From the course: Implementing the NIST Risk Management Framework
Join today to access over 24,900 courses taught by industry experts.
Documenting risk assessment results
From the course: Implementing the NIST Risk Management Framework
Documenting risk assessment results
In conducting an assessment, the assessor needs to analyze the results and create a security assessment report. This step explains the process for analyzing assessment results based on the risks of threat sources, exploiting vulnerabilities with control deficiencies. Once risks are analyzed, they need to be documented in a risk assessment report and deficiencies documented in a plan of actions and milestone report. As a security assessor, you have three high-level tasks: to identify compliance control gaps, classify security and privacy risks, and document your analysis in your final assessment report. This can be placed in the FedRAMP Moderate Readiness Assessment Report template. You can find these templates on the FedRAMP website. In a previous video, I mentioned FedRAMP as a resource for information and templates that we use as a part of the NIST RMF. Note you can use the standard templates even if your organization is not a cloud service provider, and it's also used for non-cloud…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.