Step 1. Place your order
Fill in the order form and provide all details of your assignment.
Step 2. Make Payment
Choose the payment system that suits you most.
Step 3. Receive your paper
Consist of 50 pages of content. Reference 20 valid sources. Include a title page
Place your order now for a similar assignment and have exceptional work written by our team of experts, At affordable rates
Consist of 50 pages of content.
Reference 20 valid sources.
Include a title page, abstract, content, reference page, and table of contents. Follow APA 7 formatting standards.
Topic: Risk Management Framework: Its Applicability for Information Systems and Organizations Abstract
This paper will explore how the Risk Management Framework (RMF) process can be applied to provide a structured methodology in managing security practices, thus reducing overall risk to Information Systems (IS) and organizations that store, process, and transmit data. This paper will discuss the seven-step process of RMF used by federal Information Technology (IT) systems and its applicability to the design, development, maintenance, and eventual decommissioning of an IS. Lastly, it will discuss how RMF can be applied to organizations outside of federal government providing executive leaders the necessary information for making efficient, risk management decisions about IS by integrating privacy and security into the development of an IS life cycle. Can also discuss the transisiton from Defense Information Technology Security Certification and Accreditation Process (DITSCAP) to Defense Information Assurance Certification and Accreditation Process (DIACAP) to Risk Management Framework (RMF).
Publications and Governance can be accessed from this link:
Laws and Executive Orders
>Federal Information Security Modernization Act of 2014
>Appendix III to OMB Circular No. A-130 – Security of Federal Automated Information Resources
FEDERAL INFORMATION PROCESSING STANDARDS (FIPS) PUBLICATIONS
>FIPS 199 (Security Categorization), February 2004
>FIPS 200 (Minimum Security Controls), March 2006
NIST.gov Special Publications
>SP 800-12 (An Introduction to Information Security), June 2017
>SP 800-18 (Security Plans), Feb 2006
>SP 800-30 (Risk Assessment), September 2012
>SP 800-34 (Contingency Planning), May 2010
>SP 800-37 Rev 2 (Risk Management Framework), December 2018
>SP 800-39 (Organizational Risk Management), March 2011
>SP 800-53 Rev. 4 (Security and Privacy Controls for Federal Information Systems and Organizations), January 2014
>SP 800-53A Rev 4 (Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans), December 2014
>SP 800-53B Rev 4 (Control Baselines for Information Systems and Orgainzations), October 2020
>SP 800-53 Rev. 5 (Security and Privacy Controls for Information Systems and Organizations), September 2020
>SP 800-55 Rev 1 (Performance Measurement Guide for Information Security), July 2008
>SP 800-59 (National Security Systems), August 2003
>SP 800-60 Rev. 1 (Security Categorization), Volume 1, August 2008
>SP 800-60 Rev. 1 (Security Categorization), Volume 2, August 2008
>SP 800-61 Rev. 2(Incident Response Planning), August 2012
>SP 800-137 (Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations), September 2011 >SP 800-137A (Assessing Information Security Continuous Monitoring (ISCM) Programs: Developing an ISCM Program Assessment), May 2020 Department of Defense Instructions
>DoDI 8500.01 (Cybersecurity) >DoDI 8510.01 (RMF for DoD IT) Intelligence Community Directive
>ICD 503 (Risk Management, Certification and Accreditation) DISA CLOUD COMPUTING SUPPLEMENTAL GUIDANCE AND INFORMATION
>DISA Cloud Computing Security Requirements Guide v1r3 >Best Practices Guide for DoD Cloud Mission Owners
>Cloud Connection Process Guide v2
>Cloud Related Baselines and eMASS Cloud Overlays Ver. 1, Rel 1
>DoD Cloud Cyberspace Protection Guide
>DoD Cyber Activities Performed for Cloud Service Memo
>Secure Cloud Computing Architecture (SCCA) Functional Requirements (FR) v2-9
>DISA Cloud Service Catalog, December 2018 (up to date as of Sept. 2020)