Body, Assess, Reply, and Monitor (FARM) in Third-Celebration Danger Administration – Bredemarket

piastaz@icloud.com April 16, 2025 0
farm-tprm-gemini_generated_image_iyvzb9iyvzb9iyvz.jpeg


I simply listened to a third-party danger administration (TPRM) Mitratech webinar about NIST cybersecurity frameworks, hosted by OCEG, which talked a couple of farm.

No, they’re not planting corn at NIST’s Gaithersburg headquarters.

(No less than I don’t assume so. I haven’t been there since early 2009, again when Motorola and Safran folks couldn’t discuss in regards to the potential acquisition. We did anyway. However I digress.)

Again to TPRM. In Mitratech’s case, FARM stands for “body, assess, reply, and monitor.”

Right here’s how Mitratech launched the subject in a 2022 publish:

NIST SP 800-53 is taken into account the inspiration upon which all different cybersecurity controls are constructed. With SP 800-161 Rev. 1, NIST outlines a complementary framework to border, assess, reply to, and monitor cybersecurity provide chain dangers. Collectively, SP 800-53 and supplemental SP 800-161 management steering current a complete framework for assessing and mitigating provider dangers.

For those who go to the most recent (as of 2024) replace to SP 800-161, you’ll find NIST’s clarification of the FARM in Appendix G. The three referenced ranges within the quote beneath are the enterprise, mission, and operations ranges.

The primary strategy is named FARM and consists of 4 steps: Body, Assess, Reply, and Monitor. FARM is primarily used at Stage 1 and Stage 2 to determine the enterprise’s danger context and inherent publicity to danger. Then, the danger context from Stage 1 and Stage 2 iteratively informs the actions carried out as a part of the second strategy described in The Danger Administration Framework (RMF). The RMF predominantly operates at Stage 3 [SP80037], – the operational stage – and consists of seven course of steps: Put together, Categorize, Choose, Implement, Assess, Authorize, and Monitor.

Briefly:

  • Body establishes the context.
  • Assess is the danger evaluation itself.
  • Reply is the place the assessors talk the outcomes of the evaluation and suggest mitigations and controls.
  • Monitor is compliance verification and steady monitoring.

Part G.2 of the doc contains a lot, way more detailed definitions of the FARM components, must you have an interest. I’d present these particulars myself, however then I concern I’d should say to you, “Sorry if I’ve stayed too lengthy.”

More Stories

img_3903-1.jpg

When the Board Will get Concerned – Bredemarket

piastaz@icloud.com June 7, 2025 0
One-Pot-Creamy-Tomato-Pasta-LR-15.jpg

One-Pot Creamy Tomato Pasta – Merely Stacie

piastaz@icloud.com June 7, 2025 0
AWICSummit760.jpeg

Ladies drive change at AWIC Summit

piastaz@icloud.com June 7, 2025 0

Leave a Reply

Your email address will not be published. Required fields are marked *

You may have missed

img_3903-1.jpg

When the Board Will get Concerned – Bredemarket

piastaz@icloud.com June 7, 2025 0
One-Pot-Creamy-Tomato-Pasta-LR-15.jpg

One-Pot Creamy Tomato Pasta – Merely Stacie

piastaz@icloud.com June 7, 2025 0
Untitled20design2048.png

Do not Regretti. Eat Some Confetti.

piastaz@icloud.com June 7, 2025 0
AWICSummit760.jpeg

Ladies drive change at AWIC Summit

piastaz@icloud.com June 7, 2025 0
liveviewtechnologies.png

LiveView Applied sciences and Agentic AI-powered Contextual Detection and Behavioral Deterrence – Bredemarket

piastaz@icloud.com June 6, 2025 0