NIST Framework – Applying Step 1 to 6

NIST Framework – Applying Step 1 to 6

1-

Following the categorization example we did in class, categorize your system. (You should come up with your system and system details as requested in Step 0).

Below are the requirements and instructions:

  • Use the template provided in class
  • Use NIST guiding documents to categorize
  • Your system categorization should include a minimum of 3 but no more than 5 Information Types referenced in the NIST SP 800-60 Volume II Revision 1.
  • Modify 3 or more of the NIST recommended Impact Level and provide justification for each.
  • Save your final document in pdf
  • Replace the “template” in the document file name with your system abbreviation and firstinitial_lastname.
  • Upload the file version pdf version of your document to canvas
  • Refer to the class syllabus for additional requirements and instructions.

____________________

2-

Following Step 2 class lecture, select the applicable NIST 800-53 security controls based on the overall categorization level you selected for your Step 1 activity.

Below are the requirements.

  • Use the template provided in class
  • Use NIST guiding documents to select controls
  • Select the controls that are at your systems categorization (based on Step 1)
  • Because NIST 800-53 controls are meant to be a baseline:
    • For LOW & MODERATE systems – You should add a minimum of 2 but no more than 3 higher-level controls that can be ADDED to your selected controls as it applies to your system. Provide a justification for why the controls should be added.
    • For HIGH systems – You should REMOVE 2 controls. Provide a justification for why the controls should be removed.

Use a separate excel sheet for the next steps:

  • Select a minimum of 10 controls and a maximum of 20 from a minimum of 5 families (you can select from all the families if you wish).
    • Select 3 common controls (you cannot use any – 1 controls such as AC-1, IA-1 etc.)
    • Select 3 inherited controls
    • Select 3 hybrid controls
    • Select 1 system specific control (keep in mind you will implement and audit the system specific control, so you should select a technical control)

    —————————————-3-Select one technical control at the categorization level of your Step 1 Activity. Implement the control, and provide a control implementation statement detailing how the control was implemented. (Not a step by step guide). But referencing the technology and process used. Use the Step 3 template provided.Please choose your control carefully, because you will provide implementation evidence as part of the next step.
    ____________________4-Using NIST 800-53A as a guide, assess your Step 3 security control implementation.Activities:

    1. Please provide the control implementation screenshot.
    2. Record your screen to show the effectiveness of your security control.
    3. Mark one of the operational control you selected in Step 2 as a finding. Document the finding in a POA&M.

    Requirements:

    • Your screen recording and picture should include showing your name, time and date stamp on your computer. (If you are using a Mac – you can enable all 3 on your menu bar, if you are using a Windows machine, use the date and time in the taskbar, and type your name in notepad, – For screenshot. The notepad should clearly show in visible fonts. For the video – the name should be typed as part of the video)
    • Your screen recording video should not be more than 5 minutes.
    • The screenshot should align with the implementation statement in Step 3.
    • Your assessment should show the effectiveness (NOT IMPLEMENTATION PROCESS) of your security control. Example: if you configure a password complexity to include special characters, then your video should show that using a password without special characters will fail.
    • The picture and video should be cross-platform. Meaning if you use an Apple device, it should viewable in Windows and vice versa. (I advise using the generic formats .jpg and .mp4)
    • For ease upload to Canvas, the video does not need to be in high-resolution (480p) is absolutely fine. But it should be readable. For the picture, if your device is set to smaller fonts. Please zoom it in so it is readable.

    Deliverables to submit (upload to Canvas):

    • Control Implementation Screenshot
    • Control Effectiveness Video
    • POA&M

    ____________________

-5&6

Use the FedRAMP ISCP Template attached to Section 2, 3, 4 5, and Appendix D as it relates to your system. Feel free to come up with the Business Impact and Disaster Recovery requirements. Try to justify the requirements. Refer to the ISACA book for a refresher on requirements like RPO, RTO, WRT, MTD, etc. This link provides high-level explanations:

https://defaultreasoning.com/2013/12/10/rpo-rto-wr…

Step 5 Activity:

This is the final step that makes or breaks the entire system. It determines if the system will go into production or not. It is imperative you follow these instructions carefully. Because of the importance of this part and how it is considered the most significant risk related to NIST RMF processes. I will take 5 points off if any of the requirements are missing. Also, the 5points do not include points I will take off due to activity errors.

