MP-6: Media Sanitization
RMF Control MP-6: Media Sanitization requires organizations to sanitize media before it is disposed of or reused to prevent unauthorized access to information. Media can include hard drives, solid-state drives,…
MA-3: Maintenance Tools
RMF Control MA-3: Maintenance Tools requires organizations to inspect and control maintenance tools to protect information systems from unauthorized access or modification. Maintenance tools can include hardware, software, and firmware…
IR-5: Incident Monitoring
RMF Control IR-5: Incident Monitoring requires organizations to track and document information system security incidents. This includes identifying incidents, assessing their impact, and taking steps to mitigate the impact and…
IA-5: Authenticator Management
RMF Control IA-5: Authenticator Management requires organizations to select, implement, and manage authenticators to verify the identity of users attempting to access information systems or data. Supplemental Guidance The Risk…
CP-5: Contingency Plan Update
RMF Control CP-5: Contingency Plan Update is a withdrawn control that was incorporated into RMF Control CP-2: Contingency Plan. Supplemental Guidance The Risk Management Framework (RMF) is a cybersecurity framework…
CM-4: Impact Analyses
RMF Control CM-4: Impact Analyses requires organizations to perform impact analyses to identify and assess the potential impacts of changes to information systems on security and privacy. This includes assessing…
CA-2: Control Assessments
RMF Control CA-2: Control Assessments requires organizations to assess the implementation and effectiveness of security controls. This includes assessing the controls that are in place to protect information systems and…
AU-12: Audit Record Generation
RMF Control AU-12: Audit Record Generation requires organizations to generate audit records for auditable events. Audit records are records of events that occur on information systems. They can be used…
SR-5: Acquisition Strategies, Tools, and Methods
RMF Control SR-5: Acquisition Strategies, Tools, and Methods requires organizations to implement strategies, tools, and methods to protect their supply chains and ensure that they are acquiring secure information systems…
SI-7: Software, Firmware, and Information Integrity
RMF Control SI-7: Software, Firmware, and Information Integrity requires organizations to implement integrity verification tools to detect unauthorized changes to software, firmware, and information. Supplemental Guidance The Risk Management Framework…