NIST Risk Management Framework Overview
嚜燒IST Risk Management
Framework Overview
NIST Risk Management Framework Overview
? About the NIST Risk Management Framework (RMF)
? Supporting Publications
? The RMF Steps
Step 1: Categorize
Step 2: Select
Step 3: Implement
Step 4: Assess
Step 5: Authorize
Step 6: Monitor
? Additional Resources and Contact Information
NIST Risk Management Framework | 2
NIST Special Publication 800-37, Guide for Applying
the Risk Management Framework
? A holistic and
comprehensive risk
management process
? Integrates the Risk
Management
Framework (RMF) into
the system
development lifecycle
(SDLC)
? Provides processes
(tasks) for each of the
six steps in the RMF at
the system level
NIST Risk Management Framework | 3
Categorize
System
Monitor
Controls
Select
Controls
Authorize
System
Implement
Controls
Assess
Controls
Supporting Publications
Federal Information Processing Standards (FIPS)
? FIPS 199 每 Standards for Security Categorization
? FIPS 200 每 Minimum Security Requirements
Special Publications (SPs)
?
?
?
?
?
?
?
?
?
?
SP 800-18 每 Guide for System Security Plan Development
SP 800-30 每 Guide for Conducting Risk Assessments
SP 800-34 每 Guide for Contingency Plan development
SP 800-37 每 Guide for Applying the Risk Management Framework
SP 800-39 每 Managing Information Security Risk
SP 800-53/53A 每 Security Controls Catalog and Assessment Procedures
SP 800-60 每 Mapping Information Types to Security Categories
SP 800-128 每 Security-focused Configuration Management
SP 800-137 每 Information Security Continuous Monitoring
Many others for operational and technical implementations
NIST Risk Management Framework | 4
NIST SP 800-39: Managing Information Security Risk 每
Organization, Mission, and Information System View
? Multi-level risk
management approach
? Implemented by the
Risk Executive Function
? Enterprise Architecture
and SDLC Focus
? Supports all steps in the
RMF
Strategic
Focus
Level 1
Organization
Level 2
Mission / Business Process
Tactical
Focus
Level 3
System (Environment of Operation)
Three Levels of Organization-Wide
Risk Management
NIST Risk Management Framework | 5
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related download
- it security procedural guide contingency planning cp
- term nist definition definition source
- publication number nist special publication sp 800 53
- standard operating procedure nasa
- nist cloud computing security reference architecture
- business continuity and disaster recovery
- nist sp 800 34 revision 1 contingency planning guide
- information technology security management plan
- contingency planning guide for federal information nist
- nist special publication 800 63 3 implementation resources
Related searches
- nist risk management guide
- nist risk management framework pdf
- nist risk management process
- nist risk management framework 2019
- enterprise risk management framework coso
- enterprise risk management framework template
- enterprise risk management framework examples
- risk management framework template
- enterprise risk management framework models
- enterprise risk management framework pdf
- enterprise risk management framework ppt
- coso risk management framework pdf