Physics homework help
ScenarioYou have just been hired as the security manager of Medical Credentials Company (MCC), reporting to the Chief Information Officer (CIO). MCC is a kind of clearinghouse for doctors, hospitals, and group practices. It stores and distributes information on its clients, including sensitive information on previous malpractice lawsuits or disciplinary action. MCC is converting from an in-house database to a distributed database, which can be queried by telecommuting employees and clients. This change requires a high level of security. It is your responsibility to provide your engineers with the security requirements and at the same time convince senior management that the system being developed is robust and secure enough to protect this sensitive information. After careful examination of the database requirements and security requirements, you decide that compliance with the current accreditation/authorization process (NIST 800-37 RMF) would sufficiently protect the database from intrusion and tampering.Project BackgroundThe CIO is concerned with the number of security controls that they will have to implement for the database. She wants to know if all of the controls have to be implemented all at one time or if a phased approach can be used. Luckily, you know about the priority codes assigned to each control, which are explained in the NIST 800-53 Rev 4, Appendix G. Explain this process along with the Plan of Actions and Milestones (POA&M) process to the CIO. Dont forget to illustrate how this relates to the Continuous Monitoring (Step 6: Monitor) Phase of RMF.The project deliverables for week 4 are as follows:Week 4: The Common Criteria System (600-700 WORDS)The NIST 800-37 RMFCommon Criteria RationaleExplain the priority codes assigned to security controlsExplain the POA&M process and how it relates to Continuous MonitoringC-2 Orange Book Protection Profile· REFERENCE