Welcome to Scribd!

CA-NISTSteps v7

Uploaded by

0% found this document useful (0 votes)

9 views1 page

The document outlines 10 tasks across 5 phases of the NIST 800-37 risk management framework: 1) Phase 1 includes 3 initiation tasks - preparing documentation, categorizing the system's confidentiality, integrity and availability levels, and analyzing security controls and risks. 2) Phase 2 contains 2 certification tasks - assessing security controls and documenting security certification. 3) Phase 3 has 3 accreditation tasks - making an accreditation decision, documenting it, and transmitting the security accreditation package. 4) Phase 4 involves 3 monitoring tasks - managing configuration, monitoring controls, and reporting status. 5) Phase 5 is operations and maintenance, with the system owner primarily responsible for ongoing risk management

Original Description:

Original Title

CA-NISTSteps_v7

Copyright

Available Formats

PPT, PDF, TXT or read online from Scribd

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Report this Document

Copyright:

Attribution Non-Commercial (BY-NC)

Available Formats

Download as PPT, PDF, TXT or read online from Scribd

Flag for inappropriate content

Download as ppt, pdf, or txt

0% found this document useful (0 votes)

9 views1 page

CA-NISTSteps v7

Uploaded by

kunalahuja3333

Copyright:

Attribution Non-Commercial (BY-NC)

Available Formats

Download as PPT, PDF, TXT or read online from Scribd

Flag for inappropriate content

Download as ppt, pdf, or txt

Jump to Page

You are on page 1of 1

Search inside document

NIST 800-37 Risk Management & Certification and Accreditation Tasks

Phase 1 – Task 1 Phase 1 – Task 2 Phase 1 – Task 3 Phase 2 – Task 4 Phase 2 – Task 5

Initiation Initiation Initiation Certification Certification

Notify Officials & Analyze, Update
Prepare Assess & Evaluate Document Security
Identify & Accept System
Documentation Security Controls Certification
Resources Security Plan
Integration & Test Integration & Test
Initiation Phase 1 Planning Phase 3 Multiple Phases 4-6
Phase 7 Phase 7
1. Describe the System 1. Notify Program Officials 1. Review Security C.I.A. 1. Prepare Documentation & 1. Provide Findings and
2. Categorize its C.I.A. 2. Identify Resources Needed Categorizations Supporting Materials Recommendations
3. Identify Threats to it and Plan execution of 2. Analyze Security Plan 2. Review Methods and 2. Update Security Plan
4. Identify its Vulnerabilities Activities 3. Update Security Plan Test Procedures 3. Prepare Plan of Action &
5. Identify In-Place and 4. Obtain Authorizing 3. Assess & Evaluate In- Milestones
Planned Security Controls Official Acceptance of Place Security Controls 4. Assemble Accreditation
6. Determine its Initial Risks Security Plan 4. Report Security Package
Assessment Results

Phase 3 – Task 6 Phase 3 – Task 7 Phase 4 – Task 8 Phase 4 – Task 9 Phase 4 – Task 10

Accreditation Accreditation Monitoring Monitoring Monitoring

Make Security
Document Security Manage & Control Monitor Security Report & Document
Accreditation
Accreditation Configuration Controls Status
Decision
Integration & Test Integration & Test
O&M Phase 9 O&M Phase 9 O&M Phase 9
Phase 7 Phase 7
1. Determine Final Risk 1. Transmit Security 1. Document System 1. Select In-Place Security 1. Update Security Plan
Levels Accreditation Package Changes Controls 2. Update Plan of Action
2. Accept Residual Risk 2. Update Security Plan 2. Analyze Security 2. Assess Selected & Milestones
Impacts Security Controls 3. Report Status

Primary Responsibility
Phases System Owner
Certification Agent
NIST 800-37
Authorizing Official
SDLC System Owner

