NIST RMF process overview
The NIST RMF navigation structure facilitates the management of the NIST security controls through activities of categorization, selection, implementation, assessment, authorization, and monitoring. These security controls are described in the NIST 800-37.r1 special publication.
Note:
Starting with version 10.1.0, the NIST RMF Use Case Accelerator will be supported only for customers who currently use the product. New and existing customers should consider using the GRC: Continuous Authorization Monitoring application. For
details, Continuous Authorization and Monitoring.
NIST RMF process overview
- The risk executives and/or the security officers categorize the targets.
- The risk executives, the security officers and/or the control providers select baseline control definitions.
- The risk executives and/or the security officers implement baseline security controls.
- The security accessors, the risk executives, and/or the security officers assess the
security controls:
- Manage and address issues
- Manage and address remediation tasks
- The authorizing official, the risk executives, and/or the security officers authorize targets.
- The risk executives and/or the security officers monitor security controls:
- Review and manage indicators
- Monitor the NIST RMF Overview dashboard