Block 1 Day 4

Block 1 Day 4 Review Questions Objective 1G & 1H

RMF

incorporates strategy, policy, awareness/training, assessment, continuous monitoring, authorization, implementation, and remediation

RMF Step 1, Prepare

carry out essential activities at the org, mission and business process to help prepare the org to manage its security/privacy risks using RMF, includes the 18 task

RMF Step 2, Categorize System

Impact to confidentiality, integrity, and accessibility is categorized

RMF Step 3, Select security Control

Three distinct types of designations to include common, system-specific, and hybrid

RMF Step 4, Implement Security controls

Specified in the security plan in accordance with guidance found o the KS

RMF Step 5, Assess Security Controls

Develop, review,, and approve a plan to assess the security controls

RMF Step 6, Authorize System

Accreditation decisions, authorization to operate (ATO), Interim Authorization to Test (IATT), Denial pf authorization to Operate(DATO) involves CAT I, II, II

Severity Category - CAT I

Shall be corrected before an ATO is granted

Severity Category - CAT II

shall be corrected or satisfactorily mitigate before an ATO can be granted

Severity Category - CAT III

Does not prevent an ATO

Authorization to Connect (ATC)

allows system to connect to the AFIN or DODI

Denial of Authorization to Connect (DATC)

AF-AO determination an IS cannot connect to the Af-GIG because of an inadequate IA design, if already connected, the IS connection must be terminated

RMF Step 7, Monitor Security Controls

Continuously monitor the system for security-relevant events and configuration change that negatively affect security posture

AIM

Protect the Air Force, DoD and Government networks

ESSA

protect information pertaining to airforce, DOD and government operations

CORA

Mitigate the effects of lost air force, DoD and government operations, capabilities, and resources