RMF

RMF, or Risk Management Framework, is a structured process for identifying, implementing, and maintaining security controls for information systems. It is best known for its use within the United States federal government, where it provides a repeatable methodology to manage cybersecurity risk across the system life cycle, from initial authorization to ongoing operation and monitoring.

Origin and standards

The RMF was developed by the National Institute of Standards and Technology (NIST) and is described in

Process overview

RMF comprises a series of steps that may be performed iteratively. Typical stages include: Prepare (establish

Scope and usage

Although rooted in federal use, RMF has been adopted by many organizations outside the U.S. government and