NIST 800-53 & RMF
Risk Management Framework
RMF Approach
Our Services
B3Cyber offers a customizable suite of RMF solutions. from individual consultations to comprehensive management of your entire compliance program.
We have extensive experience with Authorization to Operate (ATO) packages and can provide the expertise to minimize your risk and resource consumption.
Categorize
(System)
- IAW CNSSI 1253
- Initiate Security Plan
- Register with DoD CCP
- Assign personnel to RMF roles
Select
(Controls)
- Common Control ID
- Select Security Controls
- Develop continuous monitoring strategy
- Review and approve SSP
- Apply overlays and tailor
Implement
(Controls)
- Consistent with DoD architectures
- Document control implementation in SSP
Assess
(Controls)
- Develop Security Assessment Plan
- Assess security controls
- Prepare Security Assessment Report
- Conduct initial remediation actions
Authorize
(System)
- Prepare POA&M
- Submit Security Authorization Package to AO
- AO conducts final risk determination
- AO makes authorization decision
Monitor
(Controls)
- Determine impact of changes
- Assess controls annually
- Conduct needed remediation
- Update security plan
- Report security status to AO