This webcast will provide a 2-hour overview and deep dive of the recently released , Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy. This update to NIST SP 800-37 develops the next-generation Risk Management Framework (RMF) for systems, organizations, and individuals by:
- Providing a closer link and communication between the risk management processes and activities at the C-suite and the individuals, processes, and activities at the system and operational level of the organization through the addition of the Prepare Step;
- Institutionalizing foundational risk management preparatory activities at all risk management levels;
- Demonstrating how the can be aligned with the RMF and implemented using established NIST risk management processes;
- Integrating privacy risk management processes into the RMF to better support the privacy protection needs for which privacy programs are responsible;
- Promoting the development of trustworthy secure software and systems by aligning life cycle-based systems engineering processes in ;
- Integrating security-related, supply chain risk management (SCRM) concepts into the RMF to address untrustworthy suppliers, insertion of counterfeits, tampering, unauthorized production, theft, insertion of malicious code, and poor manufacturing and development practices throughout the SDLC; and
- Allowing for an organization-generated control selection approach to complement the traditional baseline control selection approach and support the use of the consolidated security and privacy control catalog in .
This webcast will feature an introduction by Dr. Ron Ross, NIST Fellow, an overview of the updates in SP 800-37, Revision 2, followed by a deep dive into the Steps and Tasks of the RMF by Kelley Dempsey, Vicky Pillitteri and Naomi Lefkovitz.
At the conclusion of the event, speakers will address questions sent to or Twitter using the hashtag #NISTRMF.
The webcast will be recorded and available on this website within 2 weeks following the event; slides will be available on this website prior to the webcast.
Continuing Education Units (CEUs)
Attendees are always welcome to self-report to their authoritative certification bodies to request CEUs for attending this event.