Security Control Selection Phase 2
- C&A analyst selects Recommended controls from NIST SP 800-53 base on the system categorization-Low, Moderate or High to develop the Security Control Baseline draft
- C&A Analyst provides Draft of the Security Control Baseline to the information System Security Officer (ISSO) and the System Owner for review
- ISSO and System Owner identify common control, Hybrid control, system specific control and control Not applicable
- The above process is called Tailoring of Security control baseline
- Final Security Control Baseline is created after system owner and ISSO review and tailor the security control baseline
error: Content is protected !!
Accessing this course requires a login. Please enter your credentials below!