NIST 800-37 Certification & Accreditation Process

•Download as PPT, PDF•

3 likes•3,210 views

timmcguinness

Technology Business

System Owner Authorizing Official Certification Agent Prepare Documentation Initiation Phase 1 1. Describe the System 2. Categorize its C.I.A. 3. Identify Threats to it 4. Identify its Vulnerabilities 5. Identify In-Place and Planned Security Controls 6. Determine its Initial Risks Initiation NIST 800-37 Risk Management & Certification and Accreditation Tasks Notify Officials & Identify Resources Planning Phase 3 1. Notify Program Officials 2. Identify Resources Needed and Plan execution of Activities Initiation Monitor Security Controls O&M Phase 9 1. Select In-Place Security Controls 2. Assess Selected Security Controls Monitoring Analyze, Update & Accept System Security Plan Multiple Phases 4-6 1. Review Security C.I.A. Categorizations 2. Analyze Security Plan 3. Update Security Plan 4. Obtain Authorizing Official Acceptance of Security Plan Initiation System Owner Phase 1 – Task 1 Phase 3 – Task 6 Phase 1 – Task 2 Phase 1 – Task 3 Phase 2 – Task 4 Phase 2 – Task 5 Phase 3 – Task 7 Phase 4 – Task 8 Phase 4 – Task 9 Phase 4 – Task 10 Primary Responsibility SDLC NIST 800-37 Phases Presented By Dr. Tim McGuinness www.RegulatoryPro.us Report & Document Status O&M Phase 9 1. Update Security Plan 2. Update Plan of Action & Milestones 3. Report Status Monitoring Manage & Control Configuration O&M Phase 9 1. Document System Changes 2. Analyze Security Impacts Monitoring Assess & Evaluate Security Controls Integration & Test Phase 7 1. Prepare Documentation & Supporting Materials 2. Review Methods and Test Procedures 3. Assess & Evaluate In- Place Security Controls 4. Report Security Assessment Results Certification Document Security Accreditation Integration & Test Phase 7 1. Transmit Security Accreditation Package 2. Update Security Plan Accreditation Document Security Certification Integration & Test Phase 7 1. Provide Findings and Recommendations 2. Update Security Plan 3. Prepare Plan of Action & Milestones 4. Assemble Accreditation Package Certification Make Security Accreditation Decision Integration & Test Phase 7 1. Determine Final Risk Levels 2. Accept Residual Risk Accreditation

What's hot

Introduction to NIST’s Risk Management Framework (RMF)Donald E. Hester

Critical Security Controls v4 1 Mapped to NIST SP 800-53 Rev.4-final r6aJames W. De Rienzo

CISA Training - Chapter 2 - 2016Hafiz Sheikh Adnan Ahmed

DSS RMF Training.pptxMuhammad Mazhar

Understanding the Risk Management Framework & (ISC)2 CAP Module 2: IntroductionDonald E. Hester

Iso iec 27032 foundation - cybersecurity training courseMart Rovers

CISSP-Certified.pptxssuser645549

Cybersecurity roadmap : Global healthcare security architecturePriyanka Aash

NIST 800-30 Intro to Conducting Risk Assessments - Part 1Denise Tawwab

RMF Roles and Responsibilities (Part 1) Donald E. Hester

NIST Cybersecurity Framework 101 Erick Kish, U.S. Commercial Service

Cybersecurity Priorities and Roadmap: Recommendations to DHSJohn Gilligan

Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsShah Sheikh

Introduction to Risk Management via the NIST Cyber Security FrameworkPECB

Iso 27001 isms presentationMidhun Nirmal

(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804James W. De Rienzo

PCI DSS 3.2Kimberly Simon MBA

Best Practices in Auditing ISO/IEC 27001PECB

NIST Critical Security Framework (CSF) Priyanka Aash

Introduction to PCI DSSSaumya Vishnoi

What's hot (20)

Introduction to NIST’s Risk Management Framework (RMF)

Critical Security Controls v4 1 Mapped to NIST SP 800-53 Rev.4-final r6a

CISA Training - Chapter 2 - 2016

DSS RMF Training.pptx

Understanding the Risk Management Framework & (ISC)2 CAP Module 2: Introduction

Iso iec 27032 foundation - cybersecurity training course

CISSP-Certified.pptx

Cybersecurity roadmap : Global healthcare security architecture

NIST 800-30 Intro to Conducting Risk Assessments - Part 1

RMF Roles and Responsibilities (Part 1)

NIST Cybersecurity Framework 101

Cybersecurity Priorities and Roadmap: Recommendations to DHS

Building a Cyber Security Operations Center for SCADA/ICS Environments

Introduction to Risk Management via the NIST Cyber Security Framework

Iso 27001 isms presentation

(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804

PCI DSS 3.2

Best Practices in Auditing ISO/IEC 27001

NIST Critical Security Framework (CSF)

Introduction to PCI DSS

Similar to NIST 800-37 Certification & Accreditation Process

Understanding the Risk Management Framework & (ISC)2 CAP Module 4: Life CycleDonald E. Hester

Host-Based IDS LLifecycleCondition Zebra (CONZebra)

Chapter 1 Fundamental of TestingSiti Deny Nadiroha

Completing fedramp-security-authorization-processTuan Phan

Bab i fundamental of testing (yoga)sidjdhdjsks

250250902-141-ISACA-NACACS-Auditing-IT-Projects-Audit-Program.pdfAddisu15

Verification processJULIO GONZALEZ SANZ

Introduction to CMMI-DEV v1.3 - Day 3Sherif Salah, MBA, ITIL, CMMI, MCSA, TQM

L5 RMF Phase 4 Implement.pptxStevenTharp2

Pwc systems-implementation-lessons-learnedAvi Kumar

[Insert System Name (Acronym)]Security Categorization Moderat.docxdanielfoster65629

