APPENDIX A

The NIST Risk Management Framework

We’ve discussed the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) throughout this book, albeit in specific pieces relevant to the context of each chapter. Here, in Appendix A, we’ve gathered this information all in one place, for easier reference and understanding. The NIST RMF is not testable on the exam; however, you’ll find that more and more risk management professionals are being exposed to it and having to learn and apply it to their own organization’s risk management strategy and programs. If you work in the U.S. government, compliance with the RMF is becoming mandatory by almost all government agencies and, by extension, to their contractors and anyone ...

Get CRISC Certified in Risk and Information Systems Control All-in-One Exam Guide now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.