Скачать с ютуб RMF Control Selection Process And How To Write Security Control Implementation Statements (Hands-On) в хорошем качестве

RMF Control Selection Process And How To Write Security Control Implementation Statements (Hands-On)

*******In this video I demonstrated hands-on how RMF control selection is performed using NIST SP 800-53 Rev 4. **SSP** It is the document that summarizes the security requirements of an information system, and also describes the security control in place and planned. **Examples of Some Control Implementation Statements** * AC-1 Implementation Statement The Chief Information Security Officer (CISO) for XYZ Agency develop, disseminate Access Control Policy for the agency to all employees and contractors. The System Owner in consultation with the Information System Security Officer (ISSO) develops Access Control Procedure and periodically review and update ABC’s Information Security Policy and Procedure which contains: • A formal, documented access control policy that addresses purpose, scope, roles, and responsibilities. • Formal, documented procedures to facilitate implementation of the access control policy and all associated access controls. The ABC system ISSO and/or Information System Security Manager (ISSM) review and update the policy and procedures at least annually or whenever there is a major update. * AC-8 System Use Notification a. The Agency CISO, and/or network security manager must ensure that an approved, system use notification message is displayed to all users attempting to gain system access before the user is granted system access. The ABC system notification message states that: • The user is accessing a U.S. Government information system. • System usage may be monitored, recorded, and subject to audit. • Unauthorized use of the system is prohibited and subject to criminal and civil penalties. • Use of the system indicates consent to monitoring and recording. b. This notification stays on the screen until the user explicitly click on "OK" to accept and acknowledge the use condition before proceeding. c. The ABC system is not a publicly accessible system. * AC-11 Session Lock a. The ABC System initiates a session lock after 15 minutes of inactivity or upon receiving a manual session lock request by the user b. This session lock remains in place until the user re-establishes access using approved credentials, identification and authentication procedures (i.e. username, password, token, pin, biometrics etc) *AC-11(1) SESSION LOCK | PATTERN-HIDING DISPLAYS The ABC system session lock is established using the agency public display logo. The free way to help the channel grow is by subscribing using the link below: https://www.youtube.com/c/KamilSec?su... *Control Selection Spreadsheet Template available for Download on my Patreon Page link below*********** https://www.patreon.com/kamilSec?fan_... ************Patreon & Channel Support****************** https://www.patreon.com/kamilSec?fan_... *******Order your KamilSec (KS) Designs Merch:********* https://kamilsec.creator-spring.com/ ************************************************************** CashApp: $Kamilzak Zelle: [email protected] Paypal: https://paypal.me/MZakari Thank You!!! ************************************************************* *I ALSO CONDUCT INDIVIDUALIZED RESUME AND INTERVIEW PREP SESSION* Connect with me on Social Media: Twitter:   / kamilzak_1​   Instagram: @Kamilzak1