U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.


We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

This is an archive
(replace .gov by .rip)

ITL Bulletin

The Next Generation Risk Management Framework (RMF 2.0): A Holistic Methodology to Manage Information Security, Privacy and Supply Chain Risk

Date Published: February 2019


Victoria Pillitteri (NIST)



authorization to operate; authorization to use; authorizing official; continuous monitoring; information security; ongoing authorization; plan of action and milestones; privacy; privacy plan; privacy risk; risk assessment; risk executive function; risk management; risk management framework; security; security assessment report; security engineering; security plan; security risk; supply chain risk management; system development life cycle
Control Families

Configuration Management; Assessment, Authorization and Monitoring; Risk Assessment; Planning; Program Management


February 2019 ITL Bulletin

Supplemental Material:
None available

Related NIST Publications:
SP 800-37 Rev. 2

Document History:
02/28/19: ITL Bulletin (Final)