NIST releases its Risk Management Framework 2.0
By MYBRANDBOOK
The National Institute of Standards and Technology posted the newest update to its Risk Management Framework.
“RMF 2.0 is the first framework in the world to address security, privacy, and supply chain risk in an integrated manner - at the organization, mission/business process, and system levels,” NIST Fellow Ron Ross wrote in a Twitter post.
RMF 2.0’s full name is the NIST Special Publication 800-37 Revision 2, Risk Management Framework (RMF) for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy.
NIST said RMF 2.0 adds a step called Prepare and includes seven major objectives.
Prepare is intended to help organizations facilitate effective communication between executives and employees. It also guides users to enable enterprise-wide identification of privacy and security controls, reduce complexity of IT systems and applications, eliminate unnecessary functions and, ultimately prioritize resources for high value assets and protect those accordingly.
NIST listed the seven objectives of the Risk Management Framework -
1. Provide closer linkage and communication to top executives and governance-level employees and the rest of the organization
2. Create critical risk management preparatory activities at all necessary levels
3. Show how the NIST Cybersecurity Framework can be aligned with the RMF
4. Include privacy risk management in the RMF
5. Promote trustworthy secure systems by aligning the RMF with NIST framework for engineering such secure systems
6. Integrate supply chain risk management concepts into the RMF
7. Enable organizations to generate a “control selection approach” as a complement to NIST SP 800-53 Revision 5 consolidated control catalog.
“By achieving the above objectives, organizations can simplify RMF execution, employ innovative approaches for managing risk, and increase the level of automation when carrying out specific tasks,” NIST added.
BHIM to join e-commerce, competing with PhonePe and Google Pay
The government-supported payment software BHIM is getting ready to join t...
The latest version of X helps prevent deepfakes on social medi
To combat deepfakes and shallowfakes, Elon Musk revealed a new update t...
India and Namibia collaborate on a payment system similar to U
Once operational, the platform will enable digital transactions in Namibia,...
Sebi issues show-cause notices to six Adani group firms
Sebi issued show-cause notices to six Adani Group firms, including Adani ...
BHARAT ELECTRONICS LTD.
SAMSUNG INDIA ELECTRONICS PVT. LTD.
SECLORE TECHNOLOGY PVT. LTD.
INFOSYS TECHNOLOGIES PVT. LTD.
Technology Icons Of India 2023: Rajiv Srivastava
Rajiv Srivastava is the Managing Director of Redington Group. With 35 ...
Technology Icons Of India 2023: Lt Gen (Dr.) Rajesh Pant (Retd.)
LT Gen(Dr.) Rajesh Panth (Retd.), National cyber security coordination...
Technology Icons Of India 2023: C P Gurnani
CP Gurnani (popularly known as ‘CP’ within his peer group), is the...
GSTN aims to integrate indirect tax ecosystem on a shared IT infrastructure
Goods and Services Tax Network (GSTN) has built Indirect Taxation plat...
Aadhaar: Architecting the World's Largest Biometric Identity System
The Unique Identification Authority of India (UIDAI) is a statutory au...
CERT-IN protecting the cyber security space of India
CERT-In serves in the area of cyber security threats like hacking and ...
SAVEX TECHNOLOGIES PVT. LTD.
Savex Technologies is the 3rd largest Information & Communication Tec...
SATCOM INFOTECH PVT. LTD.
Satcom Infotech Pvt. Ltd is a distribution houses in security in India...
REDINGTON INDIA LIMITED
Redington (India) Limited operates in the IT product distribution busi...