Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

A Document-based View of the Risk Management Framework



Joshua Lubell


Cybersecurity professionals know the Risk Management Framework as a rigorous yet flexible process for managing security risk. But the RMF lacks a document focus, even though much of the process requires authoring, reviewing, revising, and accessing plans and reports. It is possible to build such a focus by looking more closely at these documents, starting with the System Security Plan and the roles of key participants responsible for it. Such a document- and role-centric view of the RMF process can lead the way toward more efficient and less error-prone security assurance.
Proceedings Title
Balisage Series on Markup Technologies
Conference Dates
July 27-31, 2020
Conference Location
Washington, DC
Conference Title
Balisage: The Markup Conference


Risk Management Framework, XML, OSCAL, DITA, markup language, System Security Plan


Lubell, J. (2020), A Document-based View of the Risk Management Framework, Balisage Series on Markup Technologies, Washington, DC, [online], (Accessed April 19, 2024)
Created August 2, 2020, Updated August 3, 2020