Introduction to NIST’s Risk Management Framework (RMF)

Categorize

Select

Implement

Assess

Authorize

Monitor

“Certification and accreditation is the methodology

used to ensure that security controls are established for

an information system, that these controls are

functioning appropriately, and that management has

authorized the operation of the system in is current

security posture.”

- Official (ISC)2 Guide to the CAP CBK (1st ed.)

Measures that protect and defend information and

information systems by ensuring their availability,

integrity, authentication, confidentiality, and non

repudiation. These measures include providing for

restoration of information systems by incorporating

protection, detection, and reaction capabilities.

- CNSS Instruction No. 4009

“The official management decision given by a senior

organizational official to authorize operation of an

information system and to explicitly accept the risk to

organizational operations (including mission, functions,

image, or reputation), organizational assets, individuals,

other organizations, and the Nation based on the

implementation of an agreed-upon set of security

controls.”- NIST SP 800-37 rev 1

Why are Agencies riddled with security holes?

http://gcn.com/articles/2011/07/06/cyber-attacks-take-2-energy-labs-offline.aspx

//// Trainers Underground ////

The session will begin shortly.

Open/close Chat

Mute / unmute

Share Video

See attendees

Share/view

presentation

You may need an microphone plugged in

to join the Lync call