Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy
This publication describes the Risk Management Framework (RMF) and
provides guidelines for applying the RMF to information systems and
organizations. The RMF provides a disciplined, structured, and flexible
process for managing security and privacy risk that includes information
security categorization; control selection, implementation, and
assessment; system and common control authorizations; and continuous
monitoring. The RMF includes activities to prepare organizations to
execute the framework at appropriate risk management levels. The RMF
also promotes near real-time risk management and ongoing information
system and common control authorization through the implementation of
continuous monitoring processes; provides senior leaders and executives
with the necessary information to make efficient, cost-effective, risk
management decisions about the systems supporting their missions and
business functions; and incorporates security and privacy into the
system development life cycle. Executing the RMF tasks links essential
risk management processes at the system level to risk management
processes at the organization level. In addition, it establishes
responsibility and accountability for the controls implemented within an
organization’s information systems and inherited by those systems.
Comments
Post a Comment