Assess controls, risks, issues, and remediation tasks
Within the NIST RMF application, the Assess section involves performing security control attestations, evaluating the control effectiveness, managing associated risks and issues, and performing remediation tasks.
Note:
Starting with version 10.1.0, the NIST RMF Use Case Accelerator will be supported only for customers who currently use the product. New and existing customers should consider using the GRC: Continuous Authorization Monitoring application. For
details, Continuous Authorization and Monitoring.
Broadly, assessment also involves managing the controls, risks, issues, and remediation tasks
that stem from the implementation of the security controls.
Note:
The NIST RMF application provides read-only
access to the content. Update the content following the standard GRC procedures, as outlined in
the Policy and Compliance Management, Risk Management, and/or Audit Management applications.
Users can:
- review and perform control attestations currently in the system relating to NIST RMF security attestations
- view all control tests, highlighting the control and current effectiveness of each control test in place
- manage and address any risks stemming from risk statements having a content source of NIST 800-53.r4
- identify risks and perform their assessments
- view a list of issues and remediation tasks stemming from the implementation of security controls and related risks having a content source of NIST 800-53 r4