Trackr.Live The landing site for Trackr Services
§ Tag
Tag

Control

CA

CA-2: Control Assessments

RMF Control CA-2: Control Assessments requires organizations to assess the implementation and effectiveness of security controls. This includes assessing the controls that are in place to protect information systems and their data. Supplemental Guidance The Risk Management Framework (RMF) is a cybersecurity framework that provides a process for managing cybersecurity risk to systems and organizations. …

·
AU

AU-12: Audit Record Generation

RMF Control AU-12: Audit Record Generation requires organizations to generate audit records for auditable events. Audit records are records of events that occur on information systems. They can be used to track user activity, detect suspicious activity, and investigate security incidents. Supplemental Guidance The Risk Management Framework (RMF) is a cybersecurity framework that provides a …

·
SR

SR-5: Acquisition Strategies, Tools, and Methods

RMF Control SR-5: Acquisition Strategies, Tools, and Methods requires organizations to implement strategies, tools, and methods to protect their supply chains and ensure that they are acquiring secure information systems and components. Supplemental Guidance The Risk Management Framework (RMF) is a cybersecurity framework that provides a process for managing cybersecurity risk to systems and organizations. …

·
SI

SI-7: Software, Firmware, and Information Integrity

RMF Control SI-7: Software, Firmware, and Information Integrity requires organizations to implement integrity verification tools to detect unauthorized changes to software, firmware, and information. Supplemental Guidance The Risk Management Framework (RMF) is a cybersecurity framework that provides a process for managing cybersecurity risk to systems and organizations. RMF Control SI-7: Software, Firmware, and Information Integrity …

·
SC

SC-6: Resource Availability

RMF Control SC-6: Resource Availability requires organizations to allocate resources to protect the availability of information systems. This includes allocating resources to protect against denial-of-service attacks, resource exhaustion attacks, and other attacks that can disrupt the availability of information systems. Supplemental Guidance The Risk Management Framework (RMF) is a cybersecurity framework that provides a process …

·
SA

SA-5: System Documentation

RMF Control SA-5: System Documentation requires organizations to develop and maintain documentation for their information systems. This documentation should describe the information system, its components, and its security controls. Supplemental Guidance The Risk Management Framework (RMF) is a cybersecurity framework that provides a process for managing cybersecurity risk to systems and organizations. RMF Control SA-5: …

·
RA

RA-5: Vulnerability Monitoring and Scanning

RMF Control RA-5: Vulnerability Monitoring and Scanning requires organizations to implement and maintain vulnerability monitoring and scanning tools and processes to identify, assess, and prioritize vulnerabilities in information systems. Supplemental Guidance The Risk Management Framework (RMF) is a cybersecurity framework that provides a process for managing cybersecurity risk to systems and organizations. RMF Control RA-5: …

·
PT

PT-5: Privacy Notice

RMF Control PT-5: Privacy Notice requires organizations to provide individuals with notice of the personally identifiable information (PII) that is collected, used, disclosed, and retained, and how to exercise their privacy rights. Supplemental Guidance The Risk Management Framework (RMF) is a cybersecurity framework that provides a process for managing cybersecurity risk to systems and organizations. …

·
PS

PS-4: Personnel Termination

RMF Control PS-4: Personnel Termination requires organizations to disable information system access within a defined time period, terminate or revoke any authenticators and credentials associated with the individual, conduct exit interviews that include a discussion of security topics, retrieve all security-related organizational information system-related property, and retain access to organizational information and systems formerly controlled …

·
PM

PM-12: Insider Threat Program

RMF Control PM-12: Insider Threat Program requires organizations to implement an insider threat program that includes a cross-discipline insider threat incident handling team. Insider threat programs are designed to detect, prevent, and mitigate insider threats. Insider threats are threats to an organization that come from within the organization, such as employees, contractors, and vendors. Supplemental …

·