Recently, NIST completed a fundamental transformation of the traditional certification and accreditation process into a comprehensive, near real-time, security life cycle process as part of a Risk Management Framework (RMF). The RMF, described in NIST Special Publication 800-37, provides a dynamic, six-step approach to managing cybersecurity risk. The strength of the RMF is based on the comprehensive nature of the framework which focuses as much attention on selecting the right security controls and effectively implementing those controls as it does on security assessment, authorization, and continuous monitoring. The strategy is simple. “Build It Right, Then Continuously Monitor.” The RMF, when used in conjunction with the three-tiered enterprise risk management approach described in NIST SP 800-39 (Tier 1-governance level, Tier 2-mission/business process level, and Tier 3-information system level) and the broad-based continuous monitoring guidance in NIST SP 800-137, provides a comprehensive process for developing, implementing, and monitoring a cybersecurity program capable of protecting core organizational missions and business functions from a range of threats, including cyber attacks.
Recently, NIST completed a fundamental transformation of the traditional certification and accreditation process into a comprehensive, near real-time, security life cycle process as part of a Risk Management Framework (RMF). The RMF, described in NIST Special Publication 800-37, provides a dynamic,...
See full abstract
Recently, NIST completed a fundamental transformation of the traditional certification and accreditation process into a comprehensive, near real-time, security life cycle process as part of a Risk Management Framework (RMF). The RMF, described in NIST Special Publication 800-37, provides a dynamic, six-step approach to managing cybersecurity risk. The strength of the RMF is based on the comprehensive nature of the framework which focuses as much attention on selecting the right security controls and effectively implementing those controls as it does on security assessment, authorization, and continuous monitoring. The strategy is simple. “Build It Right, Then Continuously Monitor.” The RMF, when used in conjunction with the three-tiered enterprise risk management approach described in NIST SP 800-39 (Tier 1-governance level, Tier 2-mission/business process level, and Tier 3-information system level) and the broad-based continuous monitoring guidance in NIST SP 800-137, provides a comprehensive process for developing, implementing, and monitoring a cybersecurity program capable of protecting core organizational missions and business functions from a range of threats, including cyber attacks.
Hide full abstract
Keywords
cybersecurity; continuous monitoring; Risk Management Framework; RMF
) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)
