Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST Risk Management Framework Team Did Some Spring Cleaning!

website redesign image

Check out our new and improved Risk Management Framework (RMF) website that better highlights the resources NIST developed to support implementers. In addition to the look, we have:

The goal of the new website was to create a more user-friendly experience, show the links between our many cybersecurity and privacy risk management resources, and most importantly, provide an easier way to visually highlight the many resources we have available for implementers. 

The RMF website redesign is just the start of more updates to come. As mentioned in Kevin’s blog, the team is working on some exciting new guidance to include:

  • Draft Special Publication (SP) 800-53A Revision 5, Assessing Security and Privacy Controls in Federal Information Systems Revision 4 and Organizations — Building Effective Assessment Plans: Updating the assessment procedures to correspond to the SP 800-53, Revision 5 controls and add in privacy-related assessment objects.
  • SP 800-47Managing the Security of Information Exchanges: An update and refresh to Security Guide for Interconnecting Information Technology Systems.
  • NISTIR 8212, ISCMA: An Information Security Continuous Monitoring Program Assessment: An operational approach to assess an information security continuous monitoring (ISCM) program and corresponding tool for conducting a ISCM Program Assessments.

We are excited to share additional resources – both publications mentioned above and new tools – for the cybersecurity and privacy community in 2021.  As Ron Ross would say, let’s simply, automate, and innovate.  Stay tuned for more exciting things to come!

We also welcome feedback on the new website, as well as, requests or questions from implementers regarding specific RMF information.  Please send all inquiries to sec-cert [at] (sec-cert[at]nist[dot]gov).

A special note of thanks to the NIST OSCAL team, NVD team, the CSRC web team, and the ITL Communications Office for their support of the redesign, development of alternative control formats, and outreach!

About the author

Victoria Yan Pillitteri

Victoria Yan Pillitteri is a supervisory computer scientist at the National Institute of Standards and Technology. She leads the Federal Information Security Modernization Act (FISMA) Team that develops the suite of risk management guidance used for managing information security risk in the federal government. Outside of work, she enjoys teaching group exercise classes, baking, and traveling.


Add new comment

Enter the characters shown in the image.
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.
Please be respectful when posting comments. We will post all comments without editing as long as they are appropriate for a public, family friendly website, are on topic and do not contain profanity, personal attacks, misleading or false information/accusations or promote specific commercial products, services or organizations. Comments that violate our comment policy or include links to non-government organizations/web pages will not be posted.