RMF Step 5: Authorize Flashcards

1
Q

RMF Task 5-1

A

Prepare the POA&Ms based on findings and recommendations of SAR

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

RMF Task 5-2

A

Assemble security authorization package and submit the package to AO

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

RMF Task 5-3

A

Determine risk to operations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

RMF Task 5-4

A

Determine if risk is acceptable

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Guidance

A

SP 800-37 - RMF

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Security Authorization Package includes

A

SSP
SAR
POA&M

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Risk Assessment

A

A risk assessment involves the systematic identification and prioritization of risks to resources

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Assess Risk - Analysis includes …

A

1) identification of threats
2) assessment of vulnerabilities in controls
3) Calculation of risks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Guidance

A

NIST 800-30 rev 1: guide for conducting risk assessments

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

NIST 800-30: Guide for conducting risks STEPS

A

1) Prepare for assessment
2) Conduct the assessment
* Identify threat
* Identify vulnerability
* determine likelihood of occurrence
* determine impact
* determine risk
3) communication results
4) maintain assessment
* monitor AORs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

2 FACTORS FOR DETERMINING RISK

A

LEVEL OF IMPACT AND LIKELIHOOD

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Types of responses to risks

A

1) Accept & continue operatin
2) Transfer/Share to 3rd party
3) Mitigate - change assets
4) avoid - eliminate assets

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Authorization Decisions

A

1) ATO (up to 3 years)
2) Denial of ATO
3) Interim ATO (iATO)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

INPUTS AND OUTPUTS OF RMF STEP 5: AUTHORIZE

A

INPUTS

  • Security Authorization Package (SSP, POA&M, SAR)
  • input from risk executive
  • other artifacts

OUTPUTS
*AO Decision Document

How well did you know this?
1
Not at all
2
3
4
5
Perfectly