RMF Step 4: Assess Flashcards

1
Q

Guidance

A

NIST 800-53A guide to assessing controls

NIST 800-115 technical guide to assessment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

3 methods used by assessors

A

Examine - reviewing objects
Interview - discussion w/ people
Testing - exercising objects

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

POA&Ms

A

this step is where POA&Ms come into effect

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Inputs and Outputs of Step 4: Assess

A

INPUT

  • Implemented system
  • documentation and action as required in controls

OUTPUT

  • SAP
  • Authorization package (SSP, SAR, POA&M)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

2 assessment methods

A

DEPTH
*level of detail

COVERAGE
*Scope of examination, interview, and testing processes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Values of Depth attribute (3)

A

Basic examination - high level review

Focused examination - more in depth

comprehensive examination - detailed and thorough

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

RMF Task 4-1

A

Develop plan to assess controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

RMF Task 4-2

A

Assess controls according to procedures in SAP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

RMF Task 4-3

A

Prepare SAR documenting issues, findings, and recommendations from assessment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

RMF Task 4-4

A

Conduct initial remediation actions on controls based on findings of the SAR

How well did you know this?
1
Not at all
2
3
4
5
Perfectly