Purpose: Carry out essential activities to help prepare all levels of the organization to manage its security and privacy risks using the RMF
Outcomes:
NIST SP 800-39, Managing Information Security Risk: Organization, Mission, and Information System View
NIST SP 800-30, Guide for Conducting Risk Assessments
NIST SP 800-18, Guide for Developing Security Plans for Federal Information Systems
NIST SP 800-160, Volume 1, Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems
NISTIR 8062, An Introduction to Privacy Engineering and Risk Management in Federal Systems
Security and Privacy: general security & privacy, privacy, risk management, security measurement, security programs & operations
Laws and Regulations: E-Government Act, Federal Information Security Modernization Act