| CARVIEW |
This is a potential security issue, you are being redirected to https://csrc.nist.gov.
An official website of the United States government
Here’s how you know
Official websites use .gov
A
.gov website belongs to an official government
organization in the United States.
Secure .gov websites use HTTPS
A
lock (
) or https:// means you’ve safely connected to
the .gov website. Share sensitive information only on official,
secure websites.
NIST Risk Management Framework RMF
Project Links
About the Risk Management Framework (RMF)
A Comprehensive, Flexible, Risk-Based Approach
The Risk Management Framework (RMF) provides a process that integrates security, privacy, and cyber supply chain risk management activities into the system development life cycle. The risk-based approach to control selection and specification considers effectiveness, efficiency, and constraints due to applicable laws, directives, Executive Orders, policies, standards, or regulations. Managing organizational risk is paramount to effective information security and privacy programs; the RMF approach can be applied to new and legacy systems, any type of system or technology (e.g., IoT, control systems), and within any type of organization regardless of size or sector. The RMF is one of many publications developed by the Joint Task Force (JTF).
For more information on each RMF Step, including Resources for Implementers and Supporting NIST Publications, select the Step below.
| Prepare | Essential activities to prepare the organization to manage security and privacy risks |
| Categorize | Categorize the system and information processed, stored, and transmitted based on an impact analysis |
| Select | Select the set of NIST SP 800-53 controls to protect the system based on risk assessment(s) |
| Implement | Implement the controls and document how controls are deployed |
| Assess | Assess to determine if the controls are in place, operating as intended, and producing the desired results |
| Authorize | Senior official makes a risk-based decision to authorize the system (to operate) |
| Monitor | Continuously monitor control implementation and risks to the system |
These resources may be used by governmental and nongovernmental organizations, and is not subject to copyright in the United States. Attribution would, however, be appreciated by NIST.
Graphics
- Download NIST RMF Graphic [.svg] [.png]
- Download NIST RMF Graphic: Prepare [.svg] [.png]
- Download NIST RMF Graphic: Categorize [.svg] [.png]
- Download NIST RMF Graphic: Select [.svg] [.png]
- Download NIST RMF Graphic: Implement [.svg] [.png]
- Download NIST RMF Graphic: Assess [.svg] [.png]
- Download NIST RMF Graphic: Authorize [.svg] [.png]
- Download NIST RMF Graphic: Monitor [.svg] [.png]
![[.svg]](/CSRC/media/Projects/risk-management/images-media/RMF%20Logos/SVG%20Format/NIST%20RMF%20Graphic.svg){kind=link}
![[.png]](carview.php?tsp=https://csrc.nist.gov/CSRC/media/Projects/risk-management/images-media/RMF%20Logos/PNG%20Format/NIST%20RMF%20Graphc.png){kind=link}
![[.svg]](/CSRC/media/Projects/risk-management/images-media/RMF%20Logos/SVG%20Format/NIST%20RMF%20Graphic-Prepare%20Step.svg){kind=link}
![[.png]](carview.php?tsp=https://csrc.nist.gov/CSRC/media/Projects/risk-management/images-media/RMF%20Logos/PNG%20Format/NIST%20RMF%20Graphc-Prepare%20Step.png){kind=link}
![[.svg]](/CSRC/media/Projects/risk-management/images-media/RMF%20Logos/SVG%20Format/NIST%20RMF%20Graphic-Categorize%20Step.svg){kind=link}
