- C&A analyst selects Recommended controls from NIST SP 800-53 base on the system categorization -Low, Moderate or High to develop the Security Control Baseline draft
- C&A Analyst provides Draft of the Security Control Baseline to the ISSO and the System Owner for review
- ISSO and System Owner identify common control, Hybrid control, System Specific Control and Control Not applicable
- The above process is called Tailoring of Security control baseline
- Final Security Control Baseline is created after system owner and ISSO review and tailor the security control baseline
error: Content is protected !!
Accessing this course requires a login. Please enter your credentials below!