technical report/powerpoint presentatiom

Step 3: Select the Security Controls

Task: View this topic

Last Visited Jun 18, 2021 6:14 PM

AY

In the previous step, you and your

CARS colleagues completed the first part of

the Risk Management Framework

process. The potential impact on the

information system in question has been

categorized as moderate. With this

information, you move to the next part of the

process: selecting security controls.

What are the minimum information security

requirements for an information

system categorized as moderate impact? For

insight, review the following NIST

publication (PDF): Minimum Security

Requirements for Federal Information and

Information Systems (FIPS 200) . This

publication goes hand-in-hand with FIPS

199, which you used in the previous step.

Now that you understand the

minimum security requirements for

information systems, select the security

controls needed to fulfill those requirements.

For this step, you will select controls

according to the Risk Management

Framework process. Create a table listing

all of the moderate-impact security

controls that will need to be implemented for

this system.

Using the NIST’s list of moderate-impact

controls identify each of the moderate-

impact security controls. Create a

spreadsheet with each of identified security

controls. Include the security control number

(headed “No.” in the table below), Control

title (“Control”), priority (“Priority”), and the

moderate control (“Moderate”). The

following excerpt shows an example that

would meet these initial requirements.

Sort your spreadsheet by priority, with P1

having higher priority than P2 and P3. Save

the sorted table for inclusion into a final

report and presentation later in this project.

Control Priority Moderate

ACCESS CONTROL POLICY AND PROCEDURES P1 AC-1

LEAST PRIVILEGE P1 AC-6 (1) (2) (5) (9) (10)

Activity Details

6/18/21, 6:15 PM Page 1 of 1