Is RMF an audit? Appraisal? Assessment?

RMF primarily acts as an assessment, rather than an audit or appraisal. In steps 5 and 6 of the process, RMF uses a process referred to as ‘Assessment and Authorization (A&A). Once an organization has successfully prepared, categorized systems, and selected and implemented controls, it now must assess and authorize, hence the name of the process. The assessment is a complicated process overseen by many senior officials who make up a broad range of roles. The authorization, however, is largely overseen by the ‘Authorizing Official’, who makes the final decision whether to authorize a system to operate or not. He makes this decision based on the effectiveness and proper selection of controls, and the assessments previously made on security and privacy concerns.

Share this post
Facebook
Twitter
YouTube
LinkedIn
Share
Instagram

Related Posts

Cyber Security
Facial Recognition Technology – A Slippery Slope
SteelToad OP
Cyber Security
The Unseen War in Cyberspace – Navy Turns Towards Cyber Security Studies
SteelToad OP
Cyber Security
Cyber Security in Higher Education
SteelToad OP

LOCK IT DOWN

We've Locked Down our processes. So we can Lock Down yours.

Get Free Consultation