FISMA & NIST RMF

Josef Kamara, CPA, CISSP, CISA · Updated May 2, 2026 · 1 minute read

Assess Step (RMF Step 4)

The fourth step of the Risk Management Framework, in which an independent assessor tests each implemented control against the assessment procedures in NIST SP 800-53A and produces a Security Assessment Report. The SAR documents which controls are satisfied, which are partially satisfied, and which are not, and is the primary evidentiary basis for the authorization decision in Step 5.

The Authority Brief

One compliance analysis per week from Josef Kamara, CPA, CISSP, CISA. Federal and private compliance, written for practitioners.