The NIST Risk Management Framework (RMF) provides a comprehensive, flexible, repeatable, and measurable 7-step process that any organization can use to manage information security and privacy risk for organizations and systems and links to a suite of NIST standards and guidelines to support implementation of risk management programs to meet the requirements of the Federal Information Security Modernization Act (FISMA).
1. PREPARE: Essential activities to prepare the organization to manage security and privacy risks
2. CATEGORIZE: Categorize the system and information processed, stored, and transmitted based on an impact analysis
3. SELECT: Select the set of NIST SP 800-53 controls to protect the system based on risk assessment(s)
4. IMPLEMENT: the controls and document how controls are deployed
5. ASSESS: to determine if the controls are in place, operating as intended, and producing the desired results
6. AUTHORIZE: Senior official makes a risk-based decision to authorize the system (to operate)
7. MONITOR: Continuously monitor control implementation and risks to the system
Copyright © 2021 Ram Tech - All Rights Reserved.
We use cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.