CIS608 - RMF Step 4: Assessment
RMF Step 4: Assessment
In Step 4, the Assessor (or Validator) reviews all the artifacts provided to determine the risk to the system. All of these findings are presented in the Security Assessment Report (SAR). There are many complex versions available, both government and commercial. These are great references for major projects, but you do not need to go into that much detail.
FedRAMP Security Assessment Report (SAR) Template, General Services Administration
https://www.fedramp.gov/assets/resources/templates/FedRAMP-SAR-Template.docx
Tips for Creating a Strong Cybersecurity Assessment Report, Lenny Zeltser
https://zeltser.com/security-assessment-report-cheat-sheet/
Assignment Requirements
Write an original SAR that captures all the work you have conducted on your University Administration Office. Do not use the full FedRamp template, as a minimum, you should include:
· An overview of your system - University Administration Office
· The scope and methodology of your assessment
· Your prioritized findings with recommended mitigations
Submission Requirements
Format: Microsoft Word
Font: Arial, 12-Point, Double- Space
Length: approximately 2-4 pages
Note: I have attached my previous RMF steps document for the University Admin Office