U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST Risk Management Framework RMF

Risk Management Framework (RMF) - Implement Step

At A Glance

RMF Implement Step

 

 

 

Purpose: Implement the controls in the security and privacy plans for the system and organization
 
Outcomes: 

  • controls specified in security and privacy plans implemented
  • security and privacy plans updated to reflect controls as implemented

 

 


Resources for Implementers


NIST SP 800-34, Contingency Planning Guide for Federal Information Systems

  • Discusses essential contingency plan elements and processes, highlights specific considerations and concerns associated with contingency planning for
    various types of systems.
  • Provides examples to assist readers in developing their own system contingency plans.

NIST SP 800-61, Computer Security Incident Handling Guide

  • Assists organization in mitigating the risks from computer security incidents by
    providing practical guidelines on responding to incidents effectively and efficiently.
  • Guidelines on establishing an effective incident response program, and detecting, analyzing, prioritizing, and handling incidents. 

NIST SP 800-128, Guide for Security-Focused Configuration Management of Information Systems

  • Guidance focused on implementation of the system security aspects of configuration management, and as such the term security-focused configuration management (SecCM) is used to emphasize the concentration on information security.
  • Details the process of applying SecCM practices to systems is described; the goal of SecCM activities is to manage and monitor the configurations of systems to achieve adequate security and minimize organizational risk while supporting the desired business functionality and services.

Many additional NIST publications, available on the CSRC.

 


Back to About the RMF

Created November 30, 2016, Updated October 19, 2021