Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

Risk Management

Risk Management Framework (RMF) - Prepare (SP 800-37, Rev. 2 IPD)

The Prepare step is new in the Initial Public Draft of SP 800-37, Revision 2.  

The purpose of the Prepare step is to carry out essential activities at the organization, mission and business process, and information system levels of the enterprise to help prepare the organization to manage its security and privacy risks using the Risk Management Framework.

All links below point to PDF files for Prepare (SP 800-37, Rev. 2 IPD)

Frequently Asked Questions (FAQs)

Roles & Responsibilities

Back to RMF 6 Step Chart 

Created November 30, 2016, Updated November 20, 2018