  • Submit an ATO package (refer to Step 5 slide for ATO package requirements) – Basically, every deliverable you created during the NIST RMF steps. You should include the screenshot from step 4, but do not include the video evidence.
  • Your ATO package must include an ATO memo and also an SSP
  • Encrypt your ATO package. Do not encrypt every single file, but instead, you should put all the files in a folder and encrypt the folder.
    • Use a minimum of 128bits encryption key – this means whichever encryption algorithm you are using should support up to 128bits. I highly recommend using AES, considering you are encrypting at rest. There are tools like Encrypto, VeraCrypt, WinZip that supports AES. Whichever tool you decide to use, be sure it is cross-platform, meaning it works on both Windows and OSX. I use OSX Catalina.
    • Upload your encrypted ATO package to Canvas. But DO NOT upload the Encryption Key.
    • Save your encryption key is a .txt format – Please careful not to add space to your encryption. It creates an unnecessary struggle.
    • Email me the encryption key using Marymount’s default GMail (not Canvas, and not your personal email). The subject should follow this format: “firstname.lastname-SystemNameATOPackageKey” An example is: “Ibrahim.WaziriJr-IT727SystemATOPackageKey” – The body should only mention the name of the tool you use to encrypt and the .txt file attached. Remove any name signature in the body. (Again, be careful with the tool you use. Ensure it is supported both in Windows and Mac. Also, do not use a paid encryption tool unless you plan to pay for my license. I use VeraCrypt and Encrypto)
    • If I am confident with your ATO package, I will authorize your system and sign your package. Thereby issuing you an ATO approval. I will send it back using the same email channel. If I run into ANY issue with your package or your ATO artifacts, do not make sense. I will FAIL you by denying your ATO approval. (Believe it or not, the main reason systems fail to achieve ATO is not because of technical implementation, or difficulty in following NIST processes. It is due to agencies, contractors, and security personnel not following requirements, policies, and regulations.) – The same applies if I am unable to decrypt your package, or you missed any deliverable within the package.
Kijiji Tutors
Calculate your paper price
Pages (550 words)
Approximate price: -

Why Work with Us

Top Quality and Well-Researched Papers

We always make sure that writers follow all your instructions precisely. You can choose your academic level: high school, college/university or professional, and we will assign a writer who has a respective degree.

Professional and Experienced Academic Writers

We have a team of professional writers with experience in academic and business writing. Many are native speakers and able to perform any task for which you need help.

Free Unlimited Revisions

If you think we missed something, send your order for a free revision. You have 10 days to submit the order for review after you have received the final document. You can do this yourself after logging into your personal account or by contacting our support.

Prompt Delivery and 100% Money-Back-Guarantee

All papers are always delivered on time. In case we need more time to master your paper, we may contact you regarding the deadline extension. In case you cannot provide us with more time, a 100% refund is guaranteed.

Original & Confidential

We use several writing tools checks to ensure that all documents you receive are free from plagiarism. Our editors carefully review all quotations in the text. We also promise maximum confidentiality in all of our services.

24/7 Customer Support

Our support agents are available 24 hours a day 7 days a week and committed to providing you with the best customer experience. Get in touch whenever you need any assistance.

Try it now!

Calculate the price of your order

Total price:
$0.00

How it works?

Follow these simple steps to get your paper done

Place your order

Fill in the order form and provide all details of your assignment.

Proceed with the payment

Choose the payment system that suits you most.

Receive the final file

Once your paper is ready, we will email it to you.

Our Services

No need to work on your paper at night. Sleep tight, we will cover your back. We offer all kinds of writing services.

Essays

Essay Writing Service

No matter what kind of academic paper you need and how urgent you need it, you are welcome to choose your academic level and the type of your paper at an affordable price. We take care of all your paper needs and give a 24/7 customer care support system.

Admissions

Admission Essays & Business Writing Help

An admission essay is an essay or other written statement by a candidate, often a potential student enrolling in a college, university, or graduate school. You can be rest assurred that through our service we will write the best admission essay for you.

Reviews

Editing Support

Our academic writers and editors make the necessary changes to your paper so that it is polished. We also format your document by correctly quoting the sources and creating reference lists in the formats APA, Harvard, MLA, Chicago / Turabian.

Reviews

Revision Support

If you think your paper could be improved, you can request a review. In this case, your paper will be checked by the writer or assigned to an editor. You can use this option as many times as you see fit. This is free because we want you to be completely satisfied with the service offered.

See all services