What does FISMA require and how does RMF relate?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Study for the Information Systems Technician Second Class (IT2) Advancement Exam with our extensive set of flashcards and multiple-choice questions. Each question is accompanied by hints and thorough explanations. Enhance your knowledge and prepare for success!

Multiple Choice

What does FISMA require and how does RMF relate?

Explanation:
FISMA requires federal agencies to protect information and information systems with a formal, risk-based information security program, including documented processes, periodic assessments, authorization, and ongoing monitoring. RMF provides the practical way to implement those requirements. It gives a structured, repeatable process for selecting and applying security controls (from a standard catalog, such as NIST SP 800-53), tailoring them to the system’s impact level, implementing and assessing them, obtaining authorization to operate, and continuously monitoring the security posture. RMF is not about prescribing encryption algorithms; encryption is one of many possible controls within the catalog, chosen based on risk. The DoD/Navy have adopted RMF as their approach to meet FISMA, but RMF itself is a broader framework used across federal agencies to achieve compliant, ongoing security.

FISMA requires federal agencies to protect information and information systems with a formal, risk-based information security program, including documented processes, periodic assessments, authorization, and ongoing monitoring. RMF provides the practical way to implement those requirements. It gives a structured, repeatable process for selecting and applying security controls (from a standard catalog, such as NIST SP 800-53), tailoring them to the system’s impact level, implementing and assessing them, obtaining authorization to operate, and continuously monitoring the security posture. RMF is not about prescribing encryption algorithms; encryption is one of many possible controls within the catalog, chosen based on risk. The DoD/Navy have adopted RMF as their approach to meet FISMA, but RMF itself is a broader framework used across federal agencies to achieve compliant, ongoing security.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy