Categorization Utility
The Categorization utility dynamically applies controls to Security Plans or Components based on structured assessments. It supports a risk-based approach aligned with NIST RMF Steps 1 and 2 (Categorize and Select Controls). Use Categorization to automate control selection, reduce manual effort, and improve consistency in system authorization packages.
How to Use
Step 1: Create a Categorization Engine
- From the Modules menu, select Categorization Engines.
- Click Create New, enter a name (e.g., RMF Profile Builder), and save.
- Add True/False questions, mapping each to a Security Profile.
- Tip: Create the needed Security Profiles in advance.
- As questions are answered True, the associated profiles will apply controls.
- Save the engine when finished.
Step 2: Apply the Engine
- Open a Security Plan or Component.
- In the Utility panel, select Categorization.
- Choose the Categorization Engine you want to use.
- Select applicable Information Types (e.g., Financial Management, Public Affairs).
- These drive Confidentiality, Integrity, and Availability (CIA) levels.
- Complete the Assessment by answering each question.
- Review control totals and click Finish to apply.
- A modal shows a summary of:
- New controls added
- Duplicates skipped
- Existing controls retained
Updated 6 days ago