Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.


The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

A Document-based View of the Risk Management Framework



Joshua Lubell


Cybersecurity professionals know the Risk Management Framework as a rigorous yet flexible process for managing security risk. But the RMF lacks a document focus, even though much of the process requires authoring, reviewing, revising, and accessing plans and reports. It is possible to build such a focus by looking more closely at these documents, starting with the System Security Plan and the roles of key participants responsible for it. Such a document- and role-centric view of the RMF process can lead the way toward more efficient and less error-prone security assurance.
Proceedings Title
Balisage Series on Markup Technologies
Conference Dates
July 27-31, 2020
Conference Location
Washington, DC
Conference Title
Balisage: The Markup Conference


Risk Management Framework, XML, OSCAL, DITA, markup language, System Security Plan
Created August 2, 2020, Updated August 3, 2020