsibility 3.1.3 Supporting Roles 3.1.4 System Development Life Cycle Phase 3.1.5 Supplemental Guidance 3.1.6 References 3.2 TASK 2-2 COMMON CONTROL IDENTIFICATION 3.2.1 TASK 3.2.2 Primary Responsibility 3.2.3 Supporting Roles 3.2.4 System Development Life Cycle Phase 3.2.5 Supplemental Guidance 3.2.6 References 3.3 TASK 2-3 MONITORING STRATEGY 3.3.1 TASK 3.3.2 Primary Responsibility 3.3.3 Supporting Roles 3.3.4 System Development Life Cycle Phase 3.3.5 Supplemental Guidance 3.3.6 References 3.4 TASK 2-4 SECURITY PLAN APPROVAL 3.4.1 TASK 3.4.2 Primary Responsibility 3.4.3 Supporting Roles 3.4.4 System Development Life Cycle Phase 3.4.5 Supplemental Guidance 3.4.6 References 3.5 Milestone Checkpoint #2 4 3.3 RMF STEP 3 - IMPLEMENT SECURITY CONTROLS 4.1 TASK 3-1 SECURITY CONTROL IMPLEMENTATION 4.1.1 TASK 4.1.2 Primary Responsibility 4.1.3 Supporting Roles 4.1.4 System Development Life Cycle Phase 4.1.5 Supplemental Guidance 4.1.6 References 4.2 TASK 3-2 SECURITY CONTROL DOCUMENTATION 4.2.1 TASK 4.2.2 Primary Responsibility 4.2.3 Supporting Roles 4.2.4 System Development Life Cycle Phase 4.2.5 Supplemental Guidance 4.2.6 References 4.3 Milestone Checkpoint #3 5 3.4 RMF STEP 4 - ASSESS SECURITY CONTROLS 5.1 TASK 4-1 ASSESSMENT PREPARATION 5.1.1 TASK 5.1.2 Primary Responsibility 5.1.3 Supporting Roles 5.1.4 System Development Life Cycle Phase 5.1.5 Supplemental Guidance 5.1.6 References 5.2 TASK 4-2 SECURITY CONTROL ASSESSMENT 5.2.1 TASK 5.2.2 Primary Responsibility 5.2.3 Supporting Roles 5.2.4 System Development Life Cycle Phase 5.2.5 Supplemental Guidance 5.2.6 References 5.3 TASK 4-3 SECURITY ASSESSMENT REPORT 5.3.1 TASK 5.3.2 Primary Responsibility 5.3.3 Supporting Roles 5.3.4 System Development Life Cycle Phase 5.3.5 Supplemental Guidance 5.3.6 References 5.4 Milestone Checkpoint #4 6 3.5 RMF STEP 5 - AUTHORIZE INFORMATION SYSTEM 6.1 TASK 5-1 REMEDIATION ACTIONS 6.1.1 TASK 6.1.2 Primary Responsibility 6.1.3 Supporting Roles 6.1.4 System Development Life Cycle Phase 6.1.5 Supplemental Guidance 6.1.6 References 6.2 TASK 5-2 PLAN OF ACTION AND MILESTONES 6.2.1 TASK 6.2.2 Primary Responsibility 6.2.3 