![[.png]](carview.php?tsp=https://csrc.nist.gov/CSRC/media/Projects/risk-management/images-media/RMF%20Logos/PNG%20Format/NIST%20RMF%20Graphc-Categorize%20Step.png){kind=link}
![[.png]](carview.php?tsp=https://csrc.nist.gov/CSRC/media/Projects/risk-management/images-media/RMF%20Logos/PNG%20Format/NIST%20RMF%20Graphc-Select%20Step.png){kind=link}
![[.svg]](/CSRC/media/Projects/risk-management/images-media/RMF%20Logos/SVG%20Format/NIST%20RMF%20Graphic-Implement%20Step.svg){kind=link}
![[.png]](carview.php?tsp=https://csrc.nist.gov/CSRC/media/Projects/risk-management/images-media/RMF%20Logos/PNG%20Format/NIST%20RMF%20Graphc-Implement%20Step.png){kind=link}
![[.svg]](/CSRC/media/Projects/risk-management/images-media/RMF%20Logos/SVG%20Format/NIST%20RMF%20Graphic-Assess%20Step.svg){kind=link}
![[.png]](carview.php?tsp=https://csrc.nist.gov/CSRC/media/Projects/risk-management/images-media/RMF%20Logos/PNG%20Format/NIST%20RMF%20Graphc-Assess%20Step.png){kind=link}
![[.svg]](/CSRC/media/Projects/risk-management/images-media/RMF%20Logos/SVG%20Format/NIST%20RMF%20Graphic-Authorize%20Step.svg){kind=link}
![[.png]](carview.php?tsp=https://csrc.nist.gov/CSRC/media/Projects/risk-management/images-media/RMF%20Logos/PNG%20Format/NIST%20RMF%20Graphc-Authorize%20Step.png){kind=link}
![[.png]](carview.php?tsp=https://csrc.nist.gov/CSRC/media/Projects/risk-management/images-media/RMF%20Logos/PNG%20Format/NIST%20RMF%20Graphc-Monitor%20Step.png){kind=link}
Quick Start Guides (QSG) for the RMF Steps
- Download RMF QSG: Prepare Step FAQ [.pdf]
- Download RMF QSG: Categorize Step FAQ [.pdf]
- Download RMF QSG: Select Step FAQ [.pdf]
- Download RMF QSG: Implement Step FAQ [.pdf]
- Download RMF QSG: Assess Step FAQ [.pdf]
- Download RMF QSG: Authorize Step FAQ [.pdf]
- Download RMF QSG: Monitor Step FAQ [.pdf]
- Download RMF QSG: ALL FAQs [.zip]
- Download RMF QSG: Roles and Responsibilities [.pdf] [.xlsx]
- Download RMF QSG: Resources [.pdf]
- Download RMF QSG: Small Enterprise [.pdf]
Project Links
Additional Pages
Contacts
NIST Risk Management Framework Team
[email protected]
Topics
Security and Privacy: general security & privacy, privacy, risk management, security measurement, security programs & operations
Laws and Regulations: E-Government Act, Federal Information Security Modernization Act
Related Projects
Control Overlays for Securing AI SystemsCybersecurity Framework
Cybersecurity Supply Chain Risk Management
Federal Cybersecurity & Privacy Forum
macOS Security
Open Security Controls Assessment Language
Operational Technology Security
Privacy Engineering
Protecting CUI
Systems Security Engineering (SSE) Project
Additional Pages
FISMA Background About the RMF Prepare Step Categorize Step Select Step Implement Step Assess Step Authorize Step Monitor Step SP 800-53 Controls SP 800-53 Release Search Downloads Control Catalog Public Comments Overview Public Comments: Submit and View Control Overlay Repository RMF Introductory Courses RMF Email List RMF Team Speaker Request
Contacts
NIST Risk Management Framework Team
[email protected]
Topics
Security and Privacy: general security & privacy, privacy, risk management, security measurement, security programs & operations
Laws and Regulations: E-Government Act, Federal Information Security Modernization Act
Related Projects
Control Overlays for Securing AI Systems
Cybersecurity Framework
Cybersecurity Supply Chain Risk Management
Federal Cybersecurity & Privacy Forum
macOS Security
Open Security Controls Assessment Language
Operational Technology Security
Privacy Engineering
Protecting CUI
Systems Security Engineering (SSE) Project