OIS SOP 2.4.1 Internal Penetration
Document11 pages
OIS SOP 2.4.1 Internal Penetration
Robase06
50% (2)
Arlo Installation Guide Final EN
Document14 pages
Arlo Installation Guide Final EN
Fernando Navarro
No ratings yet
Patch Management Policy and Procedure
Document4 pages
Patch Management Policy and Procedure
tbt32
100% (1)
Obo - Code
Document548 pages
Obo - Code
Muhammad Usman
No ratings yet
Shell Script
Document10 pages
Shell Script
piyush singh
No ratings yet
VMP Template
Document16 pages
VMP Template
Muhammad fahmy
100% (2)
Gt-50dz Tow Tractor With Deutz Engine (Manuale Officina)
Document922 pages
Gt-50dz Tow Tractor With Deutz Engine (Manuale Officina)
Ersin Altinel
50% (2)
986 Heater Flap Repair Boxster Foam
Document6 pages
986 Heater Flap Repair Boxster Foam
Kenneth Zunge
50% (2)
Validation Plan Template
Document7 pages
Validation Plan Template
vapaps
100% (1)
VAL 170401 BMAA VAL Activity 2 VMP Template
Document17 pages
VAL 170401 BMAA VAL Activity 2 VMP Template
Mohammed S.Gouda
100% (1)
Software Quality Engineering (Assignment # 3 (CEP) ) : University of Engineering and Technology, Mardan
Document8 pages
Software Quality Engineering (Assignment # 3 (CEP) ) : University of Engineering and Technology, Mardan
Muhammad Hamza
No ratings yet
Product - Process Validation
Document5 pages
Product - Process Validation
alliceyew
No ratings yet
Template For Performace Qualification Protocol - Pharmaceutical Guidance
Document4 pages
Template For Performace Qualification Protocol - Pharmaceutical Guidance
MIRZA AFAQ ALI
No ratings yet
RHEL 6/CentOS 6 PCI Hardening Guide
Document4 pages
RHEL 6/CentOS 6 PCI Hardening Guide
ttyX
100% (1)
CCNPv6 ROUTE SBA Skills-Based Assessment
Document3 pages
CCNPv6 ROUTE SBA Skills-Based Assessment
Brian Svendsen
100% (1)
Tank Cleaning Guide
Document53 pages
Tank Cleaning Guide
schjhdfi38
100% (1)
Olympus CV160 Brochure
Document2 pages
Olympus CV160 Brochure
eDWARD
No ratings yet
Executive Branch Test PDF
Document2 pages
Executive Branch Test PDF
Sonya
No ratings yet
AUDITING Internal Controls - 2024
Document30 pages
AUDITING Internal Controls - 2024
lonaarbilly
No ratings yet
Is Security & Risk: Management
Document25 pages
Is Security & Risk: Management
hilda_oktavianni5178
No ratings yet
Information Security Transformation-Nahil Mahmood-Lecture 61
Document5 pages
Information Security Transformation-Nahil Mahmood-Lecture 61
فیضان راجپوت
No ratings yet
Safe System of Work Brochure
Document24 pages
Safe System of Work Brochure
Hossam Abdelmoneim
No ratings yet
Safe Home Audit Tool FY21
Document4 pages
Safe Home Audit Tool FY21
Nayo Bravo Sáez
No ratings yet
Information Security Transformation-Nahil Mahmood-Lecture 60
Document5 pages
Information Security Transformation-Nahil Mahmood-Lecture 60
Qasim Khan
No ratings yet
Information Security Transformation-Nahil Mahmood-Lecture 16
Document9 pages
Information Security Transformation-Nahil Mahmood-Lecture 16
Muhammad Asim Mubarik
No ratings yet
Job Safety Analysis (JSA) - Guideline
Document10 pages
Job Safety Analysis (JSA) - Guideline
abdulla amra
No ratings yet
Step # Step UAT Data/Values
Document24 pages
Step # Step UAT Data/Values
HAMMADHR
No ratings yet
Date Issued: November 07, 2008: by T I T L e Signed Date
Document6 pages
Date Issued: November 07, 2008: by T I T L e Signed Date
frengki
No ratings yet
Assigment Five
Document6 pages
Assigment Five
melsew
No ratings yet
ICT Testing Guide - L1
Document12 pages
ICT Testing Guide - L1
Arun Chugha
No ratings yet
Webinar K3 2021 - PSSR
Document20 pages
Webinar K3 2021 - PSSR
ZulkarnaenUchiha
100% (1)
Proposal Springworks
Document12 pages