Supporting Roles 6.2.4 System Development Life Cycle Phase 6.2.5 Supplemental Guidance 6.2.6 References 6.3 TASK 5-3 SECURITY AUTHORIZATION PACKAGE 6.3.1 TASK 6.3.2 Primary Responsibility 6.3.3 Supporting Roles 6.3.4 System Development Life Cycle Phase 6.3.5 Supplemental Guidance 6.3.6 References 6.4 TASK 5-4 RISK DETERMINATION 6.4.1 TASK 6.4.2 Primary Responsibility 6.4.3 Supporting Roles 6.4.4 System Development Life Cycle Phase 6.4.5 Supplemental Guidance 6.4.6 References 6.5 TASK 5-5 RISK ACCEPTANCE 6.5.1 TASK 6.5.2 Primary Responsibility 6.5.3 Supporting Roles 6.5.4 System Development Life Cycle Phase 6.5.5 Supplemental Guidance 6.5.6 References 6.6 Milestone Checkpoint #5 7 3.6 RMF STEP 6 - MONITOR SECURITY CONTROLS 7.1 TASK 6-1 INFORMATION SYSTEM AND ENVIRONMENT CHANGES 7.1.1 TASK 7.1.2 Primary Responsibility 7.1.3 Supporting Roles 7.1.4 System Development Life Cycle Phase 7.1.5 Supplemental Guidance 7.1.6 References 7.2 TASK 6-2 ONGOING SECURITY CONTROL ASSESSMENTS 7.2.1 TASK 7.2.2 Primary Responsibility 7.2.3 Supporting Roles 7.2.4 System Development Life Cycle Phase 7.2.5 Supplemental Guidance 7.2.6 References 7.3 TASK 6-3 ONGOING REMEDIATION ACTIONS 7.3.1 TASK 7.3.2 Primary Responsibility 7.3.3 Supporting Roles 7.3.4 System Development Life Cycle Phase 7.3.5 Supplemental Guidance 7.3.6 References 7.4 TASK 6-4 CRITICAL UPDATES 7.4.1 TASK 7.4.2 Primary Responsibility 7.4.3 Supporting Roles 7.4.4 System Development Life Cycle Phase 7.4.5 Supplemental Guidance 7.4.6 References 7.5 TASK 6-5 SECURITY STATUS REPORTING 7.5.1 TASK 7.5.2 Primary Responsibility 7.5.3 Supporting Roles 7.5.4 System Development Life Cycle Phase 7.5.5 Supplemental Guidance 7.5.6 References 7.6 TASK 6-6 ONGOING RISK DETERMINATION AND ACCEPTANCE 7.6.1 TASK 7.6.2 Primary Responsibility 7.6.3 Supporting Roles 7.6.4 System Development Life Cycle Phase 7.6.5 Supplemental Guidance 7.6.6 References 7.7 TASK 6-7 INFORMATION SYSTEM REMOVAL AND DECOMMISSIONING 7.7.1 TASK 7.7.2 Primary Responsibility 7.7.3 Supporting Roles 7.7.4 System Development Life Cycle Phase 7.7.5 Supplemental Guidance 7.7.6 References 7.8 Milestone Checkpoint #6

