Risk Management Framework (RMF) is the U.S. government’s security protocol guidelines for federal employees and IT systems. It was created by the National Institute of Standards and Technology (NIST) in 2010 and was later adopted by the Department of Defense (DOD).
All federal agencies are required to abide by RFM policies and procedures. However, other organizations in industries outside of government have also used the framework as part of their overall security plan.
An overview of Risk Management Framework (RMF)
There are seven specific steps involved in RMF as outlined by NIST: