NIST Risk Management Framework Overview

NIST Risk Management Framework Overview

NIST Risk Management Framework Overview

? About the NIST Risk Management Framework (RMF) ? Supporting Publications ? The RMF Steps

Step 1: Categorize Step 2: Select Step 3: Implement Step 4: Assess Step 5: Authorize Step 6: Monitor

? Additional Resources and Contact Information

NIST Risk Management Framework | 2

NIST Special Publication 800-37, Guide for Applying the Risk Management Framework

? A holistic and comprehensive risk management process

? Integrates the Risk Management Framework (RMF) into the system development lifecycle (SDLC)

? Provides processes (tasks) for each of the six steps in the RMF at the system level

Categorize System

Monitor Controls

Select Controls

Authorize System

Implement Controls

Assess Controls

NIST Risk Management Framework | 3

Supporting Publications

Federal Information Processing Standards (FIPS)

? FIPS 199 ? Standards for Security Categorization ? FIPS 200 ? Minimum Security Requirements

Special Publications (SPs)

? SP 800-18 ? Guide for System Security Plan Development ? SP 800-30 ? Guide for Conducting Risk Assessments ? SP 800-34 ? Guide for Contingency Plan development ? SP 800-37 ? Guide for Applying the Risk Management Framework ? SP 800-39 ? Managing Information Security Risk ? SP 800-53/53A ? Security Controls Catalog and Assessment Procedures ? SP 800-60 ? Mapping Information Types to Security Categories ? SP 800-128 ? Security-focused Configuration Management ? SP 800-137 ? Information Security Continuous Monitoring ? Many others for operational and technical implementations

NIST Risk Management Framework | 4

NIST SP 800-39: Managing Information Security Risk ? Organization, Mission, and Information System View

? Multi-level risk management approach

? Implemented by the Risk Executive Function

? Enterprise Architecture and SDLC Focus

? Supports all steps in the RMF

Level 1 Organization

Strategic Focus

Level 2 Mission / Business Process

Tactical Focus

Level 3 System (Environment of Operation)

NIST Risk Management Framework | 5

Three Levels of Organization-Wide Risk Management

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download

To fulfill the demand for quickly locating and searching documents.

It is intelligent file search solution for home and business.

Literature Lottery

Related download
Related searches

©2024 5y1.org, Inc. All rights reserved.