The Next Generation Risk Management Framework (RMF 2.0): A Holistic Methodology to Manage Information Security, Privacy and Supply Chain Risk

Pillitteri, Victoria

ITL Bulletin

The Next Generation Risk Management Framework (RMF 2.0): A Holistic Methodology to Manage Information Security, Privacy and Supply Chain Risk

Documentation Topics

Date Published: February 2019

Editor(s)

Victoria Pillitteri (NIST)

Abstract

This bulletin summarizes the information found in NIST SP 800-37, Revision 2: Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy which provides guidelines for applying the RMF to information systems and organizations.

Keywords

authorization to operate; authorization to use; authorizing official; continuous monitoring; information security; ongoing authorization; plan of action and milestones; privacy; privacy plan; privacy risk; risk assessment; risk executive function; risk management; risk management framework; security; security assessment report; security engineering; security plan; security risk; supply chain risk management; system development life cycle

Control Families

Assessment, Authorization and Monitoring; Configuration Management; Planning; Program Management; Risk Assessment

Documentation

Publication:
February 2019 ITL Bulletin (pdf)

Supplemental Material:
None available

Related NIST Publications:
SP 800-37 Rev. 2

Document History:
02/28/19: ITL Bulletin (Final)

Topics

Security and Privacy

audit & accountability, continuous monitoring, controls, planning, risk assessment

Applications

cybersecurity framework

Laws and Regulations

Executive Order 13800, Homeland Security Presidential Directive 7, OMB Circular A-130