ENG 352 – Categorizing Systems and Information within the RMF

Course Overview

Security categorization provides a structured way to determine the criticality and sensitivity of the information being processed, stored, and transmitted by an information system. This course provides learners with an understanding of how to categorize the system and the information using the NIST SP 800-37 Rev. 2 Risk Management Framework.

After completing this course you will be able to:

• Identify all information types based on the system boundary
• Categorize information (processed, stored, or transmitted) by the potential adverse impact that information being compromised as regards confidentiality, integrity or availability
• Ensure the security categorizations are consistent with roles, operating environment, connectivity, and intended use