14,932
edits
Changes
National Institute of Standards and Technology (view source)
Revision as of 16:52, 20 July 2021
, 2 years ago→SP 800-37
NIST SP 800-37 Rev. 2 (RMF 2.0) aka "Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy" superseded RMF 1.0 (above) on December 20, 2019, providing guidelines for applying the RMF to information systems and organizations.<ref>[https://csrc.nist.gov/publications/detail/sp/800-37/rev-1/archive/2014-06-05 ITL Bulletin, NIST]</ref>
NIST SP 800-37 Rev. 2 (RMF 2.0) aka "Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy" superseded RMF 1.0 (above) on December 20, 2019, providing guidelines for applying the RMF to information systems and organizations.<ref>[https://csrc.nist.gov/publications/detail/sp/800-37/rev-1/archive/2014-06-05 ITL Bulletin, NIST]</ref>
Significance of RMF 2.0:
*the first NIST publication to include full integration of privacy risk management into the existing information security risk management processes;
* direct references to the Cybersecurity Framework, i.e., implementing RMF 2.0 helps achieve Framework outcomes;
* the Prepare step achieves more effective, efficient, and cost-effective security and privacy risk management processes. Previously part of SP 800-18, -30, -39, -47, and -160, this step institutionalizes organizational- and system-level communication facilitation by offering organizations a single, focal resource and methodology;
* catalyst to organization-wide identification of common controls and the development of tailored control baselines;
* reduces the complexity of the IT infrastructure; and
* provides methods to identify, prioritize and focus resources based on risk/value analysis.<ref>[https://csrc.nist.gov/CSRC/media/Publications/Shared/documents/itl-bulletin/itlbul2019-02.pdf RMF 2.0 Bulletin pg. 4]</ref>
==Cybersecurity Framework==
==Cybersecurity Framework==