Risk Management Framework NIST 800 Step 1 Categorization

convocourses.com
Join Our Community

Risk Management Framework NIST 800 Step 1 Categorization

This is an introduction to Step 1, Categorization of the NIST SP 800-37, Risk Management Framework process. Categorization consists of three primary steps:
1) Determining the Security Categorization of the information system. This is done by breaking down the primary information types on the system. You can get great guidance on this from FIPS 199 and NIST SP 800-60 (Volume I-II).
2) Create a System Description. This is really the first step to creating a System Security Plan and it leads to registering the systems.
3) Register the system. This means that you need to advertise the the system to all the stakeholders of the system in the organization. Organizations usually have a method of doing this with a database that can be seen by upper-level management.

 

 

 

Leave a Comment

Your email address will not be published. Required fields are marked *

Join the ConvoCourses Community for insights, offers, and exclusive learning updates!

Join the ConvoCourses Community

Shop GRC, Cyber, and IT books, audio, and merch!

Shop Now

Create your personalized GRC RoadMap and take control of your learning and career growth.

Start TODAY!

Check out Bruce’s Cyber GRC books on Amazon and elevate your governance, risk, and compliance skills.

Shop Now
Scroll to Top