Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

Risk Management

Risk Management Framework (RMF) - Prepare

The Prepare Step is new in the NIST SP 800-37, Rev. 2.  

The purpose of the Prepare Step is to carry out essential activities at the organization, mission and business process, and information system levels of the enterprise to help prepare the organization to manage its security and privacy risks using the Risk Management Framework.

All links below point to PDF files for the Prepare Step 

Frequently Asked Questions (FAQs)

Roles and Responsibilities

Back to RMF Chart 

Created November 30, 2016, Updated April 05, 2019