Rmf Security Assessment Plan
11 community-sourced questions and answers. Free — no login.
Who must ensure that the security assessment plan is consistent with the security objectives of the organization and is cost-effective with regard to the resources allocated for the assessment?
Security Control Assessor
If you use eMASS to document security control assessment you should stop doing so.
False
Dodi 8510.01 dated March 2014 is the?
High level document that sets forth the policy stating RMF is to be used by DoD
Assessment procedure?
Are maintained by the RMF Techincal Advisory Group
The information system owner relies on the technical expertise and judgement of assessors to assess the security controls employed within or inherited by the information systems using assessment procedures specified in the security assessment plan.
True
Who has primary responsibility for all four tasks that comprise step 4 of the RMF?
Security Control Assessor
Security control assessments determine the extent to which the controls are implemented correctly, operate as intended, and produce the desired outcome with respect to meeting the security requirements for the information system.
True
When assessing security control compliance status
If vulnerabilities are found the control is recorded as compliant in the Security Assessment Report
Preparing for a security control assessment includes all of the following key activities, EXCEPT:
Identifying security controls that end users agree to support
Who approves the security assessment plan?
Security Control Assessor
The fourth step in the RMF process is to:
Assess Security Controls
Looking for a different version?
CBTs get updated every year. Search for the exact version you're taking (e.g. "cyber awareness 2025").
Search all study materials