National Institute of Standards and Technology. (2018, December). SP 800–37 Rev. 2, RMF: A system life cycle approach for security and privacy.CSRC. The NIST Risk Management Framework (RMF) provides a comprehensive, flexible, repeatable, and measurable 7-step process that any organization can use to manage information security and privacy risk for organizations and systems and links to a suite of NIST standards and guidelines to support implementation of risk management programs to meet the requirements of the Federal Information Security Modernization Act (FISMA).
Jaeger, J. (2019). Understanding NIST’s new risk management framework. Compliance Week, 16(177), 62. This resource will help you understand the new Risk Management Framework that the National Institute of Standards and Technology (NIST) recently released the final version of its current Risk Management Framework, including a detailed new roadmap for businesses of all sizes looking to incorporate their cyber-security, privacy, and supply-chain risk management processes.
Berk, S. (2020). NIST ushers in a new era of IT risk management. ISSA Journal, 18(1), 14–19. The NIST Risk Management Framework (RMF) walks enterprise defense contractors through the assessment and authorization (A&A) process to demonstrate that their government-connected or -supporting networks are safe and that they have sufficient processes in place to handle and mitigate cybersecurity risk.
Greene, S. (2020). 32.2 Frameworks and guidance (Lesson 32: Explain the importance of applicable regulations standards or frameworks that impact organizational security posture) [Video]. In CompTIA Security+ SY0-601. Pearson IT Certification. An information security benchmark is intended to help an organization identify their cybersecurity capabilities. The Center for Internet Security, CIS benchmarks are consensus based best practices for secure configuration of a target system. The CIS benchmarks are widely accepted by government, business, industry, and academia.
National Institute of Standards and Technology. (2018). Framework for improving critical infrastructure cybersecurity, Version 1.1. This publication is the result of an ongoing collaborative effort involving industry, academia, and government. The National Institute of Standards and Technology (NIST) launched the project by convening private- and public-sector organizations and individuals in 2013. Published in 2014 and revised during 2017 and 2018, this Framework for Improving Critical Infrastructure Cybersecurity has relied upon eight public workshops, multiple Requests for Comment or Information, and thousands of direct interactions with stakeholders from across all sectors of the United States along with many sectors from around the world.