NIST Risk Management Framework

A comprehensive 7-step process to manage organizational risk from information systems and protect the confidentiality, integrity, and availability of information.

7
Steps
NIST
Standard
ATO
Authority to Operate
800-37
SP Rev.2

The 7 Steps of NIST RMF

1

PREPARE

Prepare organization to manage security and privacy risks

2

CATEGORIZE

Categorize system and information based on impact analysis

3

SELECT

Select appropriate controls to protect the system

4

IMPLEMENT

Implement security controls and document in SSP

5

ASSESS

Assess control effectiveness and document findings

6

AUTHORIZE

Make authorization decision and issue ATO

7

MONITOR

Monitor controls and system changes continuously

Resources

NIST SP 800-37 Rev.2