This bulletin summarizes information about the Risk Management Framework (RMF) and points to NIST standards and guidelines that assist agencies in achieving effective security for their information technology (IT) systems. The RMF guides agencies through a series of steps, taking into account the risks such as the magnitude of harm resulting from the unauthorized access, use, disclosure, disruption, modification, or destruction of information. The bulletin explains the risk management process that IT managers apply to balance the operational and economic costs of protective measures for their information and IT systems with the gains in capabilities and improved support of organizational mission that result from the use of efficient protection procedures. Information is provided about how to access the NIST standards and guidelines that pertain to the risk management process. References are given to web pages that can be accessed for more information about the process and the Risk Management Framework.
This bulletin summarizes information about the Risk Management Framework (RMF) and points to NIST standards and guidelines that assist agencies in achieving effective security for their information technology (IT) systems. The RMF guides agencies through a series of steps, taking into account the...
See full abstract
This bulletin summarizes information about the Risk Management Framework (RMF) and points to NIST standards and guidelines that assist agencies in achieving effective security for their information technology (IT) systems. The RMF guides agencies through a series of steps, taking into account the risks such as the magnitude of harm resulting from the unauthorized access, use, disclosure, disruption, modification, or destruction of information. The bulletin explains the risk management process that IT managers apply to balance the operational and economic costs of protective measures for their information and IT systems with the gains in capabilities and improved support of organizational mission that result from the use of efficient protection procedures. Information is provided about how to access the NIST standards and guidelines that pertain to the risk management process. References are given to web pages that can be accessed for more information about the process and the Risk Management Framework.
Hide full abstract
Keywords
Federal Information Processing Standards; information security; information system security; NIST Special Publications; risk management; Risk Management Framework; security authorization; security categorization; security certification; security controls;
