From the course: Implementing the NIST Risk Management Framework
Join today to access over 24,700 courses taught by industry experts.
System Categorization Process
From the course: Implementing the NIST Risk Management Framework
System Categorization Process
As part of the NIST RMF Security Categorization, there are specific goals associated with NIST RMF Security Categorization. It provides a structured way to determine the criticality of the information being processed, stored and transmitted by the system. The system's category guides the selection of appropriate security controls in later phases, especially the Select step, and is fundamental to establishing an effective risk management strategy. Ultimately, the information owner or system owner or an individual designated by the owner is responsible for categorization of a system. The authorizing official, or AO, or their designated representative reviews the categorization, results and decisions. The RMF System Categorization steps include a preparation phase identifying information types, for example, if they are PII, personally identifiable information, or PHI, and then assessing the information types provisional impact values. In other words, it's a temporary value understanding…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.