Cyberfirst solutions
Cyberfirst solutions
  • Home
  • About
  • Contact
  • Training
    • Payment Installment 2
    • Payment Installment 3 >
      • Services
  • Security Questioniare
  • News
  • Jobs
  • Cyber Blog
  • Open House
  • ISSO and RMF training
  • Cybersecurity Risk Management Jobs
  • CyberFirst Interviews
  • Home
  • About
  • Contact
  • Training
    • Payment Installment 2
    • Payment Installment 3 >
      • Services
  • Security Questioniare
  • News
  • Jobs
  • Cyber Blog
  • Open House
  • ISSO and RMF training
  • Cybersecurity Risk Management Jobs
  • CyberFirst Interviews

Cyber Blog

ISSO\RMF Training Questions (Please note, your name and question will be publicly posted and seen by others online. Do not post any sensitive information or information that can put you or your client at risk)

12/3/2020

2 Comments

 
2 Comments
Raphael Osamor
12/11/2020 07:22:44 am

sir Yinka;

Is it the information system owner that is responsible for the continuous monitoring phase? or just the responsible party but others may be assign to handle the phase?

Thanks!!!

PR

Reply
CyberFirst Solutions
12/11/2020 09:18:33 am

Hello,

The System Owner, though listed as the responsible party in NIST 800-37, does not do all the leg work in this Phase. The ISSO updates implementation statements if need be and uploads artifacts for the Assessor to assess. The Assessor assesses the controls, reviews the implementation statement and passes or fails the control.

The ISSO then briefs the System Owner on the status of the continuous monitoring (Sir/Madam, this is how many controls failed, this is how many passed). System Owner approves is briefed before, during and after continuous monitoring and signs any documents needed

Reply



Leave a Reply.

    CyberFirst Solutions

    What's new in the world of Cybersecurity?

    Archives

    December 2020
    September 2018

    Categories

    All

    RSS Feed

Proudly powered by Weebly