Trackr.Live The landing site for Trackr Services
§ Author
Author

Robert Weber

PM

PM-3: Information Security and Privacy Resources

RMF Control PM-3: Information Security and Privacy Resources requires organizations to ensure that all capital planning and investment requests include the resources needed to implement the information security and privacy programs, and documents all exceptions to this requirement. Organizations should also prepare documentation required for addressing information security and privacy programs in capital planning and …

·
PL

PL-6: Security-Related Activity Planning

RMF Control PL-6: Security-Related Activity Planning requires organizations to plan and coordinate security-related activities affecting information systems before conducting such activities in order to reduce the impact on organizational operations (i.e., mission, functions, image, and reputation), organizational assets, and individuals. Supplemental Guidance The Risk Management Framework (RMF) is a cybersecurity framework that provides a process …

·
PE

PE-14: Environmental Controls

RMF Control PE-14: Environmental Controls requires organizations to implement controls to protect information systems from environmental hazards. Environmental hazards can include temperature, humidity, dust, power outages, and natural disasters. Supplemental Guidance The Risk Management Framework (RMF) is a cybersecurity framework that provides a process for managing cybersecurity risk to systems and organizations. RMF Control PE-14: …

·
MP

MP-6: Media Sanitization

RMF Control MP-6: Media Sanitization requires organizations to sanitize media before it is disposed of or reused to prevent unauthorized access to information. Media can include hard drives, solid-state drives, optical discs, and magnetic tapes. Supplemental Guidance The Risk Management Framework (RMF) is a cybersecurity framework that provides a process for managing cybersecurity risk to …

·
MA

MA-3: Maintenance Tools

RMF Control MA-3: Maintenance Tools requires organizations to inspect and control maintenance tools to protect information systems from unauthorized access or modification. Maintenance tools can include hardware, software, and firmware that are used to diagnose, repair, or update information systems. Supplemental Guidance The Risk Management Framework (RMF) is a cybersecurity framework that provides a process …

·
IR

IR-5: Incident Monitoring

RMF Control IR-5: Incident Monitoring requires organizations to track and document information system security incidents. This includes identifying incidents, assessing their impact, and taking steps to mitigate the impact and prevent future incidents. Supplemental Guidance The Risk Management Framework (RMF) is a cybersecurity framework that provides a process for managing cybersecurity risk to systems and …

·
IA

IA-5: Authenticator Management

RMF Control IA-5: Authenticator Management requires organizations to select, implement, and manage authenticators to verify the identity of users attempting to access information systems or data. Supplemental Guidance The Risk Management Framework (RMF) is a cybersecurity framework that provides a process for managing cybersecurity risk to systems and organizations. RMF Control IA-5: Authenticator Management is …

·
CP

CP-5: Contingency Plan Update

RMF Control CP-5: Contingency Plan Update is a withdrawn control that was incorporated into RMF Control CP-2: Contingency Plan. Supplemental Guidance The Risk Management Framework (RMF) is a cybersecurity framework that provides a process for managing cybersecurity risk to systems and organizations. RMF Control CP-5: Contingency Plan Update was one of the controls in the …

·
CM

CM-4: Impact Analyses

RMF Control CM-4: Impact Analyses requires organizations to perform impact analyses to identify and assess the potential impacts of changes to information systems on security and privacy. This includes assessing the impacts of changes on the security controls that are in place to protect the information system and its data. Supplemental Guidance The Risk Management …

·
CA

CA-2: Control Assessments

RMF Control CA-2: Control Assessments requires organizations to assess the implementation and effectiveness of security controls. This includes assessing the controls that are in place to protect information systems and their data. Supplemental Guidance The Risk Management Framework (RMF) is a cybersecurity framework that provides a process for managing cybersecurity risk to systems and organizations. …

·