In this four part podcast series, CSIAC subject matter experts (SMEs) conduct a roundtable discussion of the first step of the Risk Management Framework (RMF) process, Categorization, focused specifically on Industrial Control Systems (ICS). The main objective of the categorization phase is to project the potential negative effects upon an organization should certain assets become compromised. This would include the CIA Triad – Confidentiality, Integrity and Availability (CIA) – involving the systems within an enterprise and the associated data those systems may process, store or transmit. Based upon the assessment of the possible risks, certain processes or tasks may be employed to mitigate the potential adverse impacts.
In part two of the RMF Categorization podcast series, the SMEs discuss the process of accurately identifying information types. The identification of the information types establishes the foundation for the system security program. The information types serve as the baseline by which the mission owner as well as the adversary both measure success. Information types allow the system owner to respond to cybersecurity risks by utilizing specified security requirements.
CAC/PIV holders can watch or download the podcast here: https://www.dodtechipedia.mil/dodwiki/download/attachments/600342610/2020-02-csiac-podcast-risk-management-framework-rmf-categorization-part-2.mp4