Assessment Tasks - morgan-hanrahan/Tech-Journal GitHub Wiki

Provides a summary of tasks and expected outcomes for the RMF Assess step.

1. Assessor Selection -

   • The control evaluations are carried out by an assessor or an assessment team.
   • The chosen assessor or assessment team achieves the proper level of independence.

2. Assessment Plan -

   • The assessor or assessment team is given the documentation they require to conduct the assessments.
   • Plans for security and privacy evaluation are created and recorded.
   • Plans for security and privacy assessments are examined and authorized in order to determine the standards for control assessments and the level of effort needed.

3. Control Assessments -

   • The security and privacy assessment plans are followed when conducting control evaluations.
   • Opportunities for reusing assessment results from earlier assessments to speed up and reduce the cost of the risk management process are taken into consideration.
   • In order to execute control evaluations more quickly, effectively, and efficiently, automation is used to its fullest extent.

4. Assessment Reports - Reports on security and privacy assessments are finished, including conclusions and suggestions.

5. Remediation Actions -

   • Remedial measures are conducted to rectify flaws in the controls put in place in the system and operating environment.
   • Plans for security and privacy are updated to reflect modifications to control implementation made in response to assessments and subsequent corrective actions.

6. Plan of Action and Milestones - The development of a plan of action and key performance indicators outlining corrective measures for unacceptable risks found in security and privacy assessment reports.