NIST 800-37 Certification & Accreditation Process

•Download as PPT, PDF•

3 likes•3,204 views

timmcguinness

Technology Business

System Owner Authorizing Official Certification Agent Prepare Documentation Initiation Phase 1 1. Describe the System 2. Categorize its C.I.A. 3. Identify Threats to it 4. Identify its Vulnerabilities 5. Identify In-Place and Planned Security Controls 6. Determine its Initial Risks Initiation NIST 800-37 Risk Management & Certification and Accreditation Tasks Notify Officials & Identify Resources Planning Phase 3 1. Notify Program Officials 2. Identify Resources Needed and Plan execution of Activities Initiation Monitor Security Controls O&M Phase 9 1. Select In-Place Security Controls 2. Assess Selected Security Controls Monitoring Analyze, Update & Accept System Security Plan Multiple Phases 4-6 1. Review Security C.I.A. Categorizations 2. Analyze Security Plan 3. Update Security Plan 4. Obtain Authorizing Official Acceptance of Security Plan Initiation System Owner Phase 1 – Task 1 Phase 3 – Task 6 Phase 1 – Task 2 Phase 1 – Task 3 Phase 2 – Task 4 Phase 2 – Task 5 Phase 3 – Task 7 Phase 4 – Task 8 Phase 4 – Task 9 Phase 4 – Task 10 Primary Responsibility SDLC NIST 800-37 Phases Presented By Dr. Tim McGuinness www.RegulatoryPro.us Report & Document Status O&M Phase 9 1. Update Security Plan 2. Update Plan of Action & Milestones 3. Report Status Monitoring Manage & Control Configuration O&M Phase 9 1. Document System Changes 2. Analyze Security Impacts Monitoring Assess & Evaluate Security Controls Integration & Test Phase 7 1. Prepare Documentation & Supporting Materials 2. Review Methods and Test Procedures 3. Assess & Evaluate In- Place Security Controls 4. Report Security Assessment Results Certification Document Security Accreditation Integration & Test Phase 7 1. Transmit Security Accreditation Package 2. Update Security Plan Accreditation Document Security Certification Integration & Test Phase 7 1. Provide Findings and Recommendations 2. Update Security Plan 3. Prepare Plan of Action & Milestones 4. Assemble Accreditation Package Certification Make Security Accreditation Decision Integration & Test Phase 7 1. Determine Final Risk Levels 2. Accept Residual Risk Accreditation

What's hot

DSS RMF Training.pptxMuhammad Mazhar

NIST Risk Management Framework (RMF)James W. De Rienzo

Organigramme de la mise en œuvre du SMSI et processus de certification ISO 27...Bachir Benyammi

Building a Next-Generation Security Operations Center (SOC)Sqrrl

Guide to Risk Management Framework (RMF)MetroStar

Iso 27001 2013Primala Sistema de Gestion

Auditing SOX ITGC Complianceseanpizzy

PCI DSS 2.0 Detailed IntroductionControlCase

Iso 27001 awarenessÃsħâr Ãâlâm

ISO 27001_2022 Standard_Presentation.pdfSerkanRafetHalil1

Iso 27001 isms presentationMidhun Nirmal

NIST 800-30 Intro to Conducting Risk Assessments - Part 1Denise Tawwab

Security operation center (SOC)Ahmed Ayman

IT Audit - Shadow IT SystemsDam Frank

ISO 27001 2002 Update Webinar.pdfControlCase

What is SOC and why do banks need SOC-as-a-Service?manoharparakh

Security and Compliance Initial Roadmap Anshu Gupta

SMSI.pdfHajarSalimi

Basic introduction to iso27001Imran Ahmed

Soc 2 vs iso 27001 certification withh links converted-convertedVISTA InfoSec

What's hot (20)

DSS RMF Training.pptx

NIST Risk Management Framework (RMF)

Organigramme de la mise en œuvre du SMSI et processus de certification ISO 27...

Building a Next-Generation Security Operations Center (SOC)

Guide to Risk Management Framework (RMF)

Iso 27001 2013

Auditing SOX ITGC Compliance

PCI DSS 2.0 Detailed Introduction

Iso 27001 awareness

ISO 27001_2022 Standard_Presentation.pdf

Iso 27001 isms presentation

NIST 800-30 Intro to Conducting Risk Assessments - Part 1

Security operation center (SOC)

IT Audit - Shadow IT Systems

ISO 27001 2002 Update Webinar.pdf

What is SOC and why do banks need SOC-as-a-Service?

Security and Compliance Initial Roadmap

SMSI.pdf

Basic introduction to iso27001

Soc 2 vs iso 27001 certification withh links converted-converted

Similar to NIST 800-37 Certification & Accreditation Process

Understanding the Risk Management Framework & (ISC)2 CAP Module 4: Life CycleDonald E. Hester

Host-Based IDS LLifecycleCondition Zebra (CONZebra)

Chapter 1 Fundamental of TestingSiti Deny Nadiroha

Completing fedramp-security-authorization-processTuan Phan

Bab i fundamental of testing (yoga)sidjdhdjsks

250250902-141-ISACA-NACACS-Auditing-IT-Projects-Audit-Program.pdfAddisu15

Verification processJULIO GONZALEZ SANZ

Introduction to CMMI-DEV v1.3 - Day 3Sherif Salah, MBA, ITIL, CMMI, MCSA, TQM

L5 RMF Phase 4 Implement.pptxStevenTharp2

Pwc systems-implementation-lessons-learnedAvi Kumar

[Insert System Name (Acronym)]Security Categorization Moderat.docxdanielfoster65629

