PREPARE TASKS—SYSTEM LEVEL
Table 2 provides a summary of tasks and expected outcomes for the RMF Prepare step at the system level. Applicable Cybersecurity Framework constructs are also provided.
TABLE 2: PREPARE TASKS AND OUTCOMES—SYSTEM LEVEL
| Tasks | Outcomes | |||
| TASK P-8 MISSION OR BUSINESS FOCUS | • Missions, business functions, and mission/business processes that the system is intended to support are identified. [Cybersecurity Framework: Profile; Implementation Tiers; ID.BE] | |||
| TASK P-9 SYSTEM STAKEHOLDERS | • The stakeholders having an interest in the system are identified. [Cybersecurity Framework: ID.AM; ID.BE] | |||
| TASK P-10 ASSET IDENTIFICATION | • Stakeholder assets are identified and prioritized. [Cybersecurity Framework: ID.AM] | |||
| TASK P-11 AUTHORIZATION BOUNDARY | • The authorization boundary (i.e., system) is determined. | |||
| TASK P-12 INFORMATION TYPES | • The types of information processed, stored, and transmitted by the system are identified. [Cybersecurity Framework: ID.AM-5] | |||
| TASK P-13 INFORMATION LIFE CYCLE | • All stages of the information life cycle are identified and understood for each information type processed, stored, or transmitted by the system. [Cybersecurity Framework: ID.AM-3; ID.AM-4] | |||
| TASK P-14 RISK ASSESSMENT—SYSTEM | • A system-level risk assessment is completed or an existing risk assessment is updated. [Cybersecurity Framework: ID.RA; ID.SC-2] | |||
| TASK P-15 REQUIREMENTS DEFINITION | • Security and privacy requirements are defined and prioritized. [Cybersecurity Framework: ID.GV; PR.IP] | |||
| TASK P-16 ENTERPRISE ARCHITECTURE | • The placement of the system within the enterprise architecture is determined. | |||
| TASK P-17 REQUIREMENTS ALLOCATION | • Security and privacy requirements are allocated to the system and to the environment in which the system operates. [Cybersecurity Framework: ID.GV] | |||
| TASK P-18 SYSTEM REGISTRATION | • The system is registered for purposes of management, accountability, coordination, and oversight. [Cybersecurity Framework: ID.GV] | |||
Quick link to summary table for RMF tasks, responsibilities, and supporting roles.
Table of contents
- • MISSION OR BUSINESS FOCUS, TASK P-8
- • SYSTEM STAKEHOLDERS, TASK P-9
- • ASSET IDENTIFICATION, TASK P-10
- • AUTHORIZATION BOUNDARY, TASK P-11
- • INFORMATION TYPES, TASK P-12
- • INFORMATION LIFE CYCLE, TASK P-13
- • RISK ASSESSMENT—SYSTEM, TASK P-14
- • REQUIREMENTS DEFINITION, TASK P-15
- • ENTERPRISE ARCHITECTURE, TASK P-16
- • REQUIREMENTS ALLOCATION, TASK P-17
- • SYSTEM REGISTRATION, TASK P-18