Bab i fundamental of testingSyakir Arsalan

STLC-ppt-1.pptxsangeeta607494

Fundamental test processYoga Pratama Putra

Navigating Process Safety Audits in the Oil and Gas Industrysoginsider

Understanding the Risk Management Framework & (ISC)2 CAP Module 9: Assess Con...Donald E. Hester

Stlc pptBhavik Modi

Software-Testing-Chapgdgdgsghshshshshshshsshaikbab

R!!! ria-gui-test plan 1.0hanumanthunembi

Practical IT auditingFrederick Altum Pokoo-Aikins

Similar to NIST 800-37 Certification & Accreditation Process (20)

Understanding the Risk Management Framework & (ISC)2 CAP Module 4: Life Cycle

Host-Based IDS LLifecycle

Chapter 1 Fundamental of Testing

Completing fedramp-security-authorization-process

Bab i fundamental of testing (yoga)

250250902-141-ISACA-NACACS-Auditing-IT-Projects-Audit-Program.pdf

Verification process

Introduction to CMMI-DEV v1.3 - Day 3

L5 RMF Phase 4 Implement.pptx

Pwc systems-implementation-lessons-learned

[Insert System Name (Acronym)]Security Categorization Moderat.docx

Bab i fundamental of testing

STLC-ppt-1.pptx

Fundamental test process

Navigating Process Safety Audits in the Oil and Gas Industry

Understanding the Risk Management Framework & (ISC)2 CAP Module 9: Assess Con...

Stlc ppt

Software-Testing-Chapgdgdgsghshshshshshshs

R!!! ria-gui-test plan 1.0

Practical IT auditing

Recently uploaded

Vector Search -An Introduction in Oracle Database 23ai.pptxRemote DBA Services

Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...apidays

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz

Why Teams call analytics are critical to your entire businesspanagenda

MINDCTI Revenue Release Quarter One 2024MIND CTI

FWD Group - Insurer Innovation Award 2024The Digital Insurer

[BuildWithAI] Introduction to Gemini.pdfSandro Moreira

Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub

TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc

Corporate and higher education May webinar.pptxRustici Software

AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)Samir Dash

DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity

Apidays New York 2024 - The value of a flexible API Management solution for O...apidays

AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software

Recently uploaded (20)

Vector Search -An Introduction in Oracle Database 23ai.pptx

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

Why Teams call analytics are critical to your entire business

MINDCTI Revenue Release Quarter One 2024

FWD Group - Insurer Innovation Award 2024

[BuildWithAI] Introduction to Gemini.pdf

Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

Corporate and higher education May webinar.pptx

AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam

Apidays New York 2024 - The value of a flexible API Management solution for O...

AWS Community Day CPH - Three problems of Terraform

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

NIST 800-37 Certification & Accreditation Process

1. System Owner Authorizing Official Certification Agent Prepare Documentation Initiation Phase 1 1. Describe the System 2. Categorize its C.I.A. 3. Identify Threats to it 4. Identify its Vulnerabilities 5. Identify In-Place and Planned Security Controls 6. Determine its Initial Risks Initiation NIST 800-37 Risk Management & Certification and Accreditation Tasks Notify Officials & Identify Resources Planning Phase 3 1. Notify Program Officials 2. Identify Resources Needed and Plan execution of Activities Initiation Monitor Security Controls O&M Phase 9 1. Select In-Place Security Controls 2. Assess Selected Security Controls Monitoring Analyze, Update & Accept System Security Plan Multiple Phases 4-6 1. Review Security C.I.A. Categorizations 2. Analyze Security Plan 3. Update Security Plan 4. Obtain Authorizing Official Acceptance of Security Plan Initiation System Owner Phase 1 – Task 1 Phase 3 – Task 6 Phase 1 – Task 2 Phase 1 – Task 3 Phase 2 – Task 4 Phase 2 – Task 5 Phase 3 – Task 7 Phase 4 – Task 8 Phase 4 – Task 9 Phase 4 – Task 10 Primary Responsibility SDLC NIST 800-37 Phases Presented By Dr. Tim McGuinness www.RegulatoryPro.us Report & Document Status O&M Phase 9 1. Update Security Plan 2. Update Plan of Action & Milestones 3. Report Status Monitoring Manage & Control Configuration O&M Phase 9 1. Document System Changes 2. Analyze Security Impacts Monitoring Assess & Evaluate Security Controls Integration & Test Phase 7 1. Prepare Documentation & Supporting Materials 2. Review Methods and Test Procedures 3. Assess & Evaluate In- Place Security Controls 4. Report Security Assessment Results Certification Document Security Accreditation Integration & Test Phase 7 1. Transmit Security Accreditation Package 2. Update Security Plan Accreditation Document Security Certification Integration & Test Phase 7 1. Provide Findings and Recommendations 2. Update Security Plan 3. Prepare Plan of Action & Milestones 4. Assemble Accreditation Package Certification Make Security Accreditation Decision Integration & Test Phase 7 1. Determine Final Risk Levels 2. Accept Residual Risk Accreditation

NIST 800-37 Certification & Accreditation Process

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to NIST 800-37 Certification & Accreditation Process

Similar to NIST 800-37 Certification & Accreditation Process (20)

Recently uploaded

Recently uploaded (20)

NIST 800-37 Certification & Accreditation Process