Are you in compliance?

Don't miss out! Sign up today for our weekly newsletters and stay abreast of important GRC-related information and news.


Status message

Start your free, no obligation 5-day trial to continue exploring with full access.

Understanding NIST’s new Risk Management Framework

Jaclyn Jaeger | February 8, 2019

The National Institute of Standards and Technology recently published the final version of its latest Risk Management Framework, gifting companies across all sectors with a comprehensive new roadmap as they look to seamlessly integrate their cyber-security, privacy, and supply-chain risk management processes.

NIST published Risk Management Framework (RMF) 2.0—formally called NIST Special Publication 800-37 Revision 2—on Dec. 20, 2018, following a seven-month consultation and comment period. Importantly, RMF 2.0 provides cross-references to NIST’s widely adopted Cybersecurity Framework (CSF) throughout the 183-page document, so that users of the RMF can see exactly where and how both frameworks align with one another.

Published in April 2018, the CSF has been widely adopted by many in the private sector as a yardstick against which companies measure their cyber-security practices relative to the threats they face. Cyber...

Read this single article for $49, or click the subscribe button below to review subscription options.

Enjoy unlimited access to thousands of articles, browse five years of digital magazines, qualify for reduced admission to events, and more.