Summary Q4

  • C&A analyst selects Recommended controls from NIST SP 800-53 base on the system categorization -Low, Moderate or High to develop the Security Control Baseline draft
  • C&A Analyst provides Draft of the Security Control Baseline to the ISSO and the System Owner for review
  • ISSO and System Owner identify common controlHybrid control, System Specific Control and Control Not applicable
  • The above process is called Tailoring of Security control baseline
  • Final Security Control Baseline is created after system owner and ISSO review and tailor the security control baseline
error: Content is protected !!