Studied by 0 people
Block 1 Day 4 Review Questions Objective 1G & 1H
RMF
incorporates strategy, policy, awareness/training, assessment, continuous monitoring, authorization, implementation, and remediation
RMF Step 1, Prepare
carry out essential activities at the org, mission and business process to help prepare the org to manage its security/privacy risks using RMF, includes the 18 task
RMF Step 2, Categorize System
Impact to confidentiality, integrity, and accessibility is categorized
RMF Step 3, Select security Control
Three distinct types of designations to include common, system-specific, and hybrid
RMF Step 4, Implement Security controls
Specified in the security plan in accordance with guidance found o the KS
RMF Step 5, Assess Security Controls
Develop, review,, and approve a plan to assess the security controls
RMF Step 6, Authorize System
Accreditation decisions, authorization to operate (ATO), Interim Authorization to Test (IATT), Denial pf authorization to Operate(DATO) involves CAT I, II, II
Severity Category - CAT I
Shall be corrected before an ATO is granted
Severity Category - CAT II
shall be corrected or satisfactorily mitigate before an ATO can be granted
Severity Category - CAT III
Does not prevent an ATO
Authorization to Connect (ATC)
allows system to connect to the AFIN or DODI
Denial of Authorization to Connect (DATC)
AF-AO determination an IS cannot connect to the Af-GIG because of an inadequate IA design, if already connected, the IS connection must be terminated
RMF Step 7, Monitor Security Controls
Continuously monitor the system for security-relevant events and configuration change that negatively affect security posture
AIM
Protect the Air Force, DoD and Government networks
ESSA
protect information pertaining to airforce, DOD and government operations
CORA
Mitigate the effects of lost air force, DoD and government operations, capabilities, and resources
Note 
Flashcard (220)