Implementing the NIST Risk Management Framework

Learn how to manage your organization's security and privacy risks by implementing the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF).

Introduction

• Reducing risks using the NIST Risk Management Framework

1. NIST RMF Preparation

• Preparing for a NIST RMF assessment
• Case study Introduction
• Why use a risk-based approach to security?
• Preparing a risk-based approach to security

2. Categorize System

• How to determine in-scope systems
• NIST RMF scoping tips, techniques, and perspectives
• How to inventory critical assets
• Completing a business impact analysis (BIA)

3. Controls, Selection, and Implementation

• Comparing common security control frameworks
• Choosing security frameworks and control levels
• Applying NIST security controls

4. Assessing Controls

• Setting NIST RMF assessment goals
• NIST RMF assessment steps
• How to analyze NIST RMF assessment results
• Assessing controls and risk exercise

5. Authorize

• How officials authorize systems

6. Monitor

• Setting monitoring goals to meet NIST requirements
• Examples of monitoring

Conclusion

• Best practices in implementing the NIST RMF
• Resources for your NIST RMF journey