Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Cybersecurity Insights
a NIST blog
Check out our new and improved Risk Management Framework (RMF) website that better highlights the resources NIST developed to support implementers. In addition to the look, we have:
- updated the layout of the site to focus on the RMF steps,
- identified specific resources and tools available for each RMF step,
- included supporting NIST publications for each RMF step,
- updated the RMF logo, and
- Featured resources specific to the NIST Security and Privacy Controls in Special Publication (SP) 800-53, such as:
- a new, web-based version of the SP 800-53, Revision 5 controls and SP 800-53B control baselines,
- a new page to download alternative formats of the controls (including XML, PDF, and CSV), and
- a control overlay repository for tailored control sets for different types of systems and environments of operation.
The goal of the new website was to create a more user-friendly experience, show the links between our many cybersecurity and privacy risk management resources, and most importantly, provide an easier way to visually highlight the many resources we have available for implementers.
The RMF website redesign is just the start of more updates to come. As mentioned in Kevin’s blog, the team is working on some exciting new guidance to include:
- Draft Special Publication (SP) 800-53A Revision 5, Assessing Security and Privacy Controls in Federal Information Systems Revision 4 and Organizations — Building Effective Assessment Plans: Updating the assessment procedures to correspond to the SP 800-53, Revision 5 controls and add in privacy-related assessment objects.
- SP 800-47, Managing the Security of Information Exchanges: An update and refresh to Security Guide for Interconnecting Information Technology Systems.
- NISTIR 8212, ISCMA: An Information Security Continuous Monitoring Program Assessment: An operational approach to assess an information security continuous monitoring (ISCM) program and corresponding tool for conducting a ISCM Program Assessments.
We are excited to share additional resources – both publications mentioned above and new tools – for the cybersecurity and privacy community in 2021. As Ron Ross would say, let’s simply, automate, and innovate. Stay tuned for more exciting things to come!
We also welcome feedback on the new website, as well as, requests or questions from implementers regarding specific RMF information. Please send all inquiries to sec-cert [at] nist.gov (sec-cert[at]nist[dot]gov).
A special note of thanks to the NIST OSCAL team, NVD team, the CSRC web team, and the ITL Communications Office for their support of the redesign, development of alternative control formats, and outreach!
