U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.


We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

This is an archive
(replace .gov by .rip)

NIST Risk Management Framework RMF

Risk Management Framework (RMF) - Implement Step

At A Glance

RMF Implement Step




Purpose: Implement the controls in the security and privacy plans for the system and organization

  • controls specified in security and privacy plans implemented
  • security and privacy plans updated to reflect controls as implemented



Resources for Implementers

NIST SP 800-34, Contingency Planning Guide for Federal Information Systems

  • Discusses essential contingency plan elements and processes, highlights specific considerations and concerns associated with contingency planning for
    various types of systems.
  • Provides examples to assist readers in developing their own system contingency plans.

NIST SP 800-61, Computer Security Incident Handling Guide

  • Assists organization in mitigating the risks from computer security incidents by
    providing practical guidelines on responding to incidents effectively and efficiently.
  • Guidelines on establishing an effective incident response program, and detecting, analyzing, prioritizing, and handling incidents. 

NIST SP 800-128, Guide for Security-Focused Configuration Management of Information Systems

  • Guidance focused on implementation of the system security aspects of configuration management, and as such the term security-focused configuration management (SecCM) is used to emphasize the concentration on information security.
  • Details the process of applying SecCM practices to systems is described; the goal of SecCM activities is to manage and monitor the configurations of systems to achieve adequate security and minimize organizational risk while supporting the desired business functionality and services.

Many additional NIST publications, available on the CSRC.


Back to About the RMF

Created November 30, 2016, Updated November 01, 2021