nist risk management framework

nist risk management framework

Enhancing Cybersecurity Through the NIST Risk Management Framework

1. Introduction to Cybersecurity and Risk Management

The National Institute of Standards and Technology (NIST) has been working in a partnership effort with the Department of Defense (DoD), the Office of the Director of National Intelligence (ODNI), the U.S. Intelligence Community (IC), and the Committee on National Security Systems (CNSS) for over five years to develop this security configuration guidance. This guidance can be used to secure existing products, as well as to design new security solutions. NIST has additional security configuration guides for other off-the-shelf software applications, operating systems, and solutions for mainframe systems.

An authorized user should comply with an organization’s policies and practices in order to protect an organization’s sensitive information, resources, and critical infrastructure. As the dependence on information technology increases, the higher the stakes for cybersecurity, including personal safety, economic well-being, and national security. Individuals, organizations, and the nation will benefit from an increased understanding of how to identify and apply effective and beneficial cybersecurity controls.

2. Overview of the NIST Risk Management Framework (RMF)

The NIST Risk Management Framework (RMF) provides a robust – indeed, standardized – information security compliance verification process that is aligned with a continuous assessment and monitoring approach for security and privacy. The RMF provides a six-step lifecycle for conducting security and privacy activities – categorize, select, implement, assess, authorize, and monitor. The RMF provides a process, including principles and structures (i.e., control selection, implementation, and assessment), for aligning security and privacy activities with the system’s risk at the system’s lifecycle. Traditionally, security certification and accreditation processes were not necessarily linked with an organization’s risk management activities. Organizations were sometimes performing certification and accreditation activities without a notable link to the organization’s comprehensive risk management programs. The RMF legislation changed this framework mismatch by using a model that is responsive, adaptive, risk-managed, and information security/privacy capable.

Overview of the NIST Risk Management Framework (RMF)

3. Key Components and Steps of the NIST RMF

Once the use of information and its impact are understood, it’s the suite to generate the organization step. Identify both the organization’s overall ERMF set of controls and those special uses of organization-specific root keys that had to either provided to the General Support System (GSS) purchasing the service or compiled into the GSS’ HSS that are in scope of both the GSS and its associated Common Support System (CSS). Note that since we’re using the data at rest approach for the provision of these keys to GSS solutions are stronger than necessary for the GSS-to-CSS privilege that is used for access.

Identifying and categorizing the information to be protected. FIPS 199 mandates that the organization identify each of its systems that must be in the scope of an RMF processing and generally its high-level information types. This categorization activity is not new, but it still often presents challenges for organizations due to the flexibility of the use of system privileges/CSR controls. It’s sometimes hard to identify all and only those keys that need to be in scope.

4. Benefits and Best Practices of Implementing the NIST RMF

The NIST RMF may also be used to ensure that day-to-day risk management activities involve mission and information owners and is not limited to explicitly trusted factors (such posture is often uncomfortable for information security professionals). It is clear from the information vulnerabilities and misconceptions that are evident across the business world that systematic organization-wide cybersecurity awareness has not been achieved. Organizations that desire to acquire or leverage assistive American technologies (e.g., cloud computing or storage) to support essential operations and services should consider implementing the NIST RMF in these key business operational activities to effectively implement the organization’s security strategy, tactical and operational objectives, and program.

An important feature of the NIST RMF is the capability to expand and contract the rigor necessary to implement its six-staged process. For example, an SNMP agent installed in a facility’s wireless router is considered a FIPS 140-2 validated cryptographic module, while a browser-based management system that uses SSL to communicate with that agent is not. The risk associated with using a non-FIPS 140-2 validated encrypted session to connect and use the SNMP agent instead of the FIPS 140-2 validated encrypted session is derived from the potential losses of data integrity, confidentiality, and authenticity. This is achieved by systematically implementing layer upon layer of management, operational, and technical cybersecurity mechanisms that interact with one another and ensure that essential functions remain reliable and safe while deterring or mitigating issues in a dynamically changing threat landscape.

5. Case Studies and Real-World Applications of the NIST RMF

The use of the DHS/NCCIC Services catalog as a baseline for a common security service catalog in the federal government is another success story where the NIST RMF was the catalyst bringing stakeholders together. Both the NIST and DHS have utilized the implementation of the RMF and the CNSS 1253 standard to enforce a common language and process for the review of certification and authorization packages. This partnership has streamlined the rulemaking and information sharing between Federal Departments and Agencies.

The Department of Homeland Security’s (DHS’s) National Cybersecurity and Communications Integration Center (NCCIC) has experienced a number of successful applications of the NIST RMF. One example is the group effort with the FAA that led to the development of the CIRA community that assists agencies in taking a leap toward proven security capabilities. To move away from the stovepipe approach and establish a common process between two organizations has demonstrated a positive impact. The fact that implementing the RMF and the use of continuous monitoring and joint information sharing agreements between these two disparate organizations has improved the security stance overall was a huge success story.

Order a unique copy of this paper
(550 words)

Approximate price: $22

Basic features
  • Free title page and bibliography
  • Unlimited revisions
  • Plagiarism-free guarantee
  • Money-back guarantee
  • 24/7 support
On-demand options
  • Writer’s samples
  • Part-by-part delivery
  • Overnight delivery
  • Copies of used sources
  • Expert Proofreading
Paper format
  • 275 words per page
  • 12 pt Arial/Times New Roman
  • Double line spacing
  • Any citation style (APA, MLA, Chicago/Turabian, Harvard)

Our guarantees

We are committed to making our customer experience enjoyable and that we are keen on creating conditions where our customers feel secured and respected in their interactions with us.
With our qualified expert team who are available 24/7, we ensure that all our customer needs and concerns are met..

Money-back guarantee

Our refund policy allows you to get your money back when you are eligible for a refund. In such a case, we guarantee that you will be paid back to your credit card. Another alternative we offer you is saving this money with us as a credit. Instead of processing the money back, keeping it with us would be an easier way to pay for next the orders you place

Read more

Zero-plagiarism guarantee

All orders you place on our website are written from scratch. Our expert team ensures that they exercise professionalism, the laid down guidelines and ethical considerations which only allows crediting or acknowledging any information borrowed from scholarly sources by citing. In cases where plagiarism is confirmed, then the costumier to a full refund or a free paper revision depending on the customer’s request..

Read more

Free-revision policy

Quality is all our company is about and we make sure we hire the most qualified writers with outstanding academic qualifications in every field. To receive free revision the Company requires that the Customer provide the request within fourteen (14) days from the first completion date and within a period of thirty (30) days for dissertations.

Read more

Privacy policy

We understand that students are not allowed to seek help on their projects, papers and assignments from online writing services. We therefore strive to uphold the confidentiality that every student is entitled to. We will not share your personal information elsewhere. You are further guaranteed the full rights of originality and ownership for your paper once its finished.

Read more

Fair-cooperation guarantee

By placing an order with us, you agree to the service we provide. We will endear to do all that it takes to deliver a comprehensive paper as per your requirements. We also count on your cooperation to ensure that we deliver on this mandate.

Read more

Calculate the price of your order

550 words
We'll send you the first draft for approval by September 11, 2018 at 10:52 AM
Total price:
$26
The price is based on these factors:
Academic level
Number of pages
Urgency