Live this video. One month into being introduced to this I gained the confidence and applied for a ISSO position to do RMF and the interview was technically incline with all the categories you explain here. All questions were asked based on SSP and all steps and roles and responsibilities.
Thanks, sir for breaking down the 7 steeps of RMF this has always being my challenge but with this video, you make it easier for me to understand each steep.
Thank you for the breakdown on 7 rmf steps according to NIST SP 800- 37 Rev 2 I will like to know if we also conduct risk assessment during the prepare step?
@@TighTechConsult Sir, categorization of information is based solely on impact of the loss of confidentiality, integrity, and availability. Once you establish the kind of information an organization is using for its business (e.g. NIST SP 800-60), FIPS 199 can further assist in categorizing the information based on consequences if the organization were to compromise the data's confidentiality, integrity, and availability. Categories are Low, Moderate, and High. Once these are determined, NIST SP 800-53 and FIPS 200 can help with security control selection based on the impact of the compromise of data as stated above. Based on the impact, FIPS 200 lists 17 families of controls. These families are further broken down into many subcategories of controls listed in NIST 800-53.
@@TighTechConsult If you see Appendices D and F in NIST SP 800-53 (Rev 4), you'll notice every security control will have corresponding impacts of "Low, Moderate, and High". As mentioned, these corresponding impacts (categories) are based off the loss of confidentiality, integrity, and availability.
I must say that this is the only video that will give you clear picture of 7 Steps of RMF.
Live this video. One month into being introduced to this I gained the confidence and applied for a ISSO position to do RMF and the interview was technically incline with all the categories you explain here.
All questions were asked based on SSP and all steps and roles and responsibilities.
Any advice you can give on what to study for the interview questions?
@@bisharohashi822 I’d suggest that if you’re going for a position totally situated with ATO Authority to operate just study the NIST RMF
Thanks, sir for breaking down the 7 steeps of RMF this has always being my challenge but with this video, you make it easier for me to understand each steep.
Oh my goodness, you’re a very great teacher. 👏👏
you did JUSTICE to RMF steps!
This gave me the clear understanding of the steps of RMF
Thanks a lot this has been very insightful
Wow! you did a great presentation of RMF and it's steps. Kudos to you 👍👏👏👏👏
Thank you
I am really enjoying this presentation
Thank you
Thank you 🙏🏿 great explanation.
Wow thank you very much for the information
Thanks to you too for the support
Thank you Sir.
Your explanations are very simple and direct. Making it easy to follow ❤
Thank u 🙏🏾
Thanks a lot for this video
Well explained, thank you.
Thanks a lot
very nice!
Thanks very much.👍👍
Very helpful.Thank you.👍
You are welcome
Do you still teach? Where are you located?
So Mr Emanuel in a job interview if you are ask to explain the RMF steps can I used this lessons to explain to a job interviewer
Yes you can use this video to explain to job interviewers.
@@TighTechConsult thank you very much sir
I have to know impact level to know security code to select
Hi Mr Emmanuel, thanks for sharing but where can I get a copy of what you just explained in that video?
You need to pay to get the copy.
tightechconsult@gmail.com
+1 202-854-9882
Thank you for the breakdown on 7 rmf steps according to NIST SP 800- 37 Rev 2
I will like to know if we also conduct risk assessment during the prepare step?
Hi, I have been looking for the assessment video and couldn't find it. But its like Assessment is done by the Assessor and not the ISSO
How much is it to get this ( RMF
Sir please i think you did not mention document to review for AUTHORISE step - what NIST number
NIST SP 800-37 Rev 2
After categorizing you didn’t say selection of high impact
I would add "impact of loss of the information in regards to confidentiality, integrity, and availability".
I don't understand what you mean.
@@TighTechConsult Sir, categorization of information is based solely on impact of the loss of confidentiality, integrity, and availability. Once you establish the kind of information an organization is using for its business (e.g. NIST SP 800-60), FIPS 199 can further assist in categorizing the information based on consequences if the organization were to compromise the data's confidentiality, integrity, and availability. Categories are Low, Moderate, and High. Once these are determined, NIST SP 800-53 and FIPS 200 can help with security control selection based on the impact of the compromise of data as stated above. Based on the impact, FIPS 200 lists 17 families of controls. These families are further broken down into many subcategories of controls listed in NIST 800-53.
@@TighTechConsult If you see Appendices D and F in NIST SP 800-53 (Rev 4), you'll notice every security control will have corresponding impacts of "Low, Moderate, and High". As mentioned, these corresponding impacts (categories) are based off the loss of confidentiality, integrity, and availability.
@@ruel1072 according to NIST 800-53 Rev 5, there are now 20 Control families. Please check out my other videos on that.
@@ruel1072 I have videos on that, Please check them out.