Scribd Logo
Upload

Welcome to Scribd!

  • RMF Executive Glossary

    Uploaded by

    disney007
    16 views3 pages

    Original Title

    Execut_RM_1_

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    16 views3 pages

    RMF Executive Glossary

    Uploaded by

    disney007

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 3

     

     
     

    Executive RMF Glossary 


    Created By: ZHassan, Teaching Assistant 
     

    1. AI - ​Artificial Intelligence 
    2. AO - ​Authorizing Official 
    3. Assess Controls - ​Assess the implemented security controls using determined procedure 
    4. Assessment Step - ​“The purpose of the Assess step is to determine if the controls selected for 
    implementation are implemented correctly, operating as intended, and producing the desired 
    outcome with respect to meeting the security and privacy requirements for the system and the 
    organization” (NIST SP 800-37 Rev. 2) 
    5. ATO - ​Authorization to Operate 
    6. ATT - ​Authorization to Test 
    7. ATU - ​Authorization to Use 
    8. Authorization Step - ​“The purpose of the Authorize step is to provide organizational 
    accountability by requiring a senior management official to determine if the security and 
    privacy risk (including supply chain risk) to organizational operations and assets, individuals, 
    other organizations, or the Nation based on the operation of a system or the use of common 
    controls, is acceptable” (NIST SP 800-37 Rev. 2) 
    9. Authorize Systems - ​Determine the risk of operations / assets / individuals / organization 
    10. Categorize step - “​The purpose of the Categorize step is to inform organizational risk 
    management processes and tasks by determining the adverse impact to organizational 
    operations and assets, individuals, other organizations, and the Nation with respect to the loss 
    of confidentiality, integrity, and availability of organizational systems and the information 
    processed, stored, and transmitted by those systems​”​ (NIST SP 800-37 Rev. 2) 
    11. CIA Triad - ​A model designed to guide policies for information security with an organization. 
    The CIA triad is also known as (AIC) availability, integrity & confidentiality   
    12. ConMon - ​Continuous Monitoring  
    13. CSF - ​Cyber Security Framework 
    14. C-Suite - ​The executive level Managers of a company i.e. chief executive officer (CEO), chief 
    operating officer (COO), chief information officer CIO etc. 
    15. DevOps - ​A set of practices that combines software development (Dev) and information 
    technology operation (Ops) to deliver software faster and reliably 
     
    Brought to you by:  Develop your team with the ​fastest growing catalog​ in the 
    cybersecurity industry. Enterprise-grade workforce development 
    management, advanced training features and detailed skill gap and 
     
    competency analytics. 

     
     
     

    16. FOCI - ​Foreign ownership control or influence 


    17. HVA - ​High Value Asset,​ ​further read DHS, Securing High Value Assets, 2018 
    18. Implement Controls - ​Implement the selected security controls 
    19. Implement Step - ​“The purpose of the Implement step is to implement the controls in the 
    security and privacy plans for the system and for the organization and to document in a 
    baseline configuration, the specific details of the control implementation” (NIST SP 800-37 Rev. 
    2) 
    20. ISSO - ​Information System Security Officer 
    21. ML - ​Machine Learning 
    22. Monitor Controls - ​Monitor the controls for their effectiveness and reporting  
    23. Monitor Step - ​“The purpose of the Monitor step is to maintain an ongoing situational 
    awareness about the security and privacy posture of the information system and the 
    organization in support of risk management decisions” (NIST SP 800-37 Rev. 2) 
    24. NICE Framework - ​The National Initiative for Cybersecurity Education (NICE) Cybersecurity 
    Workforce Framework  
    25. NIST - ​National Institute of Standards and Technology  
    26. OU - ​Organizational Unit 
    27. POA&Ms - ​Plan of Action and Milestones 
    28. Prepare step - “​The purpose of the Prepare step is to carry out essential activities at the 
    organization, mission and business process, and information system levels of the organization 
    to help prepare the organization to manage its security and privacy risks using the Risk 
    Management Framework​” ​(NIST SP 800-37 Rev. 2) 
    29. Risk Committee - ​A group responsible for risk management policies and operations 
    30. RMF - ​Risk Management Framework 
    31. RMF Preparation – “​The purpose of the Prepare step is to carry out essential activities at the 
    organization, mission and business process, and information system levels of the organization 
    to help prepare the organization to manage its security and privacy risks using the Risk 
    Management Framework.” (NIST SP 800-37 Rev. 2) 
    32. RMS - ​Risk Management Strategy 
    33. SaaS - ​Software as a Service 
    34. SCRM - ​Supply Chain Risk Management 
    35. SDLC - ​System / Software development life cycle 
    36. Select Controls - ​Initial set of baseline security controls 

     
    Brought to you by:  Develop your team with the ​fastest growing catalog​ in the 
    cybersecurity industry. Enterprise-grade workforce development 
    management, advanced training features and detailed skill gap and 
     
    competency analytics. 

     
     
     

    37. Select Step - ​“The purpose of the Select step is to select, tailor, and document the controls 
    necessary to protect the information system and organization commensurate with risk to 
    organizational operations and assets, individuals, other organizations, and the Nation” (NIST 
    SP 800-37 Rev. 2) 
    38. SP 800-37 Rev. 2 - ​“This publication describes the RMF and provides guidelines for managing 
    security and privacy risks and applying the RMF to information systems and organizations”  
    39. SP 800-53B - “​The publication is to provide guidelines for selecting and specifying security 
    controls for organizations and information systems supporting the executive agencies of the 
    federal government to meet the requirements of FIPS Publication 200, Minimum Security 
    Requirements for Federal Information and Information Systems​” 
     
     
     
     
     
     
     
     
     
    References 

    ● (NIST SP 800-37 Rev. 2) 


    https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-37r2.pdf 
    ● (NIST SP 800-37 Rev. 4) 
    https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf 
    ● (DHS, Securing High Value Assets, 2018) 
    https://www.dhs.gov/sites/default/files/publications/Securing%20High%20Value%20Assets_V
    ersion%201.1_July%202018_508c.pdf 

     
    Brought to you by:  Develop your team with the ​fastest growing catalog​ in the 
    cybersecurity industry. Enterprise-grade workforce development 
    management, advanced training features and detailed skill gap and 
     
    competency analytics. 

    You might also like