The Risk Management Framework (RMF) provides a structured, yet flexible approach for managing the portion of risk resulting from the incorporation of systems into the mission and business processes of the organization.
The Quick Start Guides build on the NIST standards and guidance, consolidate information from various NIST publications, and provide sample ways to implement the standards and guidelines.
The figure below can be used to link to the relevant FIPS, SPs, and additional resources for the RMF steps.
The links below point to supporting materials for each RMF Step including Frequently Asked Questions, Roles and Responsibilities Charts, Tips and Techniques (Organization and System), and Perspectives (Management, Organization, and System).
The Quick Start Guides provide implementation guidance and examples on how to plan for, conduct, and document the results. While the guides provide examples and sample documentation, they are not mandatory nor do they prescribe required formats. Additional templates are available from other sources.
Security and Privacy: risk management
Laws and Regulations: E-Government Act, Federal Information Security Modernization Act
