Trackr.Live The landing site for Trackr Services
§ Trackr.Live
Latest writing

Notes from Trackr.Live

The landing site for Trackr Services

SC

SC-6: Resource Availability

RMF Control SC-6: Resource Availability requires organizations to allocate resources to protect the availability of information systems. This includes allocating resources to protect against denial-of-service attacks, resource exhaustion attacks, and other attacks that can disrupt the availability of information systems. Supplemental Guidance The Risk Management Framework (RMF) is a cybersecurity framework that provides a process …

·
SA

SA-5: System Documentation

RMF Control SA-5: System Documentation requires organizations to develop and maintain documentation for their information systems. This documentation should describe the information system, its components, and its security controls. Supplemental Guidance The Risk Management Framework (RMF) is a cybersecurity framework that provides a process for managing cybersecurity risk to systems and organizations. RMF Control SA-5: …

·
RA

RA-5: Vulnerability Monitoring and Scanning

RMF Control RA-5: Vulnerability Monitoring and Scanning requires organizations to implement and maintain vulnerability monitoring and scanning tools and processes to identify, assess, and prioritize vulnerabilities in information systems. Supplemental Guidance The Risk Management Framework (RMF) is a cybersecurity framework that provides a process for managing cybersecurity risk to systems and organizations. RMF Control RA-5: …

·
PT

PT-5: Privacy Notice

RMF Control PT-5: Privacy Notice requires organizations to provide individuals with notice of the personally identifiable information (PII) that is collected, used, disclosed, and retained, and how to exercise their privacy rights. Supplemental Guidance The Risk Management Framework (RMF) is a cybersecurity framework that provides a process for managing cybersecurity risk to systems and organizations. …

·
PS

PS-4: Personnel Termination

RMF Control PS-4: Personnel Termination requires organizations to disable information system access within a defined time period, terminate or revoke any authenticators and credentials associated with the individual, conduct exit interviews that include a discussion of security topics, retrieve all security-related organizational information system-related property, and retain access to organizational information and systems formerly controlled …

·
PM

PM-12: Insider Threat Program

RMF Control PM-12: Insider Threat Program requires organizations to implement an insider threat program that includes a cross-discipline insider threat incident handling team. Insider threat programs are designed to detect, prevent, and mitigate insider threats. Insider threats are threats to an organization that come from within the organization, such as employees, contractors, and vendors. Supplemental …

·
PE

PE-6: Monitoring Physical Access

RMF Control PE-6: Monitoring Physical Access requires organizations to monitor physical access to information systems, their components, and associated facilities. This monitoring can be done through a variety of methods, such as security guards, video surveillance, and access control systems. Supplemental Guidance The Risk Management Framework (RMF) is a cybersecurity framework that provides a process …

·
CP

CP-4: Contingency Plan Testing

RMF Control CP-4: Contingency Plan Testing requires organizations to test their contingency plans at least annually to ensure that they are effective and up-to-date. Contingency plans are plans that describe how an organization will respond to a disruption in its operations. Contingency plan testing is the process of simulating a disruption and evaluating the organization’s …

·
CM

CM-6: Configuration Settings

RMF Control CM-6: Configuration Settings requires organizations to establish and document configuration settings for information systems and their components that reflect the most restrictive mode consistent with operational requirements; implement the configuration settings; identify, document, and approve any deviations from established configuration settings; and monitor and control changes to the configuration settings in accordance with …

·
AU

AU-7: Audit Record Reduction and Report Generation

RMF Control AU-7: Audit Record Reduction and Report Generation requires organizations to implement an audit record reduction and report generation capability that supports on-demand audit review, analysis, and reporting requirements, and after-the-fact investigations of security incidents. Supplemental Guidance The Risk Management Framework (RMF) is a cybersecurity framework that provides a process for managing cybersecurity risk …

·