Independent Testing for Risk Management Framework (RMF) (eBook)
121 Seiten
Bookbaby (Verlag)
978-1-62675-596-3 (ISBN)
The purpose of this document is to describe the method by which the security controls will be assessed. In addition, the test methodology, test procedures, and test tools are described to ensure consistency and repeatability of the assessment process. The execution of this plan provides the assessment results, which are used as the basis for the decision by the Authorizing Official. An assessment of the system is a requirement of the Federal Information Security Management Act of 2002 (FISMA) as prescribed by the National Institute of Standards and Technology (NIST) Risk Management Framework guidance provided in NIST Special Publication (SP) 800-37 Rev. 1 (see Appendix K: Chart of NIST SP 800-37 Rev 1) to determine the extent to which the management, operational and technical security controls, selected by the System Owner, are satisfied. The assessment determines the extent that security controls selected for the system as identified in the System Security Plan (SSP) have been satisfied; this information is critical to the authorization decision process. The selected security controls included in the SSP should be developed from guidance provided in NIST Special Publication (SP) 800-53 Rev. 3, Recommended Security Control of Federal Information Systems and Organizations, and NIST SP 800-115, Technical Guide to Information Security Testing and Assessment, and the overall SSP should be developed from the NIST SP 800 Rev. 1, Guide for Developing Security Plans for Federal Information Systems. The scope of the assessment is to execute the plan for the system's annual assessment based on the required security controls as appropriate for a specific Security Categorization (SC) level (High, Moderate or Low) -impact system and identified in NIST SP 800-53, Rev 3, NIST SP 800-53A, Rev 1, and NIST SP 800-115. For the purposes of this assessment, the system inventory is defined as the inventory of devices, which was included in the SSP Package provided by the System Owner. The scope of the assessment is limited not only to the devices in the system inventory, but also to the network IP ranges for which testing has been authorized per the Rules of Engagement (ROE). Devices with an IP that is outside the authorized ROE network IP range should not be assessed, due to the Assessment Team's lack of authorization. The assessment will determine if the security controls defined in the SSP and required by NIST are implemented correctly, operating as intended, and are producing the desired outcome for the purpose of identifying a need to modify or update the deployed set of controls based on changes to the system since last authorization. The assessment will be conducted in accordance with the assessment methodology/procedures outlined in Chapters 3 and 4 for the three control classes (Management, Operational, Technical) as identified in Appendix E [as shown in Appendix E: Security Requirements Verification Matrix (SRVM)]. The process encompasses all devices (i.e., virtual or otherwise) and component types identified in the system inventory and Table 1 below, authorized in the ROE, and the assessment environment identified in Chapter 2, including the assessment team and their respective roles and responsibilities. All test activities should be performed in accordance with the Assessment Test Plan (ATP).
Erscheint lt. Verlag | 15.4.2013 |
---|---|
Sprache | englisch |
Themenwelt | Mathematik / Informatik ► Informatik ► Web / Internet |
ISBN-10 | 1-62675-596-5 / 1626755965 |
ISBN-13 | 978-1-62675-596-3 / 9781626755963 |
Haben Sie eine Frage zum Produkt? |
Größe: 11,4 MB
Kopierschutz: Adobe-DRM
Adobe-DRM ist ein Kopierschutz, der das eBook vor Mißbrauch schützen soll. Dabei wird das eBook bereits beim Download auf Ihre persönliche Adobe-ID autorisiert. Lesen können Sie das eBook dann nur auf den Geräten, welche ebenfalls auf Ihre Adobe-ID registriert sind.
Details zum Adobe-DRM
Dateiformat: EPUB (Electronic Publication)
EPUB ist ein offener Standard für eBooks und eignet sich besonders zur Darstellung von Belletristik und Sachbüchern. Der Fließtext wird dynamisch an die Display- und Schriftgröße angepasst. Auch für mobile Lesegeräte ist EPUB daher gut geeignet.
Systemvoraussetzungen:
PC/Mac: Mit einem PC oder Mac können Sie dieses eBook lesen. Sie benötigen eine
eReader: Dieses eBook kann mit (fast) allen eBook-Readern gelesen werden. Mit dem amazon-Kindle ist es aber nicht kompatibel.
Smartphone/Tablet: Egal ob Apple oder Android, dieses eBook können Sie lesen. Sie benötigen eine
Geräteliste und zusätzliche Hinweise
Buying eBooks from abroad
For tax law reasons we can sell eBooks just within Germany and Switzerland. Regrettably we cannot fulfill eBook-orders from other countries.
aus dem Bereich