DISCUSS DIFFERENCES BETWEEN CONTROLS IDENTIFIED FOR LOW, MODERATE, AND HIGH “WATERMARK” SYSTEMS.

DISCUSS DIFFERENCES BETWEEN CONTROLS IDENTIFIED FOR LOW, MODERATE, AND HIGH “WATERMARK” SYSTEMS.
November 9, 2019 Off All,

Description

Background Reaching back to step-1 of the Risk Management Framework (Categorize), the C-I-A impact level for your system was identified. In RMF step-2 (Select), security controls required for hardening of the system are driven off the highest-level of the C-I-A triad. For example, a system impact of M-L-L would be considered to have an overall risk-impact of “M” or “Moderate”. This is also known as the system’s security “watermark”, and is used for identifying control enhancements. Deliverables Submit an APA-formatted paper, 750 words minimum (at least 3 pages), that includes all deliverables listed below. Reminder: Assume you are using your home computer for work, connecting to the company network through a Virtual Private Network (VPN). 1) System watermarks and selection of security controls: Refer to Appendix-D of NIST 800-53 (Unit-2 assigned reading), pages 108 – 115 of the PDF file. a) Discuss differences between controls identified for Low, Moderate, and High “watermark” systems. b) Explain pros and cons of additional control enhancements assigned to Moderate and High systems. c) Based on the system’s C-I-A level you assessed in Unit-1: Determine if the level of controls for your system are appropriate, or recommend upgrade/downgrade of your “watermark”. d) Use section 3.2, page 30 – 36 (53 – 59 of the PDF file), to select additional control enhancements where applicable. 2) Common Control Providers: Refer to chapter 3.2 of NIST 800-37 (Unit-2 assigned reading). a) Explain the benefit of common control providers. b) Identify and recommend common control providers for your system. APA Requirements Standard APA formatting is required. This includes in-text citations, references page, title page, section headings, running head, etc.