ENG 354 – Authorizing and Monitoring System Controls within the RMF

Course Overview

Authorizing and monitoring security controls provides an understanding of security posture and provides an indication of whether or not cybersecurity controls are operating as intended. This course provides learners with an understanding of the Authorization and Monitoring steps of the NIST SP 800-37 Rev. 2 Risk Management Framework.

After completing this course you will be able to:

• Provide organizational accountability by requiring a senior management official to determine if the security and privacy risk to operations, assets, and individuals is acceptable
• Report authorization decisions, significant vulnerabilities, and risks to organizational officials | Monitoring the system and the associated controls on an ongoing basis
• Document changes to the system and environment of operation
• Conduct risk assessments and impact analyses | Reporting the security and privacy posture of the system