Risk management framework

The Risk Management Framework is a United States federal government policy and standards to help secure information systems (computers and networks) developed by National Institute of Standards and Technology. The Risk Management Framework is a United States federal government policy and standards to help secure information systems (computers and networks) developed by National Institute of Standards and Technology. The two main publications that cover the details of RMF are NIST Special Publication 800-37, 'Guide for Applying the Risk Management Framework to Federal Information Systems', and NIST Special Publication 800-53, 'Security and Privacy Controls for Federal Information Systems and Organizations'. NIST Special Publication 800-37, 'Guide for Applying the Risk Management Framework to Federal Information Systems', developed by the Joint Task Force Transformation Initiative Working Group, transforms the traditional Certification and Accreditation (C&A) process into the six-step Risk Management Framework (RMF). The Risk Management Framework (RMF), illustrated at right, provides a disciplined and structured process that integrates information security and risk management activities into the system development life cycle.