top of page
RMF Step 3 - Implementation 

Guidance:  NIST SP 800-30; 37; 39; 53; 53A 137; CNSSI 1253F Attachments

  • Implement security controls

    • Analyzing scans (STIG, SCAP, ACAS, and Manual evaluations)

    • Documenting results of technical/manual test, interviews, and examinations

    • Provide justification for compliant and not applicable security controls

    • Initiate Plan of Action and Milestones for non compliant control

      • Provide remediation and mitigation strategy for vulnerabilities

    • Initiate System Risk Assessment Report

  • Client submission for assessment including supporting documents to 3rd Party Agent for compliance validation and recommendation to the Security Control Assessor​

bottom of page