U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.


Secure websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to our website. Please do not share sensitive information with us.

This is an archive
(replace .gov by .rip)

ITL Bulletin

The Next Generation Risk Management Framework (RMF 2.0): A Holistic Methodology to Manage Information Security, Privacy and Supply Chain Risk

Date Published: February 2019


Victoria Pillitteri (NIST)



authorization to operate; authorization to use; authorizing official; continuous monitoring; information security; ongoing authorization; plan of action and milestones; privacy; privacy plan; privacy risk; risk assessment; risk executive function; risk management; risk management framework; security; security assessment report; security engineering; security plan; security risk; supply chain risk management; system development life cycle
Control Families

Configuration Management; Assessment, Authorization and Monitoring; Risk Assessment; Planning; Program Management


February 2019 ITL Bulletin

Supplemental Material:
None available

Related NIST Publications:
SP 800-37 Rev. 2

Document History:
02/28/19: ITL Bulletin (Final)