Submit Search
Upload
NIST 800-37 Certification & Accreditation Process
•
Download as PPT, PDF
•
3 likes
•
3,210 views
T
timmcguinness
Follow
NIST 800-37 Certification & Accreditation Process
Read less
Read more
Technology
Business
Report
Share
Report
Share
1 of 1
Download now
Recommended
NIST presentation on RMF 2.0 / SP 800-37 rev. 2
NIST presentation on RMF 2.0 / SP 800-37 rev. 2
NetLockSmith
Understanding the NIST Risk Management Framework: 800-37 Rev. 2
Understanding the NIST Risk Management Framework: 800-37 Rev. 2
Denise Tawwab
Understanding the Risk Management Framework & (ISC)2 CAP Module 1: Exam
Understanding the Risk Management Framework & (ISC)2 CAP Module 1: Exam
Donald E. Hester
NIST Risk Management Framework (RMF)
NIST Risk Management Framework (RMF)
James W. De Rienzo
NIST cybersecurity framework
NIST cybersecurity framework
Shriya Rai
NIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond Chapter
Tuan Phan
PCI DSS Compliance
PCI DSS Compliance
Saumya Vishnoi
2023.06 - CompTIA Security+ Everything you need to know about the new exam .pptx
2023.06 - CompTIA Security+ Everything you need to know about the new exam .pptx
Infosec
Recommended
NIST presentation on RMF 2.0 / SP 800-37 rev. 2
NIST presentation on RMF 2.0 / SP 800-37 rev. 2
NetLockSmith
Understanding the NIST Risk Management Framework: 800-37 Rev. 2
Understanding the NIST Risk Management Framework: 800-37 Rev. 2
Denise Tawwab
Understanding the Risk Management Framework & (ISC)2 CAP Module 1: Exam
Understanding the Risk Management Framework & (ISC)2 CAP Module 1: Exam
Donald E. Hester
NIST Risk Management Framework (RMF)
NIST Risk Management Framework (RMF)
James W. De Rienzo
NIST cybersecurity framework
NIST cybersecurity framework
Shriya Rai
NIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond Chapter
Tuan Phan
PCI DSS Compliance
PCI DSS Compliance
Saumya Vishnoi
2023.06 - CompTIA Security+ Everything you need to know about the new exam .pptx
2023.06 - CompTIA Security+ Everything you need to know about the new exam .pptx
Infosec
Introduction to NIST’s Risk Management Framework (RMF)
Introduction to NIST’s Risk Management Framework (RMF)
Donald E. Hester
Critical Security Controls v4 1 Mapped to NIST SP 800-53 Rev.4-final r6a
Critical Security Controls v4 1 Mapped to NIST SP 800-53 Rev.4-final r6a
James W. De Rienzo
CISA Training - Chapter 2 - 2016
CISA Training - Chapter 2 - 2016
Hafiz Sheikh Adnan Ahmed
DSS RMF Training.pptx
DSS RMF Training.pptx
Muhammad Mazhar
Understanding the Risk Management Framework & (ISC)2 CAP Module 2: Introduction
Understanding the Risk Management Framework & (ISC)2 CAP Module 2: Introduction
Donald E. Hester
Iso iec 27032 foundation - cybersecurity training course
Iso iec 27032 foundation - cybersecurity training course
Mart Rovers
CISSP-Certified.pptx
CISSP-Certified.pptx
ssuser645549
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecture
Priyanka Aash
NIST 800-30 Intro to Conducting Risk Assessments - Part 1
NIST 800-30 Intro to Conducting Risk Assessments - Part 1
Denise Tawwab
RMF Roles and Responsibilities (Part 1)
RMF Roles and Responsibilities (Part 1)
Donald E. Hester
NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101
Erick Kish, U.S. Commercial Service
Cybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHS
John Gilligan
Building a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS Environments
Shah Sheikh
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security Framework
PECB
Iso 27001 isms presentation
Iso 27001 isms presentation
Midhun Nirmal
(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804
(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804
James W. De Rienzo
PCI DSS 3.2
PCI DSS 3.2
Kimberly Simon MBA
Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001
PECB
NIST Critical Security Framework (CSF)
NIST Critical Security Framework (CSF)
Priyanka Aash
Introduction to PCI DSS
Introduction to PCI DSS
Saumya Vishnoi
Understanding the Risk Management Framework & (ISC)2 CAP Module 4: Life Cycle
Understanding the Risk Management Framework & (ISC)2 CAP Module 4: Life Cycle
Donald E. Hester
Host-Based IDS LLifecycle
Host-Based IDS LLifecycle
Condition Zebra (CONZebra)
More Related Content
What's hot
Introduction to NIST’s Risk Management Framework (RMF)
Introduction to NIST’s Risk Management Framework (RMF)
Donald E. Hester
Critical Security Controls v4 1 Mapped to NIST SP 800-53 Rev.4-final r6a
Critical Security Controls v4 1 Mapped to NIST SP 800-53 Rev.4-final r6a
James W. De Rienzo
CISA Training - Chapter 2 - 2016
CISA Training - Chapter 2 - 2016
Hafiz Sheikh Adnan Ahmed
DSS RMF Training.pptx
DSS RMF Training.pptx
Muhammad Mazhar
Understanding the Risk Management Framework & (ISC)2 CAP Module 2: Introduction
