Selection Tasks - morgan-hanrahan/Tech-Journal GitHub Wiki

Provides a summary of tasks and expected outcomes for the RMF Select step

1. Control Selection - Selected are the control baselines required to safeguard the system in accordance with risk.

2. Control Tailoring - Customized controls result in customized control baselines.

3. Control Allocation - System-specific, hybrid, and common controls are the three types of controls. Controls are assigned to the various system components, such as the mechanical, physical, or human components.

4. Documentation of Planned Control Implementations - Security and privacy plans or comparable papers contain controls and related tailoring actions that are documented.

5. Continuous Monitoring Strategy - System - The system is given a continuous monitoring strategy that reflects the organizational risk management strategy.

6. Plan Review and Approval - The authorizing official reviews and approves security and privacy plans that reflect the selection of controls required to safeguard the system and the operational environment in line with risk.