Knowledge ID: K0048
Knowledge Description: Knowledge of Risk Management Framework (RMF) requirements.
Work Roles with this Knowledge:
- Work Role ID: OV-MGT-001Work Roles: Information Systems Security ManagerWork Role Description: Responsible for the cybersecurity of a program, organization, system, or enclave.Specialty Area(s): Cybersecurity Management
- Work Role ID: OV-PMA-001Work Roles: Program ManagerWork Role Description: Leads, coordinates, communicates, integrates, and is accountable for the overall success of the program, ensuring alignment with agency or enterprise priorities.
- Work Role ID: OV-PMA-002Work Roles: IT Project ManagerWork Role Description: Directly manages information technology projects.
- Work Role ID: OV-PMA-003Work Roles: Product Support ManagerWork Role Description: Manages the package of support functions required to field and maintain the readiness and operational capability of systems and components.
- Work Role ID: OV-PMA-004Work Roles: IT Investment/Portfolio ManagerWork Role Description: Manages a portfolio of IT investments that align with the overall needs of mission and enterprise priorities.
- Work Role ID: OV-PMA-005Work Roles: IT Program AuditorWork Role Description: Conducts evaluations of an IT program or its individual components to determine compliance with published standards.
- Work Role ID: SP-RSK-001Work Roles: Authorizing Official/Designating RepresentativeWork Role Description: Senior official or executive with the authority to formally assume responsibility for operating an information system at an acceptable level of risk to organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, and the Nation (CNSSI 4009).Category: Securely ProvisionSpecialty Area(s): Risk Management
- Work Role ID: SP-RSK-002Work Roles: Security Control AssessorWork Role Description: Conducts independent comprehensive assessments of the management, operational, and technical security controls and control enhancements employed within or inherited by an information technology (IT) system to determine the overall effectiveness of the controls (as defined in NIST SP 800-37).Category: Securely ProvisionSpecialty Area(s): Risk Management