§ Tag
Tag

RMF

AT

AT-3: Role-based Training

RMF Control AT-3: Role-based training requires organizations to provide training and awareness to personnel on information security and the protection of Controlled Unclassified Information (CUI), based on their roles and responsibilities. The training should include: Supplemental Guidance The Risk Management Framework (RMF) is a cybersecurity framework that provides a process for managing cybersecurity risk to …

·
AT

AT-2: Literacy Training and Awareness

RMF Control AT-2: Literacy Training and Awareness requires organizations to provide training and awareness to personnel on information security and the protection of Controlled Unclassified Information (CUI), including: Supplemental Guidance The Risk Management Framework (RMF) is a cybersecurity framework that provides a process for managing cybersecurity risk to systems and organizations. RMF Control AT-2: Literacy …

·
AT

AT-1: Policy and Procedures

RMF Control AT-1: Policy and Procedures requires organizations to develop, document, and disseminate to organization-defined personnel or roles: Supplemental Guidance The Risk Management Framework (RMF) is a cybersecurity framework that provides a process for managing cybersecurity risk to systems and organizations. RMF Control AT-1: Policy and Procedures is one of the controls in the AT …

·
AC

AC-25: Reference Monitor

RMF Control AC-25: Reference Monitor is a cybersecurity control that helps to protect information systems by ensuring that all access to information systems and resources is monitored and controlled. This control is important because it can help to prevent unauthorized access to information systems and resources, and to detect and respond to unauthorized access attempts.

·
AC

AC-24: Access Control Decisions

RMF Control AC-24: Access Control Decisions is a cybersecurity control that helps to protect information systems by ensuring that access control decisions are made based on the appropriate security attributes. Access control decisions are the decisions that are made about who can access which resources in an information system. Access Control Decisions Requirements The RMF …

·
AC

AC-23: Data Mining Protection

RMF Control AC-23: Data Mining Protection is a cybersecurity control that helps to protect information systems by detecting and protecting against unauthorized data mining. Data mining is the process of extracting knowledge from large datasets. While data mining can be a valuable tool, it can also be used to compromise the security of information systems. …

·
AC

AC-22: Publicly Accessible Content

RMF Control AC-22: Publicly Accessible Content is a cybersecurity control that helps to protect information systems by ensuring that publicly accessible content does not contain nonpublic information. This control is important because it can help to prevent unauthorized access to nonpublic information and to reduce the risk of data breaches. Publicly Accessible Content Requirements The …

·
AC

AC-21: Information Sharing

RMF Control AC-21: Information Sharing is a cybersecurity control that helps to protect information systems by facilitating and controlling the sharing of information between organizations. This control is important because it can help to improve the security posture of all organizations involved in the information sharing process. Information Sharing Requirements The RMF Control AC-21: Information …

·
AC

AC-20: Use of External Systems

RMF Control AC-20: Use of External Systems is a cybersecurity control that helps to protect information systems by limiting the use of external systems to access or process organization-controlled information. This control is important because it can help to prevent unauthorized access to information systems and data. Use of External Systems Requirements The RMF Control …

·
AC

AC-19: Access Control

RMF Control AC-19: Access Control for Mobile Devices is a cybersecurity control that helps to protect information systems by controlling access to information systems from mobile devices. This control is important because it can help to prevent unauthorized access to information systems and data. Access Control for Mobile Devices Requirements The RMF Control AC-19: Access …

·