Chapter 5

Risk Management Framework

Abstract

The primary method for testing and evaluation of governmental systems, the Risk Management Framework as defined in NIST Special Publication (SP) 800-37, revision 1, is defined and briefly explained.

Keywords

RMF

categorize system

select controls

implement controls

assess system

authorize system

monitor controls

The basic framework for security controls and their evaluation throughout the US government has been, and currently is, the Risk Management Framework as defined in SP 800-37, rev. 1. This chapter is providing a brief overview of that process as defined by NIST and some of the background on the expected methods and techniques for treatment of the various risks that an assessor will need to ...

Get Security Controls Evaluation, Testing, and Assessment Handbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Security Controls Evaluation, Testing, and Assessment Handbook by Leighton Johnson

Risk Management Framework

Abstract

Keywords

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly