Its important to understand that the controls are recommended, not mandatory. But a contingency plan, or counter process or POAM is needed in its place.
You mentioned artifacts at 8:30 when going through an audit. Would you please list some examples of an artifact? Would an artifact include screenshots that controls have been met?
Just a quick question on step 3 and 4,why don't we assess the situation before we implement,if we implement before and find out the situation is on different level and now we can't asses it.just asking.
Risk assessments are done even prior to step 1, into step 1, and after step 1. Doing this sets things up prior to selection of security controls. Also, during step 3 (Implementation), the information system isn't "live" yet. It's still undergoing testing/evaluation. The system doesn't go live until after the Authorizing Official approves the system for operation. In any case for the sake of this discussion, the system stays relatively safe until it becomes operational.
There are also two types of assessments: security control assessments (what you're talking about) and risk assessments. They're both different but related to each other.
Great explanations with a lot of useful details such as using NIST SP 800-53 and 800-53A. I've gone over this several times and picked up new things each time so I really get RMF now. One thing I disagree on is at ruclips.net/video/1LgJVxvE8AY/видео.html about PHI availability being low. I think in most situations it should be highly available for medical emergencies. But still, a great lesson on RMF - probably one of the best, if not the best.
Great overview! The high level reminders, and newly learned details, are greatly appreciated!
Thanks! We appreciate the feedback!
Great video! I'm new to RMF but your teaching-learning presentation style made this easy to comprehend. Thank you.
oml this is the best explanation I've seen so far. Many thanks!
Well done! This is a huge process within DoD.
Nice overview of RMF. Thanks was very helpful.
Awesome job... Well spoken! I appreciate the information and details.
Excellent video, Christian, thank you!
Its important to understand that the controls are recommended, not mandatory. But a contingency plan, or counter process or POAM is needed in its place.
Excellent video - well explained - thanks!
Excellent Overview of RMF
Yes, latest RMF step is now -Prepare. Therefore, it should be 7 steps for RMF now.
You mentioned artifacts at 8:30 when going through an audit. Would you please list some examples of an artifact? Would an artifact include screenshots that controls have been met?
Thank you for the explanation. Great video.
useful/informative - good intro to the big world of RMF and its associated topics
Thanks for the the overview. Very informative. Can you make another video that goes a little more in-depth?
Just came by to fact check...very good video/explanation.
Thank you for the video. This was explained simply enough for me to understand :)
Best Video, very easy to understand
analyzed it perfectly thank you
Great Video !
감사합니다👏🏼
Nice job!
How do you obtain the RMF certification
Excellent
Very useful!
Thanks a lot
Very simple and detailed
This was very useful! Thank you!
Are these relevant in usual enterprise IT situations ?
Nice overview. Thanks.
Really well done!
Great video
Great video 👍
Good video. What statistics do you capture for RMF?
You're missing the new addition to 800-37 rev2, which is Prepare.
Great video. You made it look do easy. Any detailed version of this RMF video ?
Thanks for the video mate!
Thanks Sir!
Nice
GREAT STUFF
Thx bro!!!
Good job sir, am interested in the 4 days class. Can u sent me the link sir
Just a quick question on step 3 and 4,why don't we assess the situation before we implement,if we implement before and find out the situation is on different level and now we can't asses it.just asking.
Risk assessments are done even prior to step 1, into step 1, and after step 1. Doing this sets things up prior to selection of security controls. Also, during step 3 (Implementation), the information system isn't "live" yet. It's still undergoing testing/evaluation. The system doesn't go live until after the Authorizing Official approves the system for operation. In any case for the sake of this discussion, the system stays relatively safe until it becomes operational.
There are also two types of assessments: security control assessments (what you're talking about) and risk assessments. They're both different but related to each other.
Good overview. I need that link for your RMF course. Please provide link
please did you get the link for the RMf course? if yes can you p[ease send it to me
Great explanations with a lot of useful details such as using NIST SP 800-53 and 800-53A. I've gone over this several times and picked up new things each time so I really get RMF now. One thing I disagree on is at ruclips.net/video/1LgJVxvE8AY/видео.html about PHI availability being low. I think in most situations it should be highly available for medical emergencies. But still, a great lesson on RMF - probably one of the best, if not the best.
This doesn’t seem very high level. Just another overview with a few specific examples given.
It is a good summary though. Just call it what it is.
Isn't an overview inherently high level?
i love risjk of rain 2 :))()
Miller Sarah Clark Laura Taylor Kimberly
Young Deborah Hernandez Susan White Lisa
Nice job! I am thumbs up #178!