Trackr.Live The landing site for Trackr Services
§ Author
Author

Robert Weber

PE

PE-6: Monitoring Physical Access

RMF Control PE-6: Monitoring Physical Access requires organizations to monitor physical access to information systems, their components, and associated facilities. This monitoring can be done through a variety of methods, such as security guards, video surveillance, and access control systems. Supplemental Guidance The Risk Management Framework (RMF) is a cybersecurity framework that provides a process …

·
CP

CP-4: Contingency Plan Testing

RMF Control CP-4: Contingency Plan Testing requires organizations to test their contingency plans at least annually to ensure that they are effective and up-to-date. Contingency plans are plans that describe how an organization will respond to a disruption in its operations. Contingency plan testing is the process of simulating a disruption and evaluating the organization’s …

·
CM

CM-6: Configuration Settings

RMF Control CM-6: Configuration Settings requires organizations to establish and document configuration settings for information systems and their components that reflect the most restrictive mode consistent with operational requirements; implement the configuration settings; identify, document, and approve any deviations from established configuration settings; and monitor and control changes to the configuration settings in accordance with …

·
AU

AU-7: Audit Record Reduction and Report Generation

RMF Control AU-7: Audit Record Reduction and Report Generation requires organizations to implement an audit record reduction and report generation capability that supports on-demand audit review, analysis, and reporting requirements, and after-the-fact investigations of security incidents. Supplemental Guidance The Risk Management Framework (RMF) is a cybersecurity framework that provides a process for managing cybersecurity risk …

·
SR

SR-11: Component Authenticity

RMF Control SR-11: Component Authenticity requires organizations to develop and implement anti-counterfeit policy and procedures that include the means to detect and prevent counterfeit components from entering the system; and report counterfeit system components to [Assignment: organization-defined source of counterfeit component]. Supplemental Guidance The Risk Management Framework (RMF) is a cybersecurity framework that provides a …

·
SC

SC-37: Out-of-band Channels

RMF Control SC-37: Out-of-band Channels requires organizations to establish and maintain out-of-band channels for the physical delivery or electronic transmission of information, system components, or devices to designated individuals or information systems. Out-of-band channels are communication paths that are separate from the normal operational channels of an information system. This separation helps to protect organizations …

·
PM

PM-5: System Inventory

RMF Control PM-5: System Inventory requires organizations to maintain an accurate and up-to-date inventory of all information systems and their components. This inventory must include the following information: Supplemental Guidance The Risk Management Framework (RMF) is a cybersecurity framework that provides a process for managing cybersecurity risk to systems and organizations. RMF Control PM-5: System …

·
CA

CA-6: Authorization

RMF Control CA-6: Authorization requires organizations to authorize the operation of information systems and the processing, storage, and transmission of information by those systems. This authorization must be based on an assessment of the risks to the organization and the effectiveness of the organization’s security controls. Supplemental Guidance The Risk Management Framework (RMF) is a …

·
AU

AU-2: Event Logging

RMF Control AU-2: Event Logging requires organizations to implement a comprehensive event logging program to collect, analyze, and retain audit logs. Audit logs are records of events that occur on information systems. Event logging can help organizations to detect and respond to security incidents, investigate suspicious activity, and comply with regulations. Supplemental Guidance The Risk …

·
AU

AU-1: Policy and Procedures

RMF Control AU-1: Policy and Procedures requires organizations to establish and maintain a comprehensive set of policies and procedures to address the security and privacy of information systems and the information processed, stored, and transmitted by those systems. Supplemental Guidance The Risk Management Framework (RMF) is a cybersecurity framework that provides a process for managing …

·