U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

PUBLICATIONS

Risk Management Framework: Helping Organizations Implement Effective Information Security Programs

Published

Author(s)

Shirley M. Radack

Abstract

This bulletin summarizes information about the Risk Management Framework (RMF) and points to NIST standards and guidelines that assist agencies in achieving effective security for their information technology (IT) systems. The RMF guides agencies through a series of steps, taking into account the risks such as the magnitude of harm resulting from the unauthorized access, use, disclosure, disruption, modification, or destruction of information. The bulletin explains the risk management process that IT managers apply to balance the operational and economic costs of protective measures for their information and IT systems with the gains in capabilities and improved support of organizational mission that result from the use of efficient protection procedures. Information is provided about how to access the NIST standards and guidelines that pertain to the risk management process. References are given to web pages that can be accessed for more information about the process and the Risk Management Framework
Citation
ITL Bulletin -
NIST Pub Series
ITL Bulletin
Pub Type
NIST Pubs

Download Paper

Local Download

Keywords

Federal Information Processing Standards, information security, information system security, NIST Special Publications, risk management, Risk Management Framework, security authorization, security categorization, security certification, security controls
Information technology

Citation

Radack, S. (2009), Risk Management Framework: Helping Organizations Implement Effective Information Security Programs, ITL Bulletin, National Institute of Standards and Technology, Gaithersburg, MD, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=903258 (Accessed May 9, 2026)
Additional citation formats

Issues

If you have any questions about this publication or are having problems accessing it, please contact [email protected].

Created July 23, 2009, Updated February 19, 2017
Was this page helpful?