Overview: NIST National Institute of Standards and Technology - Provides Risk Management Framework (RMF) - Is a framework to reduces security risk to systems and data.
- Consistent and cost effective set of security controls
- Repeatable assessment approach
- Technology neutral
- Implement an efficient risk-based security and privacy program.
Notes:
- Each of these six steps have Special Publications (SP) that are applicable to the area.
- The core document to for RMF is NIST SP 800-37 Revision 2.
- Used to identify security/pricacy risks at both the operation and system level
