Information Security

Link to the article: https://rmf.org/what-is-rmf/

This article provides and identifies Risk Management Framework (RMF) published by the National Institute of Standards and Technology (NIST). In addition to this, it provides various frameworks relating to information security and a few frameworks from CNSS (The Committee on National Security Systems), which are specific requirements and specifications for RMF for federal information systems.

Several RMF frameworks are identified in this article. One of the RMF frameworks that is identified in this article is NIST Special Publication (SP) 800–37 (Rev. 1), which provides guidance on RMF for federal information system. Other frameworks are including: NIST SP 800–53 (security controls), NIST SP 800–53A (security control assessment), NIST SP 800–137 (security control monitoring). Although the article does not go in detail on each of these frameworks, they do however provide links to these resources.

By applying these RMF frameworks, it helps organization staying in compliance with laws and regulation such as FISMA, which is a federal law on information security management. Using the RMF frameworks as guidance, it should improve overall information security for organizations by using best practices and standards. Particularly, the six-step life cycle process provided in this article is applicable to business’s strategy in identifying and managing organizational control: “

1. Categorization of information systems
2. Selection of security controls
3. Implementation of security controls
4. Assessment of security controls
5. Authorization of information systems
6. Monitoring of security controls”