An official website of the United States government
Here’s how you know
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
A Document-based View of the Risk Management Framework
Published
Author(s)
Joshua Lubell
Abstract
Cybersecurity professionals know the Risk Management Framework as a rigorous yet flexible process for managing security risk. But the RMF lacks a document focus, even though much of the process requires authoring, reviewing, revising, and accessing plans and reports. It is possible to build such a focus by looking more closely at these documents, starting with the System Security Plan and the roles of key participants responsible for it. Such a document- and role-centric view of the RMF process can lead the way toward more efficient and less error-prone security assurance.
Lubell, J.
(2020),
A Document-based View of the Risk Management Framework, Balisage Series on Markup Technologies, Washington, DC, [online], https://doi.org/10.4242/BalisageVol25.Lubell01
(Accessed March 28, 2024)