• Purpose and Objectives for Initial RMF Steps
• Standards and Guidance for Completing RMF Steps 1 & 2
• Tasks in RMF Step 1: Categorize Information System
• Tasks in RMF Step 2: Select Security Controls
Government regulations require all federal agencies to provide adequate security for all information collected, processed, transmitted, stored, or disseminated in federal information systems . Because “adequate” means both risk based and cost effective, the level of security protection implemented for information systems varies across government organizations and, in some cases, within agencies as well. Despite the subjectivity of the adequate security requirement, FISMA ...