In December 2018, the National Institute of Standards and Technology (NIST) published an update for the Department of Defense Risk Management Framework (RMF). The comprehensive roadmap is officially titled NIST Special Publication (SP) 800-37 Revision 2, Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy.
NIST published Revision 2 on December 20, 2018 as a first step toward providing security and risk management with an integrated and flexible methodology. In addition to the government implementing RMF 2.0 as a strategy, DoD contractors are required to meet standards as well.
The RMF describes processes that must be followed by all federal agencies in order to secure, authorize, and manage IT systems and cybersecurity capabilities and services. The next-generation RMF integrates privacy and adds RMF to the software development life cycle. Additionally, version two includes information on aligning the RMF with NIST’s Cybersecurity Framework, supply chain, and security engineering.
Ultimately, the updated documentation provides a broader, more comprehensive set of guidelines to manage risk in federal agencies and other organizations seeking to strengthen their risk management process.
The revision identifies seven major objectives. All are essential for the successful execution of the RMF, according to NIST.
Most notably, RMF 2.0 includes a new “Prepare” step, outlining which activities are essential at organizational and information system levels to help manage security and privacy risks, including supply-chain risk .The new “Prepare” step is the best starting point to begin executing the RMF.
Its primary objectives include:
In summary, the key additions incorporated into the RMF 2.0 include:
For all government vendors, this offers a new direction for best practices to follow. Discover more about the RMF 2.0 here.
Incorporated in 2005, PPT Solutions, Inc. provides systems and software engineering services to government and commercial aerospace organizations. PPT represents People, Processes, and Technology, and it is our goal to offer solutions that improve the effectiveness of these three things to work together for optimum performance. Find out more today!