Sunday, 5 June 2022

NIST/RMF - Cyber risk control

Overview: NIST National Institute of Standards and Technology - Provides Risk Management Framework (RMF) - Is a framework to reduces security risk to systems and data.

Goals of NIST RMF:
  • Consistent and cost effective set of security controls
  • Repeatable assessment approach
  • Technology neutral
  • Implement an efficient risk-based security and privacy program.


  • Each of these six steps have Special Publications (SP) that are applicable to the area.
  • The core document to for RMF is NIST SP 800-37 Revision 2. 
  • Used to identify security/pricacy risks at both the operation and system level 


Post a Comment