top of page
vCyberSec A&A Development Svcs LLC
RMF Step 1 - Categorization
-
Define Roles and Responsibilities
-
Define system as NSS/Non-NSS
-
Review System Architectural Design and Data Flow
-
Trace HW/Firmware, SW/OS, Virtual Assets
-
-
Define Information Types and Provisional Impact Level
-
Confidentiality, Integrity, Availability | Low/Moderate/High
-
Information Type Deviations
-
-
Set Information System Impact Level
-
Confidentiality, Integrity, Availability | Low/Moderate/High
-
-
Assess and include Overlays (if required)
-
Assess system supporting artifacts
-
Formally complete a Portfolio Management System Registration
Guidance: NIST SP 800-37, 59, 60 Vol I & II, CNSSI 1253; FIPS 199 & 200
bottom of page