What’s important to note about the SELECT step within the NIST RMF for DoD Contractors?
- Arlington Security Portal - Show on: Side Bar
Once the system has been appropriately categorized, (HIGH, MODERATE, LOW), the applicable security and privacy controls from NIST SP 800-53 will then be appropriately assigned. Per NIST, Security controls are the safeguards or countermeasures employed within an organizational system to protect the confidentiality, integrity, and availability of the system and its information. Privacy controls are administrative, technical, and physical safeguards employed within an organization to protect an individual, ensure compliance with applicable privacy requirements, and manage privacy risks.
As discussed earlier, regulatory compliance mandates from outside your organization will often determine the IMPACT LEVEL (HIGH, MODERATE, LOW) to comply with for purposes of FedRAMP, FISMA, etc.), which in turn determine the actual number of NIST SP 800-53 controls that will be in scope.
Trusted Providers of NIST RMF Services & Solutions
Arlington offers the following NIST RMF services & solutions to DoD and other federal contractors:
- Compliance Reporting for FedRAMP, FISMA, eMASS, CMMC, 800-171, ITAR/EAR, and more.
- Scoping & Gap Assessments
- Policies & Procedures Development
- Program Documentation Development
- System Security Plans (SSP)
- Security Assessment Reports (SAR)
- Remediation Assistance
- ATO Assistance
