An official website of the United States government
Here’s how you know
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Risk Management Framework: Helping Organizations Implement Effective Information Security Programs
Published
Author(s)
Shirley M. Radack
Abstract
This bulletin summarizes information about the Risk Management Framework (RMF) and points to NIST standards and guidelines that assist agencies in achieving effective security for their information technology (IT) systems. The RMF guides agencies through a series of steps, taking into account the risks such as the magnitude of harm resulting from the unauthorized access, use, disclosure, disruption, modification, or destruction of information. The bulletin explains the risk management process that IT managers apply to balance the operational and economic costs of protective measures for their information and IT systems with the gains in capabilities and improved support of organizational mission that result from the use of efficient protection procedures. Information is provided about how to access the NIST standards and guidelines that pertain to the risk management process. References are given to web pages that can be accessed for more information about the process and the Risk Management Framework
Federal Information Processing Standards, information security, information system security, NIST Special Publications, risk management, Risk Management Framework, security authorization, security categorization, security certification, security controls
Radack, S.
(2009),
Risk Management Framework: Helping Organizations Implement Effective Information Security Programs, ITL Bulletin, National Institute of Standards and Technology, Gaithersburg, MD, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=903258
(Accessed December 12, 2024)