Understanding the Risk Management Framework & (ISC)2 CAP Module 2: Introduction
Donald E. Hester
Iso iec 27032 foundation - cybersecurity training course
Iso iec 27032 foundation - cybersecurity training course
Mart Rovers
CISSP-Certified.pptx
CISSP-Certified.pptx
ssuser645549
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecture
Priyanka Aash
NIST 800-30 Intro to Conducting Risk Assessments - Part 1
NIST 800-30 Intro to Conducting Risk Assessments - Part 1
Denise Tawwab
RMF Roles and Responsibilities (Part 1)
RMF Roles and Responsibilities (Part 1)
Donald E. Hester
NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101
Erick Kish, U.S. Commercial Service
Cybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHS
John Gilligan
Building a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS Environments
Shah Sheikh
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security Framework
PECB
Iso 27001 isms presentation
Iso 27001 isms presentation
Midhun Nirmal
(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804
(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804
James W. De Rienzo
PCI DSS 3.2
PCI DSS 3.2
Kimberly Simon MBA
Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001
PECB
NIST Critical Security Framework (CSF)
NIST Critical Security Framework (CSF)
Priyanka Aash
Introduction to PCI DSS
Introduction to PCI DSS
Saumya Vishnoi
What's hot
(20)
Introduction to NIST’s Risk Management Framework (RMF)
Introduction to NIST’s Risk Management Framework (RMF)
Critical Security Controls v4 1 Mapped to NIST SP 800-53 Rev.4-final r6a
Critical Security Controls v4 1 Mapped to NIST SP 800-53 Rev.4-final r6a
CISA Training - Chapter 2 - 2016
CISA Training - Chapter 2 - 2016
DSS RMF Training.pptx
DSS RMF Training.pptx
Understanding the Risk Management Framework & (ISC)2 CAP Module 2: Introduction
Understanding the Risk Management Framework & (ISC)2 CAP Module 2: Introduction
Iso iec 27032 foundation - cybersecurity training course
Iso iec 27032 foundation - cybersecurity training course
CISSP-Certified.pptx
CISSP-Certified.pptx
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecture
NIST 800-30 Intro to Conducting Risk Assessments - Part 1
NIST 800-30 Intro to Conducting Risk Assessments - Part 1
RMF Roles and Responsibilities (Part 1)
RMF Roles and Responsibilities (Part 1)
NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101
Cybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHS
Building a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS Environments
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security Framework
Iso 27001 isms presentation
Iso 27001 isms presentation
(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804
(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804
PCI DSS 3.2
PCI DSS 3.2
Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001
NIST Critical Security Framework (CSF)
NIST Critical Security Framework (CSF)
Introduction to PCI DSS
Introduction to PCI DSS
Similar to NIST 800-37 Certification & Accreditation Process
Understanding the Risk Management Framework & (ISC)2 CAP Module 4: Life Cycle
Understanding the Risk Management Framework & (ISC)2 CAP Module 4: Life Cycle
Donald E. Hester
Host-Based IDS LLifecycle
Host-Based IDS LLifecycle
Condition Zebra (CONZebra)
Chapter 1 Fundamental of Testing
Chapter 1 Fundamental of Testing
Siti Deny Nadiroha
Completing fedramp-security-authorization-process
Completing fedramp-security-authorization-process
Tuan Phan
Bab i fundamental of testing (yoga)
Bab i fundamental of testing (yoga)
sidjdhdjsks
250250902-141-ISACA-NACACS-Auditing-IT-Projects-Audit-Program.pdf
250250902-141-ISACA-NACACS-Auditing-IT-Projects-Audit-Program.pdf
Addisu15
Verification process
Verification process
JULIO GONZALEZ SANZ
Introduction to CMMI-DEV v1.3 - Day 3
Introduction to CMMI-DEV v1.3 - Day 3
Sherif Salah, MBA, ITIL, CMMI, MCSA, TQM
L5 RMF Phase 4 Implement.pptx
L5 RMF Phase 4 Implement.pptx
StevenTharp2
Pwc systems-implementation-lessons-learned
Pwc systems-implementation-lessons-learned
Avi Kumar
[Insert System Name (Acronym)]Security Categorization Moderat.docx
[Insert System Name (Acronym)]Security Categorization Moderat.docx
danielfoster65629
Bab i fundamental of testing
Bab i fundamental of testing
Syakir Arsalan
STLC-ppt-1.pptx
STLC-ppt-1.pptx
sangeeta607494
Fundamental test process
Fundamental test process
Yoga Pratama Putra
Navigating Process Safety Audits in the Oil and Gas Industry
Navigating Process Safety Audits in the Oil and Gas Industry
soginsider
Understanding the Risk Management Framework & (ISC)2 CAP Module 9: Assess Con...
Understanding the Risk Management Framework & (ISC)2 CAP Module 9: Assess Con...
