U.S. flag   An official website of the United States government

NIST Risk Management Framework RMF

Project Overview

The NIST Risk Management Framework (RMF) provides a comprehensive, flexible, repeatable, and measurable 7-step process that any organization can use to manage information security and privacy risk for organizations and systems and links to a suite of NIST standards and guidelines to support implementation of risk management programs to meet the requirements of the Federal Information Security Modernization Act (FISMA).  


This site provides an overview, explains each RMF step, and offers resources to support implementation, such as updated Quick Start Guides. 


RMF wheel

Prepare Essential activities to prepare the organization to manage security and privacy risks 
Categorize Categorize the system and information processed, stored, and transmitted based on an impact analysis
Select Select the set of NIST SP 800-53 controls to protect the system based on risk assessment(s)
Implement Implement the controls and document how controls are deployed
Assess Assess to determine if the controls are in place, operating as intended, and producing the desired results
Authorize Senior official makes a risk-based decision to authorize the system (to operate)
Monitor Continuously monitor control implementation and risks to the system

 

Created November 30, 2016, Updated May 03, 2021