This publication contains comprehensive updates to the Risk Management Framework. The updates include an alignment with the constructs in the NIST Cybersecurity Framework; the integration of privacy risk management processes; an alignment with system life cycle security engineering processes; and the incorporation of supply chain risk management processes. Organizations can use the frameworks and processes in a complementary manner within the RMF to effectively manage security and privacy risks to organizational operations and assets, individuals, other organizations, and the Nation. Revision 2 includes a set of organization-wide RMF tasks that are designed to prepare information system owners to conduct system-level risk management activities. The intent is to increase the effectiveness, efficiency, and cost-effectiveness of the RMF by establishing a closer connection to the organization’s missions and business functions and improving the communications among senior leaders, managers, and operational personnel.
Visit ResourceRelated Resources
Related Events
Tue, January 19, 10:00 am
Invitational Cybersecurity Workforce Working Group — Linking Supply & Demand
Fri, January 22, 8:30 am
Financial Services Cybersecurity Roundtable: Protecting Yourself and Your Business Against the Latest Cyber Threats with Mark Rhodes-Ousley
Tue, January 26, 4:00 pm
Technology & Security Management Happy Hour: SolarWinds with Chris Taylor, ME-ISAC