FISMA Implementation Project FISMA

Applying the Risk Management Framework to Systems

Welcome to the course Applying the Risk Management Framework to Systems.

The purpose of this course is to provide people new to risk management with an overview of a methodology for managing organizational risk, the Risk Management Framework (RMF).

The RMF was developed by the National Institute for Standards and Technology (NIST) to help organizations manage risks to and from Information Technology (IT) systems more easily, efficiently and effectively.

This course describes at a high-level the importance of establishing an organization-wide risk management program, the information security legislation related to organizational risk management, the steps in the RMF, and the NIST publications related to each step.

On 12/20/2019, NIST rescinded NIST SP 800-37 Rev. 1, and this course is currently based on that rescinded publication.  NIST is currently updating this course to reflect the revised version of this publication, NIST SP 800-37 Rev. 2.  For a recorded overview of the updates to NIST SP 800-37, Rev. 2, please see: 


Course Duration: TWO Hours

Created November 30, 2016, Updated August 04, 2020