RMF (Risk Management Framework) Rubik's CUBE
CUBE implements a web-based workflow to select the RMF security and privacy controls for federal information systems and organizations. It helps organization to craft Security Controls for a system to meet operations as well as the constraints due to applicable laws, directives, Executive Orders, policies, standards, or regulations.
CUBE: A Select-Control workflow from RMF Questionnaires to Security Controls
What is CUBE?
CUBE is a web-based tool for an organization to conveniently customize the RMF Security Controls for government and enterprise information systems (e.g., cloud). Control Selection follows the FISMA metrics, SP 800-53 controls, FedRAMP standard, and/or NIST CSF baselines.
Why use CUBE?
CUBE offers 4C-value for control selection: COMPLIANCE with security and privacy risk Standards, CONFIDENCE with security and privacy risk protection, CONVENIENCE with organization-wide RMF Controls Selection and Implementation, and COST-SAVING with a balance of cost and risk.
Who use CUBE?
Organizations involving with Federal Information Systems, Enterprise Information Systems, Risk Management Framework, Federal Government and Critical Infrastructure, Information Audit & Accountability, Contingency Planning, Federal Information Security, Risk Assessment, Information Vulnerability Management, Clouds, Security Requirements, FIPS Publication 199, FIPS Publication 200, FISMA, Privacy Act, Office of Management and Budget, Securing Agency Information Systems.
CUBE is an information architecture tool built on FedRAMP compliance, FISMA metrics, NIST SP 800-53 controls, and NIST CSF standards. In addition, it composes other frameworks and specifications like CSA’s Trusted Cloud Initiative Reference Architecture, NIST Cloud Security Reference Architecture, and many others.
CUBE outputs the Security and Privacy Controls in standardized formats, including human readable (e.g., PDF) and machine readable (e.g., OSCAL - Open Security Controls Assessment Language) documents. OSCAL formats (XML, JSON, and YAML) provide machine-readable representations of control catalogs, control baselines, system security plans, and assessment plans and results.
CUBE helps you to select sets of controls tailored for specific types of missions/business functions, technologies, or environments of operation. It ensures that information technology products and the information systems with sufficient security and risk protection.
CUBE expresses Selected Controls in standardized formats (human readable Word, PDF, and Excel documents, and machine readable XML, JSON, and YAML). Controls represented in OSACL format facilitates RMF in the entire information system lifecycle (e.g., Implement Controls, Access Controls, and Monitor Controls).
