vCyberSec A&A Development Svcs LLC
RMF Step 2 - Selection
Guidance: NIST SP 800-30; 37; 39; 53; 137; CNSSI 1253F Attachments
-
Identify baseline security controls, enhancements and overlays
-
Identify common control providers and inheritance
-
Identify external common controls and compensating controls
-
Tailor all security controls, enhancements, overlays and compensating controls by selecting/adjusting:
-
Common Control Provider Inheritance
-
External Inheritance
-
Dependent System Inheritance
-
Compensating Controls
-
Not Applicable Security Controls
-
-
Initiate Information System Continuous Monitoring Strategy
-
Monitored Security Controls
-
Unmonitored Security Controls
-
-
Coordinate and sync with Validation Assessor | 3rd Party/Trusted Agent
-
Development of Security Assessment Plan
-
-
Receive concurrence and approvals
-
SCA approve Security Assessment Plan
-
AO concur with System Security Plan and ISCM Strategy
-