Recent Updates:
The NIST Risk Management Framework (RMF) provides a comprehensive, flexible, repeatable, and measurable 7-step process that any organization can use to manage information security and privacy risk for organizations and systems and links to a suite of NIST standards and guidelines to support implementation of risk management programs to meet the requirements of the Federal Information Security Modernization Act (FISMA).
This site provides an overview, explains each RMF step, and offers resources to support implementation, such as updated Quick Start Guides, and the RMF Publication.
Prepare | Essential activities to prepare the organization to manage security and privacy risks |
Categorize | Categorize the system and information processed, stored, and transmitted based on an impact analysis |
Select | Select the set of NIST SP 800-53 controls to protect the system based on risk assessment(s) |
Implement | Implement the controls and document how controls are deployed |
Assess | Assess to determine if the controls are in place, operating as intended, and producing the desired results |
Authorize | Senior official makes a risk-based decision to authorize the system (to operate) |
Monitor | Continuously monitor control implementation and risks to the system |
Security and Privacy: general security & privacy, privacy, risk management, security measurement, security programs & operations
Laws and Regulations: E-Government Act, Federal Information Security Modernization Act