RMF (Risk Management Framework) Rubik's CUBE
CUBE implements a web-based workflow to select the RMF security and privacy controls for federal information systems and organizations. It helps organization to craft Security Controls for a system to meet operations as well as the constraints due to applicable laws, directives, Executive Orders, policies, standards, or regulations.
CUBE: A Select-Control workflow from RMF Questionnaires to Security Controls
What is CUBE?
CUBE is a web-based tool for an organization to conveniently customize the RMF Security Controls for government and enterprise information systems (e.g., cloud). Control Selection follows the FISMA metrics, SP 800-53 controls, FedRAMP standard, and/or NIST CSF baselines.
Why use CUBE?
CUBE offers 4C-value for control selection: COMPLIANCE with security and privacy risk Standards, CONFIDENCE with security and privacy risk protection, CONVENIENCE with organization-wide RMF Controls Selection and Implementation, and COST-SAVING with a balance of cost and risk.
Who use CUBE?
Organizations involving with Federal Information Systems, Enterprise Information Systems, Risk Management Framework, Federal Government and Critical Infrastructure, Information Audit & Accountability, Contingency Planning, Federal Information Security, Risk Assessment, Information Vulnerability Management, Clouds, Security Requirements, FIPS Publication 199, FIPS Publication 200, FISMA, Privacy Act, Office of Management and Budget, Securing Agency Information Systems.