Donald E. Hester
Stlc ppt
Stlc ppt
Bhavik Modi
Software-Testing-Chapgdgdgsghshshshshshshs
Software-Testing-Chapgdgdgsghshshshshshshs
shaikbab
R!!! ria-gui-test plan 1.0
R!!! ria-gui-test plan 1.0
hanumanthunembi
Practical IT auditing
Practical IT auditing
Frederick Altum Pokoo-Aikins
Similar to NIST 800-37 Certification & Accreditation Process
(20)
Understanding the Risk Management Framework & (ISC)2 CAP Module 4: Life Cycle
Understanding the Risk Management Framework & (ISC)2 CAP Module 4: Life Cycle
Host-Based IDS LLifecycle
Host-Based IDS LLifecycle
Chapter 1 Fundamental of Testing
Chapter 1 Fundamental of Testing
Completing fedramp-security-authorization-process
Completing fedramp-security-authorization-process
Bab i fundamental of testing (yoga)
Bab i fundamental of testing (yoga)
250250902-141-ISACA-NACACS-Auditing-IT-Projects-Audit-Program.pdf
250250902-141-ISACA-NACACS-Auditing-IT-Projects-Audit-Program.pdf
Verification process
Verification process
Introduction to CMMI-DEV v1.3 - Day 3
Introduction to CMMI-DEV v1.3 - Day 3
L5 RMF Phase 4 Implement.pptx
L5 RMF Phase 4 Implement.pptx
Pwc systems-implementation-lessons-learned
Pwc systems-implementation-lessons-learned
[Insert System Name (Acronym)]Security Categorization Moderat.docx
[Insert System Name (Acronym)]Security Categorization Moderat.docx
Bab i fundamental of testing
Bab i fundamental of testing
STLC-ppt-1.pptx
STLC-ppt-1.pptx
Fundamental test process
Fundamental test process
Navigating Process Safety Audits in the Oil and Gas Industry
Navigating Process Safety Audits in the Oil and Gas Industry
Understanding the Risk Management Framework & (ISC)2 CAP Module 9: Assess Con...
Understanding the Risk Management Framework & (ISC)2 CAP Module 9: Assess Con...
Stlc ppt
Stlc ppt
Software-Testing-Chapgdgdgsghshshshshshshs
Software-Testing-Chapgdgdgsghshshshshshshs
R!!! ria-gui-test plan 1.0
R!!! ria-gui-test plan 1.0
Practical IT auditing
Practical IT auditing
Recently uploaded
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
Remote DBA Services
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Juan lago vázquez
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
apidays
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Edi Saputra
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
Zilliz
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
MIND CTI
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
The Digital Insurer
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
Sandro Moreira
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
Rustici Software
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
Samir Dash
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
apidays
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
Andrey Devyatkin
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
Recently uploaded
(20)
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
NIST 800-37 Certification & Accreditation Process
1.
System Owner Authorizing
Official Certification Agent Prepare Documentation Initiation Phase 1 1. Describe the System 2. Categorize its C.I.A. 3. Identify Threats to it 4. Identify its Vulnerabilities 5. Identify In-Place and Planned Security Controls 6. Determine its Initial Risks Initiation NIST 800-37 Risk Management & Certification and Accreditation Tasks Notify Officials & Identify Resources Planning Phase 3 1. Notify Program Officials 2. Identify Resources Needed and Plan execution of Activities Initiation Monitor Security Controls O&M Phase 9 1. Select In-Place Security Controls 2. Assess Selected Security Controls Monitoring Analyze, Update & Accept System Security Plan Multiple Phases 4-6 1. Review Security C.I.A. Categorizations 2. Analyze Security Plan 3. Update Security Plan 4. Obtain Authorizing Official Acceptance of Security Plan Initiation System Owner Phase 1 – Task 1 Phase 3 – Task 6 Phase 1 – Task 2 Phase 1 – Task 3 Phase 2 – Task 4 Phase 2 – Task 5 Phase 3 – Task 7 Phase 4 – Task 8 Phase 4 – Task 9 Phase 4 – Task 10 Primary Responsibility SDLC NIST 800-37 Phases Presented By Dr. Tim McGuinness www.RegulatoryPro.us Report & Document Status O&M Phase 9 1. Update Security Plan 2. Update Plan of Action & Milestones 3. Report Status Monitoring Manage & Control Configuration O&M Phase 9 1. Document System Changes 2. Analyze Security Impacts Monitoring Assess & Evaluate Security Controls Integration & Test Phase 7 1. Prepare Documentation & Supporting Materials 2. Review Methods and Test Procedures 3. Assess & Evaluate In- Place Security Controls 4. Report Security Assessment Results Certification Document Security Accreditation Integration & Test Phase 7 1. Transmit Security Accreditation Package 2. Update Security Plan Accreditation Document Security Certification Integration & Test Phase 7 1. Provide Findings and Recommendations 2. Update Security Plan 3. Prepare Plan of Action & Milestones 4. Assemble Accreditation Package Certification Make Security Accreditation Decision Integration & Test Phase 7 1. Determine Final Risk Levels 2. Accept Residual Risk Accreditation
Download now