Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CAP > RMF Task v Description > Flashcards

RMF Task v Description Flashcards

1
Q

Task 1-1

A

Security Categorization - Categorize the information system and document the results of the security categorization in the security plan.

  • Initiation
  • ISO and IO/Steward
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Task 1-2

A

Information System Description - Describe the information system (including system boundary) and document the description in the security plan.

  • Initiation
  • ISO
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Task 1-3

A

Information System Registration - Register the information system with appropriate organizational program/management offices.

  • Initiation
  • ISO
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Task 2-1

A

Common Control Identification - Identify the security controls that are provided by the organization as common controls for organizational information systems and document the controls in a security plan (or equivalent document).

  • Initiation
  • CIO, SISO, CCP, ISA
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Task 2-2

A

Security Control Selection - Select the security controls for the information system and document the controls in the security plan.

  • Initiation
  • ISO and ISA
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Task 2-3

A

Continuous Monitoring Strategy - Develop a strategy for the continuous monitoring of security control effectiveness and any proposed or actual changes to the information system and its environment of operation.

  • Initiation
  • CCP and ISO
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Task 2-4

A

Security Plan Approval - Review and approve the security plan.

  • Development
  • AO and AODR
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Task 3-1

A

Security Control Implementation - Implement the security controls specified in the security plan.

  • Development and Implementation
  • CCP and ISO
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Task 3-2

A

Security Control Documentation - Document the security control implementation, as appropriate, in the security plan, providing a functional description of the control implementation (including planned inputs, expected behavior, and expected outputs).

  • Development and Implementation
  • CCP and ISO
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Task 4-1

A

Assessment Preparation - Develop, review, and approve a plan to assess the security controls.

  • Development and Implementation
  • SCA
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Task 4-2

A

Security Control Assessment - Assess the security controls in accordance with the assessment procedures defined in the security assessment plan.

  • Development and Implementation
  • SCA
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Task 4-3

A

Security Assessment Report (SAR) - Prepare the security assessment report documenting the issues, findings, and recommendations from the security control assessment.

  • Development and Implementation
  • SCA
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Task 4-4

A

Remediation Actions - Conduct initial remediation actions on security controls based on the findings and recommendations of the security assessment report and reassess remediated control(s), as appropriate.

  • Development and Implementation
  • SCA, CCP and ISO
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Task 5-1

A

Plan of Actions and Milestones (POAMs) - Prepare the plan of action and milestones based on the findings and recommendations of the security assessment report excluding any remediation actions taken.

  • Implementation
  • CCP and ISO
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Task 5-2

A

Security Authorization Package - Assemble the security authorization package and submit the package to the authorizing official for adjudication.

  • Implementation
  • CCP and ISO
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Task 5-3

A

Risk Determination - Determine the risk to organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, or the Nation.

  • Implementation
  • AO and AODR
17
Q

Task 5-4

A

Risk Acceptance - Determine if the risk to organizational operations, organizational assets, individuals, other organizations, or the Nation is acceptable.

  • Implementation
  • AO
18
Q

Task 6-1

A

Information System and Environment Changes - Determine the security impact of proposed or actual changes to the information system and its environment of operation.

  • Operations and Maintenance
  • CCP and ISO
19
Q

Task 6-2

A

Ongoing Security Control Assessments - Assess the technical, management, and operational security controls employed within and inherited by the information system in accordance with the organization-defined monitoring strategy.

  • Operations and Maintenance
  • SCA
20
Q

Task 6-3

A

Ongoing Remediation Actions - Conduct remediation actions based on the results of ongoing monitoring activities, assessment of risk, and outstanding items in the plan of action and milestones.

  • Operations and Maintenance
  • CCP and ISO
21
Q

Task 6-4

A

Key Updates - Update the security plan, security assessment report, and plan of action and milestones based on the results of the continuous monitoring process.

  • SSP, SAR and POAM are the documents focused on
  • Operations and Maintenance
  • CCP and ISO
22
Q

Task 6-5

A

Security Status Reporting - Report the security status of the information system (including the effectiveness of security controls employed within and inherited by the system) to the authorizing official and other appropriate organizational officials on an ongoing basis in accordance with the monitoring strategy.

  • Operations and Maintenance
  • CCP and ISO
23
Q

Task 6-6

A

Ongoing Risk Determination and Acceptance - Review the reported security status of the information system (including the effectiveness of security controls employed within and inherited by the system) on an ongoing basis in accordance with the monitoring strategy to determine whether the risk to organizational operations, organizational assets, individuals, other organizations, or the Nation remains acceptable.

  • Operations and Maintenance
  • AO
24
Q

Task 6-7

A

Information System Removal and Disposal - Implement an information system disposal strategy, when needed, which executes required actions when a system is removed from service.

  • Disposal
  • ISO
25
Q

How many sub tasks are in each task?

A

1: 3
2: 4
3: 2
4: 4
5: 4
6: 7

CAP (4 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions