The NIST Risk Management Framework (RMF) provides a disciplined, structured, and flexible process for managing security and privacy risk that includes information security categorization; control selection, implementation and assessment; system and common control authorizations; and continuous monitoring. Executing the RMF tasks provides senior leaders and executives with the necessary information to make efficient, cost-effective, risk management decisions about the systems supporting their missions and business functions. In addition, it establishes responsibility and accountability for the controls implemented within an organization’s systems and inherited by those systems.
In this presentation, we will discuss:
- Fundamental RMF concepts that support the risk management program implementation
- RMF steps and tasks that link essential risk management processes at the system level to risk management processes at the organization level