The Risk Management Framework (RMF) is the process that must be followed to secure, authorize and manage federal information systems. The RMF uses a risk-based approach to selecting security controls. NIST SP 800-37 defines the RMF as a 6-step process to assess and authorize information systems. The RMF uses the following documents:
- NIST SP 800-37 (Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy)
- NIST SP 800-30 (Guide for Conducting Risk Assessments)
- NIST SP 800-53 ( Security and Privacy Controls for Federal Information Systems and Organizations)
- NIST SP 800-53A (Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans)
- NIST SP 800-137 (Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations)
Remedia Security has worked with numerous federal agencies to conduct RMF compliance, continuous monitoring, and reporting activities.
Contact us to learn more about our RMF services.