Authorize |
A. Information systems and internal information are grouped based on impact. |
|
Supplement |
B. The step where an initial set of security controls for the information system are chosen and tailored to obtain a starting point for required controls |
|
Monitor |
C. |
Assess |
10. |
Categorize |
D. Step where the original and supplement controls are put in writing |
11. |
Document |
E. Original and supplement controls are applied to the system. |
12. |
Select |
F. Security controls are evaluated to see if they are implemented correctly and are operating as intended. |
13. |
G. Evaluation of risk to organizational operations, organizational assets, or individuals that leads to this action |
|
14. |
Implement |
H. Requires checking and assessing the selected security controls in the information system on a continuous basis |