This is the Risk Management Framework Exercise that measures competencies in imp

May 17, 2024

This is the Risk Management Framework Exercise that measures competencies in implementing this framework to support the Authorization and Risk Management for an information system and/or mission application. The NIST documents students use in this assessment are used not only in DoD but throughout the Federal government and NIST’s approach is consistent with how this is done throughout industry as well. 
During HCC engagement with employers in the area, the need for students to understand RMF was clearly identified. 
Students are required to review the following two videos before the exercise:
RMF that is presented by Frank Mayer, CISSP using a Creative Commons Licensed presentation by Professor Pinto of Old Dominion University. 
NIST Risk Management Framework Introduction l NIST Certification l ARECyber LLC 
The creator of this video licensed it under the Creative Commons so we can use it without restrictions and this is the link to this Video on You Tube https://www.youtube.com/watch?v=SBrBmSfUz2Y&feature=youtu.be
Review the attached RMF Slides to this assignment as well.
College-level writing is expected on all assignments; refer to assignment rubric.   This course capstone assignment is worth 10 percent of your grade and it will be a Three Part exercise that is only here in Blackboard, NOT in your course textbook and is outside of the virtual labs used for the other exercises
Part 1 – Properly Categorize a System  First Step in class you will go to this quick start link on The Risk Management Framework from NIST URL =   https://csrc.nist.gov/Projects/Risk-Management/Risk-Management-Framework-Quick-Start-Guides   and then you will use the National Institute of Standards and Technology  (NSIT) documents that are attached to this assessment here in Blackboard to complete this exercise. You will need to use all the documents just as references since you will not have the time to read all of them.
Your organization has competed the preparation  stage of the risk management  process and it is going to make sure that its new unmanned vehicle that is used to deliver parts and tools to units throughout the organization’s depot is secure and can securely perform its mission.  
You will Categorize the information system based on FIPS 199, NIST SP 800-60, and organizational guidance and then Document the categorization recommendation with your rationale and provide that as a document that is uploaded to Blackboard. You will upload your work for this assignment in Blackboard.   List the other members of your team on your input.
Second Step for Part 1 for the Student Team:  Go to Figure 1: NIST Risk Management Framework, on page 7 in the NIST Special Publication 800-60 Volume I, Revision 1. Study the figure.  In this exercise you will just be doing the categorization for the system described in the “System Description” document attached to this assessment in Blackboard.  You will use the High Water Mark of impact and Categorize this information system based on the potential impact to an organization and its ability to accomplish its mission, protect assets, fulfill its legal responsibilities, and maintain day-to-day functions; The generalized format for expressing the security category ( SC ) of an information system is: SC information system = {(confidentiality, impact) , (integrity, impact) , (availability, impact) }, where the acceptable values for potential impact are low, moderate, or high.
Write a brief paragraph that identifies what the impact level for this system should be for confidentiality, integrity, and availability and then based on your analysis determine what the overall system categorization should be, that is low, moderate, or high. 
Part 2 – Developing  Policy – Use the National Institute of Standards and Technology,  NISTR 7621, Small Business Information Security The Fundamentals, guide that is attached to this assignment and go to Appendix  E—Sample Policy & Procedure Statements, then create concise policy statements for the system described in the “System Description” document to address access control, both physical and access to the control laptop via password control and issuance, training requirements, contingency actions in case the system suddenly fails, and acceptable use of the system by the operators.  You are not expected to write a complete policy but you are expected to come up with what should be the top six policy statements that need to be used for the policy that is being developed. 
For example, one policy statement could be: All users of the laptop computer that controls the drone will have their own account and password that will be at least ten characters long and will consist of both letters, numbers, and special characters.  This password will be changed every three months. 
Part 3 – Case Study – You are in a security working group that is responsible to ensure that the system described in the “System Description” document attached to this assessment in Blackboard meets security requirements, that is security controls, in a manner that will not introduce significant risk to depot operations. The chief  network engineer, who has been working at the depot for thirty years, insists during the working group that the wireless link used to control the drone should not be encrypted as this would be a waste of time and resources.  He also argues that using encryption for this link could cause issues in the future as this system is being maintained.  The security control that applies to the requirement for wireless encryption is referenced by the Security Control Number AC-18(1) in Special Publication 800-53 Revision 4, Security and Privacy Controls for Federal Information Systems and Organizations.   
Based on your analysis completed  in part 1 of this assessment, what recommendation would you make as a team to the Senior Executive in charge of the depot and to the Senior Executive who is the Authorization Official at higher headquarters?  Your team must be able to rigorously defend your recommendation before Senior Executives who have a stake in this system’s operations so you must provide a strong and concise recommendation paragraph that your team can defend. 
Submit responses on a single three part Word Document through Blackboard, no later than xxxx (DUE DATE).  (Provide APA Style References on your submissions to refer to the NIST publications you cite in your team’s responses.)
PLEASE TEXT ME IF YOU HAVE ANY QUESTIONS! 
READ THE RUBRIC! 
I HAVE LINKS TO ALL OF THE INFORMATION! 
IT IS NOT REALLY AN ESSAY BUT RATHER RESPONSES ON A SINGLE THREE PART DOCUMENT! 
PLEASE READ RUBRIC CAREFULLY! 

Are you struggling with this assignment?

Our team of qualified writers will write an original paper for you. Good grades guaranteed! Complete paper delivered to straight to your email.

GET HELP WITH YOUR PAPER