RMF Step 4: Assess

Question 1

Guidance

Answer 1

NIST 800-53A guide to assessing controls

NIST 800-115 technical guide to assessment

Question 2

3 methods used by assessors

Answer 2

Examine - reviewing objects
Interview - discussion w/ people
Testing - exercising objects

Question 3

POA&Ms

Answer 3

this step is where POA&Ms come into effect

Question 4

Inputs and Outputs of Step 4: Assess

Answer 4

INPUT

• Implemented system
• documentation and action as required in controls

OUTPUT

• SAP
• Authorization package (SSP, SAR, POA&M)

Question 5

2 assessment methods

Answer 5

DEPTH
*level of detail

COVERAGE
*Scope of examination, interview, and testing processes

Question 6

Values of Depth attribute (3)

Answer 6

Basic examination - high level review

Focused examination - more in depth

comprehensive examination - detailed and thorough

Question 7

RMF Task 4-1

Answer 7

Develop plan to assess controls

Question 8

RMF Task 4-2

Answer 8

Assess controls according to procedures in SAP

Question 9

RMF Task 4-3

Answer 9

Prepare SAR documenting issues, findings, and recommendations from assessment

Question 10

RMF Task 4-4

Answer 10

Conduct initial remediation actions on controls based on findings of the SAR