Month: October 2023

PM-5: System Inventory

RMF Control PM-5: System Inventory requires organizations to maintain an accurate and up-to-date inventory of all information systems and their components. This inventory must include the following information: Supplemental Guidance…

CA-6: Authorization

RMF Control CA-6: Authorization requires organizations to authorize the operation of information systems and the processing, storage, and transmission of information by those systems. This authorization must be based on…

AT-6: Training Feedback

RMF Control AT-6: Training Feedback requires organizations to solicit and incorporate feedback from personnel to continually improve the effectiveness of information security and privacy training. Supplemental Guidance The Risk Management…

AT-4: Training Records

RMF Control AT-4: Training Records requires organizations to document and monitor individual information security and privacy training activities, including security and privacy awareness training and specific role-based security and privacy…