CIS608 - RMF Step 4: Assessment

kartiukt18
RMF_Step4_Assessment.docx

RMF Step 4: Assessment

In Step 4, the Assessor (or Validator) reviews all the artifacts provided to determine the risk to the system. All of these findings are presented in the Security Assessment Report (SAR). There are many complex versions available, both government and commercial. These are great references for major projects, but you do not need to go into that much detail.

FedRAMP Security Assessment Report (SAR) Template, General Services Administration

https://www.fedramp.gov/assets/resources/templates/FedRAMP-SAR-Template.docx

Tips for Creating a Strong Cybersecurity Assessment Report, Lenny Zeltser

https://zeltser.com/security-assessment-report-cheat-sheet/

Assignment Requirements

Write an original SAR that captures all the work you have conducted on your University Administration Office. Do not use the full FedRamp template, as a minimum, you should include:

· An overview of your system - University Administration Office

· The scope and methodology of your assessment

· Your prioritized findings with recommended mitigations

Submission Requirements

Format: Microsoft Word

Font: Arial, 12-Point, Double- Space

Length: approximately 2-4 pages

Note: I have attached my previous RMF steps document for the University Admin Office