NIST Risk Management Framework

E700396

U.S. federal government standard information security framework privacy risk management framework risk management framework

The NIST Risk Management Framework is a structured, step-by-step process for integrating security, privacy, and risk management activities into the system development life cycle for U.S. federal information systems and organizations.

Try in SPARQL Jump to: Statements Referenced by

Statements (51)

Predicate	Object
instanceOf	U.S. federal government standard ⓘ information security framework ⓘ privacy risk management framework ⓘ risk management framework ⓘ
abbreviation	NIST RMF NERFINISHED ⓘ
alignedWith	NIST Cybersecurity Framework NERFINISHED ⓘ NIST Special Publication 800-53 NERFINISHED ⓘ NIST Special Publication 800-53A NERFINISHED ⓘ
appliesTo	U.S. federal agencies NERFINISHED ⓘ U.S. federal information systems ⓘ federal contractors handling federal information ⓘ information systems ⓘ
countryOfOrigin	United States of America ⓘ surface form: United States
definedIn	NIST Special Publication 800-37 Revision 2 NERFINISHED ⓘ
developedBy	National Institute of Standards and Technology NERFINISHED ⓘ
emphasizes	continuous improvement ⓘ organizational risk tolerance ⓘ senior leadership accountability ⓘ
focusesOn	information security risk management ⓘ organizational risk management ⓘ privacy risk management ⓘ
includesStep	Assess ⓘ Authorize ⓘ Categorize ⓘ Implement ⓘ Monitor ⓘ Prepare ⓘ Select ⓘ
integrates	privacy activities ⓘ risk management activities ⓘ security activities ⓘ
integratesWith	system development life cycle ⓘ
objective	improve information system resilience ⓘ integrate risk management into SDLC ⓘ manage information security risk ⓘ manage privacy risk ⓘ promote near real-time risk management ⓘ
previouslyDefinedIn	NIST Special Publication 800-37 Revision 1 NERFINISHED ⓘ
replaced	NIST Certification and Accreditation process NERFINISHED ⓘ
supports	continuous monitoring ⓘ ongoing authorization ⓘ risk-based decision making ⓘ system authorization ⓘ
targetAudience	authorizing officials ⓘ federal agency risk executives ⓘ information security officers ⓘ information system owners ⓘ privacy officers ⓘ
uses	control baselines ⓘ privacy controls ⓘ security controls ⓘ

Referenced by (2)

Full triples — surface form annotated when it differs from this entity's canonical label.

NIST SP 800 series → supportsFramework → NIST Risk Management Framework ⓘ

Federal Information Security Management Act of 2002 → basisFor → NIST Risk Management Framework ⓘ