The Seven Steps of the NIST RMF
â‘ Prepare:Â
This step involves identifying and assigning individuals to specific roles associated with security and privacy risk management.
â‘¡ Categorize:
This step involves categorizing the system and the information processed, stored, and transmitted by that system based on an impact analysis.
â‘¢ Select:
In this step, security controls are selected and documented, including the implementation of a baseline set of controls.
â‘£ Implement:
This step involves implementing the security controls and describing how the controls are employed within the system and its environment of operation.
⑤ Assess:
This step involves assessing the security controls in the system to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system.
â‘¥ Authorize:
This step involves authorizing system operation based on a determination of the risk to organizational operations and assets, individuals, other organizations, and the Nation resulting from the operation of the system and the decision that this risk is acceptable.
⑦ Monitor:
This step involves monitoring and assessing selected security controls in the system on an ongoing basis, documenting changes to the system or its environment of operation, conducting security impact analyses of the associated changes, and reporting the security state of the system to designated organizational officials.
👉 If you liked that post, you might also enjoy out my article on the NIST RMF linked in the comments.
â‘ Prepare:Â
This step involves identifying and assigning individuals to specific roles associated with security and privacy risk management.
â‘¡ Categorize:
This step involves categorizing the system and the information processed, stored, and transmitted by that system based on an impact analysis.
â‘¢ Select:
In this step, security controls are selected and documented, including the implementation of a baseline set of controls.
â‘£ Implement:
This step involves implementing the security controls and describing how the controls are employed within the system and its environment of operation.
⑤ Assess:
This step involves assessing the security controls in the system to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system.
â‘¥ Authorize:
This step involves authorizing system operation based on a determination of the risk to organizational operations and assets, individuals, other organizations, and the Nation resulting from the operation of the system and the decision that this risk is acceptable.
⑦ Monitor:
This step involves monitoring and assessing selected security controls in the system on an ongoing basis, documenting changes to the system or its environment of operation, conducting security impact analyses of the associated changes, and reporting the security state of the system to designated organizational officials.
👉 If you liked that post, you might also enjoy out my article on the NIST RMF linked in the comments.