Proposal Springworks
Indian Opinion
No ratings yet
REVIEWER
Document8 pages
REVIEWER
Kaela Serrano
No ratings yet
Iqoqpq RMG PDF
Document11 pages
Iqoqpq RMG PDF
srinivas r
No ratings yet
Project Name: "New Arrivals": FNA Test Plan
Document6 pages
Project Name: "New Arrivals": FNA Test Plan
Nusrat Hasan
No ratings yet
Test Management: Software Testing
Document50 pages
Test Management: Software Testing
(K12 HCM) Nguyen Bao Thien
No ratings yet
Supplier Audit Check Sheet.
Document1 page
Supplier Audit Check Sheet.
ALI ASGHAR
No ratings yet
Acceptance Test An
Document4 pages
Acceptance Test An
aemi
No ratings yet
System Press Welding - Audit Check Sheet - 08062019
Document23 pages
System Press Welding - Audit Check Sheet - 08062019
dyson
No ratings yet
Orange HRM: System Test Plan
Document8 pages
Orange HRM: System Test Plan
victor othugadi
100% (1)
Understanding The RMF Process For DOD Information Technology
Document10 pages
Understanding The RMF Process For DOD Information Technology
Mohammed Irfan
No ratings yet
Web PEN Test Report
Document8 pages
Web PEN Test Report
Rahul Bhangale
No ratings yet
SWT5
Document50 pages
SWT5
(FU HCM - GV) Nguyễn Thế Hoàng
No ratings yet
T06002.006 Viva E System Onsite Training Workbook Eff Date 09-13-21
Document66 pages
T06002.006 Viva E System Onsite Training Workbook Eff Date 09-13-21
Zitouni Lamine
No ratings yet
Gregory Test Plan
Document5 pages
Gregory Test Plan
anon-770282
100% (1)
Risk Management - IT (Hirzi0
Document7 pages
Risk Management - IT (Hirzi0
Peter Tham
No ratings yet
CH 15
Document23 pages
CH 15
khannashriya
No ratings yet
Secure Network Architecture
Document30 pages
Secure Network Architecture
blackberry7130g
No ratings yet
SAP QM Introduction Deck
Document22 pages
SAP QM Introduction Deck
Vikash Ranjan
No ratings yet
Copie de CIS-RAM-Workbook-Version-1.0.a-cc
Document543 pages
Copie de CIS-RAM-Workbook-Version-1.0.a-cc
Razik Haddad
No ratings yet
CIS RAM Workbook Version CC
Document551 pages
CIS RAM Workbook Version CC
Ignacio Lanseros
No ratings yet
FedRAMP External - Ken Hartman
Document28 pages
FedRAMP External - Ken Hartman
Matthew McMurphy
No ratings yet
Test Management: Software Testing ISEB Foundation Certificate Course
Document49 pages
Test Management: Software Testing ISEB Foundation Certificate Course
Luisa Fernanda Betancourt Dominguez
No ratings yet
Five Easy Steps To A Smoother Cybersecurity Audit Experience
Document23 pages
Five Easy Steps To A Smoother Cybersecurity Audit Experience
ʚïɞ Fi Fi ʚïɞ
No ratings yet
CH 14 - Designing An Effective Response To Asessed Risk
Document7 pages
CH 14 - Designing An Effective Response To Asessed Risk
Jwyneth Royce Denolan
No ratings yet
FINANCIAL AUDIT (Final Exam - Portions) : Relevance
Document5 pages
FINANCIAL AUDIT (Final Exam - Portions) : Relevance
Soniea Diani
No ratings yet
Job Description - All
Document9 pages
Job Description - All
puput utomo
No ratings yet
Api Monogram Program/Erw 20'' (Api 5L) : Embosal Steel Mills LLC
Document2 pages
Api Monogram Program/Erw 20'' (Api 5L) : Embosal Steel Mills LLC
Ravi Tyagi
No ratings yet
SDLC Notes
Document1 page
SDLC Notes
Chaapi Kim
No ratings yet
Part 1 - 87cm007
Document3 pages
Part 1 - 87cm007
Rabail Shahnaz
No ratings yet
Test Project Setup Checklist
Document3 pages
Test Project Setup Checklist
mukesh1104
No ratings yet
Operation and Qualification of Stability Chamber IV
Document21 pages
Operation and Qualification of Stability Chamber IV
systacare remedies
100% (1)
2022 Maturity-Assessment-Tool Detailed
Document99 pages
2022 Maturity-Assessment-Tool Detailed
ruri prabaswari
No ratings yet
