RMF Step 3: Implement

In RMF Step 3, "Controls specified in the security and privacy plans are implemented." [Cybersecurity Framework: PR.IP-1] In this module we will back up a step to draft the Security Assessment Plan (SAP) to define what testing will be conducted in Step 3.

Assignment Requirements

1. Download the SAP Template. Part of it has been filled in with the testing you are evaluating in Assignment 6.2.
2. Complete the first tab with the information provided in your chosen RMF scenario.
3. Based on your systems hardware and software list, use the DISA STIG library to determine which STIGs will be applied in RMF Step 3. Add those to the list on Tab 2.

Submission Requirements

• Format: Microsoft Excel
• Use the assignment link about to submit your spreadsheet

CoursHeroTranscribedText: A B C D E F G H J 1 NAME: FILL IN THE SHADED BLOCKS SLE Frequency SLE Frequency ARO ALE (Pre) (Pre) ARO (Pre) ALE (Pre) (Post) (Post) (Post) (Post) Programmer Mistakes 52,001 1 per week 52,001 1 per month Loss of Intellectual Property $48,000 2 per year $48,000 1 per 2 year Software Piracy $1,000 1 per quarter $1,000 1 per year Theft of Information (External) $4,200 1 per month $4,200 2 per year Theft of Information (Internal) $5, 100 3 per year $5,100 1 per year Web Defacement $1,000 1 per week $1,000 1 per year 9 Theft of Equipment $4,000 1 per quarter $5,000 1 per 2 year 10 Viruses, Worm, Trojan Horses $500 1 per week $500 1 per month 11 DoS Attack $4,000 2 per year $4,000 1 per year 12 Earthquake $250,000 1 per 20 years $35,000 1 per 20 year 13 Flood $250,000 1 per 20 years $30,000 1 per 20 years 14 Fire $550,000 1 per 10 years $55,000 1 per 10 year 15 16 17 Cost of 18 Control Type of Control CBA 19 Programmer Mistakes $12,000 Training 20 Loss of Intellectual Property $6,500 FirewallIDS 21 Software Piracy $6,500 Firewall/IDS Theft of Information (External) 56,500 FirewallIDS 23 Theft of Information (Internal) $11,000 Phys. Security 24 Web Defacement $5,000 Firewall 25 Theft of Equipment 511,000 Phys. Security 26 Viruses, Worm, Trojan Horses $9,000 Antivirus 27 DoS Attack $4,500 Firewall 28 Earthquake $3,500 Insurance/Backup 29 Flood $8,000 Insurance/Backup 30 Fire $3,500 Insurance/Backup 21

1 NAME: 3 Programmer Mistakes 4 Loss of Intellectual Property 5 Software Piracy 6 Theft of Information (External) 7 Theft of Information (Internal) 8 Web Defacement 9 Theft of Equipment A 10 Viruses, Worm, Trojan Horses 11 DoS Attack 12 Earthquake 13 Flood 14 Fire 15 16 17 18 19 Programmer Mistakes 20 Loss of Intellectual Property 21 Software Piracy 22 Theft of Information (External) 23 Theft of Information (Internal) 24 Web Defacement 25 Theft of Equipment 26 Viruses, Worm, Trojan Horses 27 DoS Attack 28 Earthquake 29 Flood 30 Fire 31 B FILL IN THE SHADED BLOCKS SLE Frequency (Pre) (Pre) ARO (Pre) ALE (Pre) $2,001 1 per week $48,000 2 per year $1,000 1 per quarter $4,200 1 per month $5,100 3 per year $1,000 1 per week $4,000 1 per quarter $500 1 per week $4,000 2 per year $250,000 1 per 20 years $250,000 1 per 20 years $550,000 1 per 10 years Cost of Control Type of Control $12,000 Training $6,500 FirewalVIDS $6,500 Firewall/IDS $6,500 FirewalVIDS $11,000 Phys. Security $5,000 Firewall $11,000 Phys. Security $9,000 Antivirus $4,500 Firewall $3,500 Insurance/Backup $8,000 Insurance/Backup $3,500 Insurance/Backup D CBA E F G H SLE (Post) Frequency (Post) $2,001 1 per month $48,000 1 per 2 year $1,000 1 per year $4,200 2 per year $5,100 1 per year $1,000 1 per year $5,000 1 per 2 year $500 1 per month $4,000 1 per year $35,000 1 per 20 year $30,000 1 per 20 years $55,000 1 per 10 year ARO ALE (Post) (Post)