Introducing the RMF Small Enterprise Quick Start Guide
Today, NIST released the RMF Small Enterprise Quick Start Guide. The new guide is designed to help small, under-resourced entities understand the value and core components of the RMF and provides a starting point for designing and implementing an information security and privacy risk management program. Within the guide you’ll find:
- An overview of the seven steps of the RMF process
- Foundational tasks for each RMF step
- Tips for getting started
- Sample planning tables
- Key terminology and definitions
- Questions for organizations to consider
- Related resources
About the NIST RMF
The RMF provides a comprehensive, flexible, repeatable, and measurable seven-step process that organizations can use to manage their unique information security and privacy risks. The RMF can be applied to new and existing systems, any type of system or technology (e.g., IoT, control systems), and within any type of organization regardless of size or sector.
NIST has developed a suite of resources to help users get the most out of the RMF, including the recently released introductory courses for SP 800-53, SP 800-53A, and SP 800-53B. This portfolio of resources is designed to make the RMF easier to put into action for organizations of all sizes and types.