Check out our new and improved Risk Management Framework (RMF) website that better highlights the resources NIST developed to support implementers. In addition to the look, we have:
- updated the layout of the site to focus on the RMF steps,
- identified specific resources and tools available for each RMF step,
- included supporting NIST publications for each RMF step,
- updated the RMF logo, and
- Featured resources specific to the NIST Security and Privacy Controls in Special Publication (SP) 800-53, such as:
The goal of the new website was to create a more user-friendly experience, show the links between our many cybersecurity and privacy risk management resources, and most importantly, provide an easier way to visually highlight the many resources we have available for implementers.
The RMF website redesign is just the start of more updates to come. As mentioned in Kevin’s blog, the team is working on some exciting new guidance to include:
- Draft Special Publication (SP) 800-53A Revision 5, Assessing Security and Privacy Controls in Federal Information Systems Revision 4 and Organizations — Building Effective Assessment Plans: Updating the assessment procedures to correspond to the SP 800-53, Revision 5 controls and add in privacy-related assessment objects.
- SP 800-47, Managing the Security of Information Exchanges: An update and refresh to Security Guide for Interconnecting Information Technology Systems.
- NISTIR 8212, ISCMA: An Information Security Continuous Monitoring Program Assessment: An operational approach to assess an information security continuous monitoring (ISCM) program and corresponding tool for conducting a ISCM Program Assessments.
We are excited to share additional resources – both publications mentioned above and new tools – for the cybersecurity and privacy community in 2021. As Ron Ross would say, let’s simply, automate, and innovate. Stay tuned for more exciting things to come!
We also welcome feedback on the new website, as well as, requests or questions from implementers regarding specific RMF information. Please send all inquiries to email@example.com.
A special note of thanks to the NIST OSCAL team, NVD team, the CSRC web team, and the ITL Communications Office for their support of the redesign, development of alternative control formats, and outreach!