Risk Management Framework, mirrors of support documents and tools.
The Risk Management Framework (RMF) is the “common information security framework” for the federal government and its contractors. The stated goals of RMF are:
- To improve information security
- To strengthen risk management processes
- To encourage reciprocity among federal agencies
Document list:
-
NIST Special Publication 800-37, "Guide for Applying the Risk Management Framework to Federal Information Systems" was developed by the Joint Task Force Transformation Initiative Working Group. It aims to transform the traditional Certification and Accreditation (C&A) process into the six-step Risk management framework (RMF). http://en.wikipedia.org/wiki/NIST_Special_Publication_800-37
-
[NIST Special Publication 800-53] (NIST/SCTM/NIST.SP.800-53r4.pdf), "Recommended Security Controls for Federal Information Systems and Organizations," catalogs security controls for all U.S. federal information systems except those related to national security. It is published by the National Institute of Standards and Technology, which is a non-regulatory agency of the United States Department of Commerce. NIST develops and issues standards, guidelines, and other publications to assist federal agencies in implementing the Federal Information Security Management Act of 2002 (FISMA) and to help with managing cost effective programs to protect their information and information systems. http://en.wikipedia.org/wiki/NIST_Special_Publication_800-53