Professional Documents
Culture Documents
1. AI - Artificial Intelligence
2. AO - Authorizing Official
3. Assess Controls - Assess the implemented security controls using determined procedure
4. Assessment Step - “The purpose of the Assess step is to determine if the controls selected for
implementation are implemented correctly, operating as intended, and producing the desired
outcome with respect to meeting the security and privacy requirements for the system and the
organization” (NIST SP 800-37 Rev. 2)
5. ATO - Authorization to Operate
6. ATT - Authorization to Test
7. ATU - Authorization to Use
8. Authorization Step - “The purpose of the Authorize step is to provide organizational
accountability by requiring a senior management official to determine if the security and
privacy risk (including supply chain risk) to organizational operations and assets, individuals,
other organizations, or the Nation based on the operation of a system or the use of common
controls, is acceptable” (NIST SP 800-37 Rev. 2)
9. Authorize Systems - Determine the risk of operations / assets / individuals / organization
10. Categorize step - “The purpose of the Categorize step is to inform organizational risk
management processes and tasks by determining the adverse impact to organizational
operations and assets, individuals, other organizations, and the Nation with respect to the loss
of confidentiality, integrity, and availability of organizational systems and the information
processed, stored, and transmitted by those systems” (NIST SP 800-37 Rev. 2)
11. CIA Triad - A model designed to guide policies for information security with an organization.
The CIA triad is also known as (AIC) availability, integrity & confidentiality
12. ConMon - Continuous Monitoring
13. CSF - Cyber Security Framework
14. C-Suite - The executive level Managers of a company i.e. chief executive officer (CEO), chief
operating officer (COO), chief information officer CIO etc.
15. DevOps - A set of practices that combines software development (Dev) and information
technology operation (Ops) to deliver software faster and reliably
Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.
1
Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.
2
37. Select Step - “The purpose of the Select step is to select, tailor, and document the controls
necessary to protect the information system and organization commensurate with risk to
organizational operations and assets, individuals, other organizations, and the Nation” (NIST
SP 800-37 Rev. 2)
38. SP 800-37 Rev. 2 - “This publication describes the RMF and provides guidelines for managing
security and privacy risks and applying the RMF to information systems and organizations”
39. SP 800-53B - “The publication is to provide guidelines for selecting and specifying security
controls for organizations and information systems supporting the executive agencies of the
federal government to meet the requirements of FIPS Publication 200, Minimum Security
Requirements for Federal Information and Information Systems”
References
Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.
3