RISK MANAGEMENT FRAMEWORK (RMF) DIAGRAM -
SECURITY FUNDAMENTALS PR FESSIONAL
CERTIFICATION (SFPC) TEST WITH ALL CORRECT &
VERIFIED ANSWERS
1. Step 1 RMF Categorize System
Categorize the system in accordance with CNSSI
1253 Initiate the Security Plan
Register system with DoD component cybersecurity
program assign qualified personnel to RMF roles
2. Step 2 RMF Select Security Controls
Common Control Identification
Select security controls
Develop system-level continuous monitoring strategy
Review and approve Security Plan and continuous monitoring
strategy Apply overlays and tailor
3. Step 3 RMF Implement Security Controls
Implement control solutions consistent with DoD component
cybersecurity archi- tectures
Document security control implementation in Security Plan
4. Step 4 RMF Step 4 in the RMF is to assess. Once security controls are implemented,
they should be assessed for ettectiveness.
Security control assessment is a process employed by an organization to
review the management, and operational and technical security controls in
an information sys- tem. The assessment determines the extent to which
the controls are implemented correctly, are operating as intended, and
are producing the desired outcome with respect to meeting the
security requirements for the system.
The Security Control Assessor (SCA) will develop, review, and approve a
plan to as- sess the security controls. The plan will ensure assessment
activities are coordinated for interoperability and identify appropriate
procedures to assess those controls. The AO approves the Security
Assessment Plan.
Assess Security Controls
1/
2
SECURITY FUNDAMENTALS PR FESSIONAL
CERTIFICATION (SFPC) TEST WITH ALL CORRECT &
VERIFIED ANSWERS
1. Step 1 RMF Categorize System
Categorize the system in accordance with CNSSI
1253 Initiate the Security Plan
Register system with DoD component cybersecurity
program assign qualified personnel to RMF roles
2. Step 2 RMF Select Security Controls
Common Control Identification
Select security controls
Develop system-level continuous monitoring strategy
Review and approve Security Plan and continuous monitoring
strategy Apply overlays and tailor
3. Step 3 RMF Implement Security Controls
Implement control solutions consistent with DoD component
cybersecurity archi- tectures
Document security control implementation in Security Plan
4. Step 4 RMF Step 4 in the RMF is to assess. Once security controls are implemented,
they should be assessed for ettectiveness.
Security control assessment is a process employed by an organization to
review the management, and operational and technical security controls in
an information sys- tem. The assessment determines the extent to which
the controls are implemented correctly, are operating as intended, and
are producing the desired outcome with respect to meeting the
security requirements for the system.
The Security Control Assessor (SCA) will develop, review, and approve a
plan to as- sess the security controls. The plan will ensure assessment
activities are coordinated for interoperability and identify appropriate
procedures to assess those controls. The AO approves the Security
Assessment Plan.
Assess Security Controls
1/
2
