Risk management framework

The Risk Management Framework (NIST Special Publication 800-37).

NIST Special Publication 800-37, "Guide for Applying the Risk Management Framework to Federal Information Systems", developed by the Joint Task Force Transformation Initiative Working Group, transforms the traditional Certification and Accreditation (C&A) process into the six-step Risk Management Framework (RMF).

The Risk Management Framework (RMF), illustrated at right, provides a disciplined and structured process that integrates information security and risk management activities into the system development life cycle.[1]

The RMF steps include:

References

  1. Guide for Applying the Risk Management Framework to Federal Information Systems

External links

This article is issued from Wikipedia - version of the Thursday, March 03, 2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.