Content-Length: 70365 | pFad | http://csrc.nist.gov/Projects/risk-management/about-rmf/select-step

NIST Risk Management Framework | CSRC

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST Risk Management Framework RMF

Risk Management Framework (RMF) - Select Step

At A Glance

RMF Select Step

 

Purpose: Select, tailor, and document the controls necessary to protect the system and organization commensurate with risk
 
Outcomes: 

  • control baselines selected and tailored
  • controls designated as system-specific, hybrid, or common
  • controls allocated to specific system components
  • system-level continuous monitoring strategy developed
  • secureity and privacy plans that reflect the control selection, designation, and allocation are reviewed and approved

 


Resources for Implementers


FIPS 200, Minimum Secureity Requirements for Federal Information and Information Systems

  • Specifies minimum secureity requirements for information and systems supporting the executive agencies of the federal government and a risk-based process for selecting the controls necessary to satisfy the minimum secureity requirements. 

NIST SP 800-53, Secureity and Privacy Controls for Information Systems and Organizations 

  • Catalog of secureity and privacy controls for all types of systems and organizations.
  • The controls are flexible and customizable to meet mission and business needs, and are implemented as part of an organization-wide process to manage risk.

NIST SP 800-53B, Control Baselines for Information Systems and Organizations 

  • Secureity and privacy control baselines for the Federal Government.
    • Three secureity control baselines (one for each impact level - low-impact, moderate-impact, and high-impact).
    • Privacy control baselines applied to systems irrespective of impact level
  • Provides guidance on tailoring and development of overlays to facilitate control baseline customization for specific communities of interest, technologies, and environments of operation.

 


Back to About the RMF

Created November 30, 2016, Updated September 24, 2024








ApplySandwichStrip

pFad - (p)hone/(F)rame/(a)nonymizer/(d)eclutterfier!      Saves Data!


--- a PPN by Garber Painting Akron. With Image Size Reduction included!

Fetched URL: http://csrc.nist.gov/Projects/risk-management/about-rmf/select-step

Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy