HomeGuidesAPI ReferenceChangelog
Guides

Categorization Utility

The Categorization utility dynamically applies controls to Security Plans or Components based on structured assessments. It supports a risk-based approach aligned with NIST RMF Steps 1 and 2 (Categorize and Select Controls). Use Categorization to automate control selection, reduce manual effort, and improve consistency in system authorization packages.

How to Use

Step 1: Create a Categorization Engine

  1. From the Modules menu, select Categorization Engines.
  2. Click Create New, enter a name (e.g., RMF Profile Builder), and save.
  3. Add True/False questions, mapping each to a Security Profile.
    • Tip: Create the needed Security Profiles in advance.
  4. As questions are answered True, the associated profiles will apply controls.
  5. Save the engine when finished.

Step 2: Apply the Engine

  1. Open a Security Plan or Component.
  2. In the Utility panel, select Categorization.
  3. Choose the Categorization Engine you want to use.
  4. Select applicable Information Types (e.g., Financial Management, Public Affairs).
    • These drive Confidentiality, Integrity, and Availability (CIA) levels.
  5. Complete the Assessment by answering each question.
  6. Review control totals and click Finish to apply.
  7. A modal shows a summary of:
    • New controls added
    • Duplicates skipped
    • Existing controls retained