The main objectives of this update are to:
- Drive greater ties between risk management approaches at the C-Suite level and those at the operational level
- Set standards for critical risk management actions at all levels in order for the efficient execution of the RMF
- Show how the NIST CSF (Cybersecurity Framework) works with the RMF and also can be implemented using NIST’s risk management approach
- Promote the creation of secure software and systems by using system-engineering processes in NIST Special Publication 800-160
- Integrate privacy risk management processes into the RMF and to support privacy protection needs
- Work in supply chain risk management related to security into the RMF
- Enable the organization to select controls that complement the RMF as well as promote the use of the NIST 800-53 controls
NIST is seeking public commentary on the updated draft until October 31, 2018.
NIST RMF and CSF
NIST’s RMF provides a structured approach to risk management. This ensures that risk is managed in line with an organization’s requirements, business objectives, and risk appetite. Effective risk management is important to an organization’s cybersecurity.
The update to the RMF will further align the RMF to the NIST Cybersecurity (CSF). The CSF is a voluntary framework that helps organizations manage and also mitigate cybersecurity risk based on existing standards, guidelines, and practices. This makes it easier for organizations to apply both.
Learn more about the NIST CSF
Organizations that are serious about protecting people’s privacy should also be serious about cybersecurity. They must protect themselves from the impact of a cyber attack. A solid cybersecurity strategy helps protect your organization, and keeps it running in the event of a successful attack.
Our essential NIST CSF pocket guide will help you gain a clear understanding of the framework.