CHAPTER THREE

THE PROCESS

EXECUTING THE RISK MANAGEMENT FRAMEWORK TASKS

APPLICATION OF THE RISK MANAGEMENT FRAMEWORK

3.1 RMF STEP 1 - CATEGORIZE INFORMATION SYSTEM

TASK 1-1 SECURITY CATEGORIZATION

TASK

Primary Responsibility

Supporting Roles

System Development Life Cycle Phase

Supplemental Guidance

References

TASK 1-2 INFORMATION SYSTEM DESCRIPTION

TASK

Primary Responsibility

Supporting Roles

System Development Life Cycle Phase

Supplemental Guidance

References

TASK 1-3 INFORMATION SYSTEM REGISTRATION

TASK

Primary Responsibility

Supporting Roles

System Development Life Cycle Phase

Supplemental Guidance

References

Milestone Checkpoint #1

3.2 RMF STEP 2 - SELECT SECURITY CONTROLS

TASK 2-1 SECURITY CONTROL SELECTION

TASK

Primary Responsibility

Supporting Roles

System Development Life Cycle Phase

Supplemental Guidance

References

TASK 2-2 COMMON CONTROL IDENTIFICATION

TASK

Primary Responsibility

Supporting Roles

System Development Life Cycle Phase

Supplemental Guidance

References

TASK 2-3 MONITORING STRATEGY

TASK

Primary Responsibility

Supporting Roles

System Development Life Cycle Phase

Supplemental Guidance

References

TASK 2-4 SECURITY PLAN APPROVAL

TASK

Primary Responsibility

Supporting Roles

System Development Life Cycle Phase

Supplemental Guidance

References

Milestone Checkpoint #2

3.3 RMF STEP 3 - IMPLEMENT SECURITY CONTROLS

TASK 3-1 SECURITY CONTROL IMPLEMENTATION

TASK

Primary Responsibility

Supporting Roles

System Development Life Cycle Phase

Supplemental Guidance

References

TASK 3-2 SECURITY CONTROL DOCUMENTATION

TASK

Primary Responsibility

Supporting Roles

System Development Life Cycle Phase

Supplemental Guidance

References

Milestone Checkpoint #3

3.4 RMF STEP 4 - ASSESS SECURITY CONTROLS

TASK 4-1 ASSESSMENT PREPARATION

TASK

Primary Responsibility

Supporting Roles

System Development Life Cycle Phase

Supplemental Guidance

References

TASK 4-2 SECURITY CONTROL ASSESSMENT

TASK

Primary Responsibility

Supporting Roles

System Development Life Cycle Phase

Supplemental Guidance

References

TASK 4-3 SECURITY ASSESSMENT REPORT

TASK

Primary Responsibility

Supporting Roles

System Development Life Cycle Phase

Supplemental Guidance

References

Milestone Checkpoint #4

3.5 RMF STEP 5 - AUTHORIZE INFORMATION SYSTEM

TASK 5-1 REMEDIATION ACTIONS

TASK

Primary Responsibility

Supporting Roles

System Development Life Cycle Phase

Supplemental Guidance

References

TASK 5-2 PLAN OF ACTION AND MILESTONES

TASK

Primary Responsibility

Supporting Roles

System Development Life Cycle Phase

Supplemental Guidance

References

TASK 5-3 SECURITY AUTHORIZATION PACKAGE

TASK

Primary Responsibility

Supporting Roles

System Development Life Cycle Phase

Supplemental Guidance

References

TASK 5-4 RISK DETERMINATION

TASK

Primary Responsibility

Supporting Roles

System Development Life Cycle Phase

Supplemental Guidance

References

TASK 5-5 RISK ACCEPTANCE

TASK

Primary Responsibility

Supporting Roles

System Development Life Cycle Phase

Supplemental Guidance

References

Milestone Checkpoint #5

3.6 RMF STEP 6 - MONITOR SECURITY CONTROLS

TASK 6-1 INFORMATION SYSTEM AND ENVIRONMENT CHANGES

TASK

Primary Responsibility

Supporting Roles

System Development Life Cycle Phase

Supplemental Guidance

References

TASK 6-2 ONGOING SECURITY CONTROL ASSESSMENTS

TASK

Primary Responsibility

Supporting Roles

System Development Life Cycle Phase

Supplemental Guidance

References

TASK 6-3 ONGOING REMEDIATION ACTIONS

TASK

Primary Responsibility

Supporting Roles

System Development Life Cycle Phase

Supplemental Guidance

References

TASK 6-4 CRITICAL UPDATES

TASK

Primary Responsibility

Supporting Roles

System Development Life Cycle Phase

Supplemental Guidance

References

TASK 6-5 SECURITY STATUS REPORTING

TASK

Primary Responsibility

Supporting Roles

System Development Life Cycle Phase

Supplemental Guidance

References

TASK 6-6 ONGOING RISK DETERMINATION AND ACCEPTANCE

TASK

Primary Responsibility

Supporting Roles

System Development Life Cycle Phase

Supplemental Guidance

References

TASK 6-7 INFORMATION SYSTEM REMOVAL AND DECOMMISSIONING

TASK

Primary Responsibility

Supporting Roles

System Development Life Cycle Phase

Supplemental Guidance

References

Milestone Checkpoint #6