Mature and Secure:: Creating A CMMI and ISO/IEC 21827 Compliant Process Improvement Program
Document24 pages
Mature and Secure:: Creating A CMMI and ISO/IEC 21827 Compliant Process Improvement Program
incosewma
No ratings yet
Securing The IT Environment at Microsoft
Document26 pages
Securing The IT Environment at Microsoft
santy1992
No ratings yet
Make Trip Test Plan
Document11 pages
Make Trip Test Plan
Lê Tuấn Kiệt
100% (1)
ICT Testing Guide - L
Document11 pages
ICT Testing Guide - L
Arun Chugha
No ratings yet
FRC Audit Portal Pres.
Document9 pages
FRC Audit Portal Pres.
bilalghaznavi
No ratings yet
Assurance Technologies Principles and Practices: A Product, Process, and System Safety Perspective
From Everand
Assurance Technologies Principles and Practices: A Product, Process, and System Safety Perspective
Dev G. Raheja
No ratings yet
Software Error Detection through Testing and Analysis
From Everand
Software Error Detection through Testing and Analysis
J. C. Huang
No ratings yet
CCcam - CFG Simple
Document3 pages
CCcam - CFG Simple
Sadia Kanwal
No ratings yet
Blockchain Developer: Term 1: Fundamentals
Document6 pages
Blockchain Developer: Term 1: Fundamentals
Vivek Shukla
No ratings yet
Rules 5 Edition Changes: Mrs. Michelle Maxwell, IAOB
Document20 pages
Rules 5 Edition Changes: Mrs. Michelle Maxwell, IAOB
sudar1477
No ratings yet
S 4 TCPUSEW H NI6 Product Specifications
Document2 pages
S 4 TCPUSEW H NI6 Product Specifications
hassan329
No ratings yet
NPT Packet System Specifications
Document166 pages
NPT Packet System Specifications
Alex Ferreira
No ratings yet
Genex Cloud ACP Guideline
Document10 pages
Genex Cloud ACP Guideline
Mohammad Ridwan
No ratings yet
As 3868-1991 Earth-Moving Machinery - Design Guide For Access Systems
Document7 pages
As 3868-1991 Earth-Moving Machinery - Design Guide For Access Systems
SAI Global - APAC
0% (1)
2.4.1.4 Packet Tracer - Troubleshooting PPP With Authentication - Robinson Paul Ordoñez
Document2 pages
2.4.1.4 Packet Tracer - Troubleshooting PPP With Authentication - Robinson Paul Ordoñez
Israel Sánchez
No ratings yet
MFD
Document539 pages
MFD
Javier Alejandro Quinga
No ratings yet
Pil 01 Pilc PDF
Document6 pages
Pil 01 Pilc PDF
ginamaria10
No ratings yet
PaloAltoNetworks Network Design Guide
Document110 pages
PaloAltoNetworks Network Design Guide
Liam Cowden
100% (1)
Sdnsplus 5 1
Document78 pages
Sdnsplus 5 1
Praveen Kumar Mandala
No ratings yet
Asf Eom5000 M - mk2 - User Guide Rel22
Document33 pages
Asf Eom5000 M - mk2 - User Guide Rel22
Jorge Jose Mamani Coaquira
No ratings yet
Link1 20140808032910
Document8 pages
Link1 20140808032910
Kawuma Abel
No ratings yet
MOL - Central Front End Compression Facility Project: PAGE: 1 of 13 Rev: 0 DATE: 11-Mar-2017
Document13 pages
MOL - Central Front End Compression Facility Project: PAGE: 1 of 13 Rev: 0 DATE: 11-Mar-2017
eke23
No ratings yet
Jeep Install Remote Start
Document27 pages
Jeep Install Remote Start
gertverbeke
No ratings yet
CAT-2033 MRM-700U Series Manual Stations
Document2 pages
CAT-2033 MRM-700U Series Manual Stations
Oscar Huamán
No ratings yet
D6298-13 Standard Specification For Fiberglass Reinforced Styrene-Butadiene-Styrene (SBS) Modified Bituminous Sheets With A Factory Applied Metal Surface
Document3 pages
D6298-13 Standard Specification For Fiberglass Reinforced Styrene-Butadiene-Styrene (SBS) Modified Bituminous Sheets With A Factory Applied Metal Surface
Satya kaliprasad vangara
No ratings yet
Standards
Document3 pages
Standards
happystamps
100% (1)
Digital Network - Lecturer1
Document38 pages
Digital Network - Lecturer1
Jumanne Ally
No ratings yet