Govur University Logo
--> --> --> -->
...

Describe the process of selecting security controls for a specific information system.



The process of selecting security controls for a specific information system is a critical step within the Risk Management Framework (RMF) and is essential for safeguarding the system and its data. This process involves several key stages: 1. System Categorization: Before selecting security controls, the information system must be categorized based on its potential impact on confidentiality, integrity, and availability. This categorization determines the baseline set of security controls that should be considered. Systems are categorized as Low, Moderate, or High for each of these impact factors. 2. Control Selection Baseline: Once the system is categorized, a baseline set of security controls is identified. These controls are selected based on the system's categorization and are drawn from established control families, such as those outlined in NIST Special Publication 800-53. 3. Tailoring Controls: While the baseline controls provide a starting point, they are not one-size-fits-all. The organization must tailor these controls to fit the specific characteristics and risks of the information system. Tailoring involves adjusting the control parameters....

Log in to view the answer



Community Answers

Sign in to open profiles and full community answers.

No community answers yet. Be the first to submit one.

Redundant Elements