Analysis: NIST Risk Management Framework 800-53A Assessment Objectives

The bar chart below provides assessment Objective (800-53A) counts by control family.

Summary baseline counts:

  • LOW = 1,374 assessment objectives
  • MODERATE - 1,890 assessment objectives
  • HIGH = 2,165 assessment objectives
Recommendation: Focus on the Assessment Objectives to ensure the Security Controls are comprehensively implemented. The Assessment Objectives are the most granular pieces of the framework.

NIST Risk Management Framework (RMF) tasks relevant for Assessment Objective level focus:
  • Step 2 - Select
    • Task S-2: Control Tailoring
    • Task S-3: Control Allocation
    • Task S-4 Documentation of Planned Control Implementations
    • Task S-5: Continuous Monitoring Plan
  • Step 3 - Implement
    • Task I-2: Update Control Implementation Information
  • Step 4 - Assess
    • Task A-2: Assessment Plan
    • Task A-3: Control Assessment
    • Task A-4: Assessment Reports
    • Task A-5: Remediation Plans
    • Task A-6: Plan of Action and Milestones
  • Step 6 - Monitor
    • Task M-2: Ongoing Assessments
    • Task M-4: Authorization Package Updates
Link to the corresponding table chart - here.