Risk Management Framework: Assessing and Monitoring NIST 800-53 Controls for DoD
In 2014, the Department of Defense (DoD) issued instructions that replaced DoD Information Assurance Certification and Accreditation Process (DIACAP) with the Risk Management Framework (RMF). The RMF is designed to be managed as a continual process as the risk posture evolves over time for each information system.
As the DoD Cyber Strategy Report notes, "...Through the process of risk management, leaders must consider risk to U.S. interests from adversaries using cyberspace to their advantage and from our own efforts to employ the global nature of cyberspace to achieve objectives in military, intelligence, and business operations..."
Download this whitepaper to learn how to best support your agency's risk management framework including:
- Adopting sound threat mitigation strategies and enhancing you security posture;
- Tracking progress deploying mitigations through continuous monitoring;
- Meeting requirements to automate monitoring of security events.