Trackr.Live The landing site for Trackr Services
§ Trackr.Live
Latest writing

Notes from Trackr.Live

The landing site for Trackr Services

SR

SR-11: Component Authenticity

RMF Control SR-11: Component Authenticity requires organizations to develop and implement anti-counterfeit policy and procedures that include the means to detect and prevent counterfeit components from entering the system; and report counterfeit system components to [Assignment: organization-defined source of counterfeit component]. Supplemental Guidance The Risk Management Framework (RMF) is a cybersecurity framework that provides a …

·
SC

SC-37: Out-of-band Channels

RMF Control SC-37: Out-of-band Channels requires organizations to establish and maintain out-of-band channels for the physical delivery or electronic transmission of information, system components, or devices to designated individuals or information systems. Out-of-band channels are communication paths that are separate from the normal operational channels of an information system. This separation helps to protect organizations …

·
PM

PM-5: System Inventory

RMF Control PM-5: System Inventory requires organizations to maintain an accurate and up-to-date inventory of all information systems and their components. This inventory must include the following information: Supplemental Guidance The Risk Management Framework (RMF) is a cybersecurity framework that provides a process for managing cybersecurity risk to systems and organizations. RMF Control PM-5: System …

·
CA

CA-6: Authorization

RMF Control CA-6: Authorization requires organizations to authorize the operation of information systems and the processing, storage, and transmission of information by those systems. This authorization must be based on an assessment of the risks to the organization and the effectiveness of the organization’s security controls. Supplemental Guidance The Risk Management Framework (RMF) is a …

·
AU

AU-2: Event Logging

RMF Control AU-2: Event Logging requires organizations to implement a comprehensive event logging program to collect, analyze, and retain audit logs. Audit logs are records of events that occur on information systems. Event logging can help organizations to detect and respond to security incidents, investigate suspicious activity, and comply with regulations. Supplemental Guidance The Risk …

·
AU

AU-1: Policy and Procedures

RMF Control AU-1: Policy and Procedures requires organizations to establish and maintain a comprehensive set of policies and procedures to address the security and privacy of information systems and the information processed, stored, and transmitted by those systems. Supplemental Guidance The Risk Management Framework (RMF) is a cybersecurity framework that provides a process for managing …

·
AT

AT-6: Training Feedback

RMF Control AT-6: Training Feedback requires organizations to solicit and incorporate feedback from personnel to continually improve the effectiveness of information security and privacy training. Supplemental Guidance The Risk Management Framework (RMF) is a cybersecurity framework that provides a process for managing cybersecurity risk to systems and organizations. RMF Control AT-6: Training Feedback is one …

·
AT

AT-5: Contacts with Security Groups and Associations

RMF Control AT-5: Contacts with Security Groups and Associations requires organizations to establish and institutionalize contact with selected groups and associations within the security community to facilitate ongoing security education and training for organizational personnel; maintain currency with recommended security practices, techniques, and technologies; and share current security-related information including threats, vulnerabilities, and incidents. Supplemental …

·
AT

AT-4: Training Records

RMF Control AT-4: Training Records requires organizations to document and monitor individual information security and privacy training activities, including security and privacy awareness training and specific role-based security and privacy training; and retain individual training records for [Assignment: organization-defined time period]. Supplemental Guidance The Risk Management Framework (RMF) is a cybersecurity framework that provides a …

·
AT

AT-3: Role-based Training

RMF Control AT-3: Role-based training requires organizations to provide training and awareness to personnel on information security and the protection of Controlled Unclassified Information (CUI), based on their roles and responsibilities. The training should include: Supplemental Guidance The Risk Management Framework (RMF) is a cybersecurity framework that provides a process for managing cybersecurity risk to …

·