• Working with Security Control Baselines
• Key Roles and Responsibilities
• Tasks in RMF Step 3: Implement Security Controls
• Tasks in RMF Step 4: Assess Security Controls
Security control selection culminates in the specification of a tailored set of security controls—documented in the system security plan and approved by the system’s authorizing official—that the system owner and the organization agree will satisfy the minimum security requirements for the system. Having reached agreement on what security controls the system needs, the focus of the Risk Management Framework process shifts to implementing the selected security controls and ensuring that the controls ...