Vlt 2 Task 4 Essay

3998 Words16 Pages
RMF Tasks | Status (done/not done) | Discuss how you determined the status of each task. Consider the following: If done, is it complete? Where is it located?If not done, what are the recommendations for completing? Where the results should be saved? | External documents needed for task | RMF Step 1: Categorize Information Systems | 1.1Security CategorizationUsing either FIPS 199 or CNSS 1253, categorize the information system. The completed categorization should be included in the security plan. | Not done | As highlighted in the risk assessment, there is no security plan done (p.18). Add the security categorization information to the security plan.The security categorization that was completed in the risk assessment can be included…show more content…
The registration allows to creating efficient tracking tools that are important for security status reporting in harmony with organizational policy.It could be registered with organizational or management offices | CNSS 1253 for national security systemNIST 800-37Page 21-22 | RMF Step 2 | Select Security Controls | 2.1Common Control IdentificationDescribe common security controls in place in the organization. Are the controls included in the security plan? | Not included | “Security controls are the management, operational, and technical safeguards or countermeasures employed within an organizational information system to protect the confidentiality, integrity, and availability of the system and its information” (NIST SP 800, 2009). The control allows the organization to efficiently mitigate the risk coming from the use of information System (IS) to conduct business operations and processes. | NIST SP 800-37Page 24-2 | 2.2Security Control SelectionAre selected security controls for the information system documented in the security plan? | Not documented | The security controls for the information system should be documented in the security plan. The security controls implementation must align with the corporate objectives and information security architecture. The security architecture provides a resource to allocate security controls. The selected security controls for the IS must be defined and

More about Vlt 2 Task 4 Essay

Open Document