RMF & The Context
This NIST Special Publication is the primary guide used for the "Monitor Security State" phase.
What is SP 800-137?
The ISCM process is described as this because it is a repeating management loop.
What is a cyclical process?
Configuration Management is the process of maintaining system integrity through this.
What is controlled change?
Task 7 involves these procedures, such as data sanitization and removing network connections.
What are Information System Disposal Procedures?
This person is accountable for the system security posture and ensures the monitoring strategy is implemented.
Who is the System Owner?
Within the Risk Management Framework (RMF), "Monitor" is officially designated as this step.
What is Step 6?
This first stage of the ISCM cycle involves creating a strategy based on organizational risk tolerance.
What is Define?
This analysis is required to determine if proposed changes like software upgrades alter the security state.
What is a Security Impact Analysis (SIA)?
Task 5 requires reporting security status to this specific official on an ongoing basis.
Who is the Authorizing Official (AO) (or CIO)?
This tool collects and analyzes logs and is used to report system security posture.
What is a SIEM?
In Step 1, this task is performed to define the system and the impact level of its information.
What is Categorize?
This stage involves determining metrics, monitoring frequencies, and technical architecture.
What is Establish?
This management activity ensures that documentation like the SSP accurately reflects the current system state.
What is Baseline Management?
Task 2 involves recurring assessments of these to verify their ongoing effectiveness.
What are Security Controls?
This type of analysis uses empirical data to determine if monitoring frequencies need to be modified.
What is Trend Analysis?
In Step 5, senior leadership reviews the risk to grant this specific authorization.
What is an ATO (Authority to Operate)?
In the "Respond" stage, an organization must determine if they will mitigate, avoid, or do this with a risk.
What is Accept (or Transfer/Share)?
Corrective actions must be initiated and these documents updated if changes affect the system's security state.
What are the SSP and POA&Ms?
Task 1 involves evaluating changes to the system and this other factor.
What is the Environment (of operation)?
To support continuous awareness, monitoring uses these automated technical visuals.
What are dashboards?
The goal of Step 6 is to maintain this type of awareness to support risk-based decisions.
What is ongoing awareness?
This final stage of the cycle involves maturing measurement capabilities and adjusting the strategy.
What is Review & Update?
CM focuses on initializing, changing, and monitoring configurations throughout this entire period.
What is the system life cycle?
Task 3 prioritizes these based on risk, impact, and remediation feasibility.
What are vulnerabilities?
This specific role independently assesses control effectiveness and identifies residual risk.
Who is the Security Control Assessor (SCA)?