PM

RMF Control PM-3: Information Security and Privacy Resources requires organizations to ensure that all capital planning and investment requests include the resources needed to implement the information security and privacy programs, and documents all exceptions to this requirement. Organizations should also prepare documentation required for addressing information security and privacy programs in capital planning and …

RMF Control PM-12: Insider Threat Program requires organizations to implement an insider threat program that includes a cross-discipline insider threat incident handling team. Insider threat programs are designed to detect, prevent, and mitigate insider threats. Insider threats are threats to an organization that come from within the organization, such as employees, contractors, and vendors. Supplemental …

RMF Control PM-5: System Inventory requires organizations to maintain an accurate and up-to-date inventory of all information systems and their components. This inventory must include the following information: Supplemental Guidance The Risk Management Framework (RMF) is a cybersecurity framework that provides a process for managing cybersecurity risk to systems and organizations. RMF Control PM-5: System …