Bab i fundamental of testingSyakir Arsalan

STLC-ppt-1.pptxsangeeta607494

Fundamental test processYoga Pratama Putra

Navigating Process Safety Audits in the Oil and Gas Industrysoginsider

Understanding the Risk Management Framework & (ISC)2 CAP Module 9: Assess Con...Donald E. Hester

Stlc pptBhavik Modi

Software-Testing-Chapgdgdgsghshshshshshshsshaikbab

R!!! ria-gui-test plan 1.0hanumanthunembi

Practical IT auditingFrederick Altum Pokoo-Aikins

Similar to NIST 800-37 Certification & Accreditation Process (20)

Understanding the Risk Management Framework & (ISC)2 CAP Module 4: Life Cycle

Host-Based IDS LLifecycle

Chapter 1 Fundamental of Testing

Completing fedramp-security-authorization-process

Bab i fundamental of testing (yoga)

250250902-141-ISACA-NACACS-Auditing-IT-Projects-Audit-Program.pdf

Verification process

Introduction to CMMI-DEV v1.3 - Day 3

L5 RMF Phase 4 Implement.pptx

Pwc systems-implementation-lessons-learned

[Insert System Name (Acronym)]Security Categorization Moderat.docx

Bab i fundamental of testing

STLC-ppt-1.pptx

Fundamental test process

Navigating Process Safety Audits in the Oil and Gas Industry

Understanding the Risk Management Framework & (ISC)2 CAP Module 9: Assess Con...

Stlc ppt

Software-Testing-Chapgdgdgsghshshshshshshs

R!!! ria-gui-test plan 1.0

Practical IT auditing

Recently uploaded

Key Features Of Token Development (1).pptxLBM Solutions

Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren

#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada

08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls

GenCyber Cyber Security Day PresentationMichael W. Hawkins

How to convert PDF to text with Nanonetsnaman860154

Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada

SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j

Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard

Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited

AI as an Interface for Commercial BuildingsMemoori

Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55

WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal

E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxnull - The Open Security Community

SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren

08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls

Presentation on how to chat with PDF using ChatGPT code interpreternaman860154

Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group

Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski

FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh

Recently uploaded (20)

Key Features Of Token Development (1).pptx

Advanced Test Driven-Development @ php[tek] 2024

#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024

08448380779 Call Girls In Civil Lines Women Seeking Men

GenCyber Cyber Security Day Presentation

How to convert PDF to text with Nanonets

Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024

SIEMENS: RAPUNZEL – A Tale About Knowledge Graph

Maximizing Board Effectiveness 2024 Webinar.pptx

Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365

AI as an Interface for Commercial Buildings

Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...

WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service

E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx

SQL Database Design For Developers at php[tek] 2024

08448380779 Call Girls In Greater Kailash - I Women Seeking Men

Presentation on how to chat with PDF using ChatGPT code interpreter

Snow Chain-Integrated Tire for a Safe Drive on Winter Roads

Integration and Automation in Practice: CI/CD in Mule Integration and Automat...

FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi

NIST 800-37 Certification & Accreditation Process

1. System Owner Authorizing Official Certification Agent Prepare Documentation Initiation Phase 1 1. Describe the System 2. Categorize its C.I.A. 3. Identify Threats to it 4. Identify its Vulnerabilities 5. Identify In-Place and Planned Security Controls 6. Determine its Initial Risks Initiation NIST 800-37 Risk Management & Certification and Accreditation Tasks Notify Officials & Identify Resources Planning Phase 3 1. Notify Program Officials 2. Identify Resources Needed and Plan execution of Activities Initiation Monitor Security Controls O&M Phase 9 1. Select In-Place Security Controls 2. Assess Selected Security Controls Monitoring Analyze, Update & Accept System Security Plan Multiple Phases 4-6 1. Review Security C.I.A. Categorizations 2. Analyze Security Plan 3. Update Security Plan 4. Obtain Authorizing Official Acceptance of Security Plan Initiation System Owner Phase 1 – Task 1 Phase 3 – Task 6 Phase 1 – Task 2 Phase 1 – Task 3 Phase 2 – Task 4 Phase 2 – Task 5 Phase 3 – Task 7 Phase 4 – Task 8 Phase 4 – Task 9 Phase 4 – Task 10 Primary Responsibility SDLC NIST 800-37 Phases Presented By Dr. Tim McGuinness www.RegulatoryPro.us Report & Document Status O&M Phase 9 1. Update Security Plan 2. Update Plan of Action & Milestones 3. Report Status Monitoring Manage & Control Configuration O&M Phase 9 1. Document System Changes 2. Analyze Security Impacts Monitoring Assess & Evaluate Security Controls Integration & Test Phase 7 1. Prepare Documentation & Supporting Materials 2. Review Methods and Test Procedures 3. Assess & Evaluate In- Place Security Controls 4. Report Security Assessment Results Certification Document Security Accreditation Integration & Test Phase 7 1. Transmit Security Accreditation Package 2. Update Security Plan Accreditation Document Security Certification Integration & Test Phase 7 1. Provide Findings and Recommendations 2. Update Security Plan 3. Prepare Plan of Action & Milestones 4. Assemble Accreditation Package Certification Make Security Accreditation Decision Integration & Test Phase 7 1. Determine Final Risk Levels 2. Accept Residual Risk Accreditation

NIST 800-37 Certification & Accreditation Process

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to NIST 800-37 Certification & Accreditation Process

Similar to NIST 800-37 Certification & Accreditation Process (20)

Recently uploaded

Recently uploaded (20)

NIST 800-37 Certification & Accreditation Process