NIST Risk Management Framework Overview
NIST Risk Management Framework Overview
NIST Risk Management Framework Overview
? About the NIST Risk Management Framework (RMF) ? Supporting Publications ? The RMF Steps
Step 1: Categorize Step 2: Select Step 3: Implement Step 4: Assess Step 5: Authorize Step 6: Monitor
? Additional Resources and Contact Information
NIST Risk Management Framework | 2
NIST Special Publication 800-37, Guide for Applying the Risk Management Framework
? A holistic and comprehensive risk management process
? Integrates the Risk Management Framework (RMF) into the system development lifecycle (SDLC)
? Provides processes (tasks) for each of the six steps in the RMF at the system level
Categorize System
Monitor Controls
Select Controls
Authorize System
Implement Controls
Assess Controls
NIST Risk Management Framework | 3
Supporting Publications
Federal Information Processing Standards (FIPS)
? FIPS 199 ? Standards for Security Categorization ? FIPS 200 ? Minimum Security Requirements
Special Publications (SPs)
? SP 800-18 ? Guide for System Security Plan Development ? SP 800-30 ? Guide for Conducting Risk Assessments ? SP 800-34 ? Guide for Contingency Plan development ? SP 800-37 ? Guide for Applying the Risk Management Framework ? SP 800-39 ? Managing Information Security Risk ? SP 800-53/53A ? Security Controls Catalog and Assessment Procedures ? SP 800-60 ? Mapping Information Types to Security Categories ? SP 800-128 ? Security-focused Configuration Management ? SP 800-137 ? Information Security Continuous Monitoring ? Many others for operational and technical implementations
NIST Risk Management Framework | 4
NIST SP 800-39: Managing Information Security Risk ? Organization, Mission, and Information System View
? Multi-level risk management approach
? Implemented by the Risk Executive Function
? Enterprise Architecture and SDLC Focus
? Supports all steps in the RMF
Level 1 Organization
Strategic Focus
Level 2 Mission / Business Process
Tactical Focus
Level 3 System (Environment of Operation)
NIST Risk Management Framework | 5
Three Levels of Organization-Wide Risk Management
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related download
- guide to nist information security documents
- nist sp 800 37 risk management framework
- and organizations a system life cycle approach for nist
- risk management framework for information
- cyber securing facility related control systems
- nist publications usalearning
- security categorization and control selection for national
- cyber supply chain risk management in nist publications
- continuous certification and accreditation c a
- nist risk management framework overview
Related searches
- nist risk management guide
- nist risk management framework pdf
- nist risk management process
- nist risk management framework 2019
- enterprise risk management framework coso
- enterprise risk management framework template
- enterprise risk management framework examples
- risk management framework template
- enterprise risk management framework models
- enterprise risk management framework pdf
- enterprise risk management framework ppt
- coso risk management framework pdf