RMF Task/Description v Phase and Role Flashcards
1-1: Security Categorization
- Initiation
- ISO and IO/Steward
1-2: Information System Description
- Initiation
- ISO
1-3: Information System Registration
- Initiation
- ISO
2-1: Common Control Identification
- Initiation
- CIO, CISO, CCP, ISA
2-2: Security Control Selection
- Initiation
- ISO and ISA
2-3: Continuous Monitoring Strategy
- Initiation
- CCP and ISO
2-4: Security Plan Approval
- Development
- AO and AODR
3-1: Security Control Implementation
- Development and Implementation
- CCP and ISO
3-2: Security Control Documentation
- Development and Implementation
- CCP and ISO
4-1: Assessment Preparation
- Development and Implementation
- SCA
4-2: Security Control Assessment
- Development and Implementation
- SCA
4-3: Security Assessment Report (SAR)
- Development and Implementation
- SCA
4-4: Remediation Actions
- Development and Implementation
- SCA, CCP and ISO
5-1: Plan of Actions and Milestones (POAMs)
- Implementation
- CCP and ISO
5-2: Security Authorization Package
- Implementation
- CCP and ISO
5-3: Risk Determination
- Implementation
- AO and AODR
5-4: Risk Acceptance
- Implementation
- AO
6-1: Information System and Environment Changes
- Operations and Maintenance
- CCP and ISO
6-2: Ongoing Security Control Assessment
- Operations and Maintenance
- SCA
6-3: Ongoing Remediation Actions
- Operations and Maintenance
- CCP and ISO
6-4: Key Updates
- Operations and Maintenance
- CCP and ISO
6-5: Security Status Reporting
- Operations and Maintenance
- CCP and ISO
6-6: Ongoing Risk Determination and Acceptance
- Operations and Maintenance
- AO
6-7: Information System Removal and Disposal
- Disposal
- ISO
