APPENDIX A

The NIST Risk Management Framework

We’ve discussed the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) throughout this book, albeit in specific pieces relevant to the context of each chapter. Here, in Appendix A, we’ve gathered this information all in one place, for easier reference and understanding. The NIST RMF is not testable on the exam; however, you’ll find that more and more risk management professionals are being exposed to it and having to learn and apply it to their own organization’s risk management strategy and programs. If you work in the U.S. government, compliance with the RMF is becoming mandatory by almost all government agencies and, by extension, to their contractors and anyone ...

Get CRISC Certified in Risk and Information Systems Control All-in-One Exam Guide now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.