Glossary of Compliance

Compliance Glossary

Our list of curated compliance glossary offers everything you to know about compliance in one place.

Glossary » NIST » NIST Risk Management Framework (RMF)

NIST Risk Management Framework (RMF)

NIST Risk Management Framework (RMF) is a seven-step repeatable process to manage and mitigate risks related to information systems. Developed by the National Institute of Standards and Technology (NIST), the framework was originally developed for federal agencies but has since been adopted by various industries to achieve compliance and manage cybersecurity risks.


The framework integrates security, privacy and cybersecurity supply chain risks into system development lifecycle to enable organizations to take a risk-based approach throughout the control implementation process.

The seven key steps in the NIST RMF include:

  • Prepare aims to enable the organizations to understand their risk profiles and prepare for security risks by assessing data, networks and other infrastructure
  • Categorize focuses on sensitivity of information processes and grouping systems accordingly to understand the impact of potential risks
  • Select aims to choose the right security measures to mitigate the identified risks
  • Implement ensures that the chosen controls are implemented and documented
  • Assess evaluates if the implemented controls are functioning as intended to protect the information systems
  • Authorize aims to promote accountability and ensures that the senior management oversees the implementation and assessment of controls to minimize risks
  • Monitor involves continuous oversight of the risk environment and updating the controls as required

Additional reading

GDPR Certification
Blogs GDPR

GDPR Certification: Step by Step Guide

The EU’s General Data Protection Regulation (GDPR) hasn’t just shaken up data privacy in Europe – it’s become a global trendsetter. Its influence has rippled across the world, inspiring similar laws and raising the bar for data protection everywhere.  Brazil’s Lei Geral de Proteção de Dados (LGPD) and India’s proposed Personal Data Protection Bill share…
Blogs

Cybersecurity Risk Analyst: Roles, Compensation, and Courses

During the 2008 financial crisis, Lehman Brothers, the American investment bank, collapsed, leaving thousands jobless and pushing an already fragile economy into chaos. While multiple factors contributed, poor risk management played a critical role in its downfall. This crisis underscored the importance of having a risk analyst on your team.  As more companies realize the…
NIST 800-53
Blogs NIST

NIST SP 800-53 Rev. 5: The Ultimate Guide

A recent study revealed that cyber attacks cost businesses a staggering $4.45 million annually. To combat this, an executive order was recently signed, which mandated agencies to manage cybersecurity risks effectively.  This reinforced the Federal Information Security Modernization Act (FISMA) of 2014, giving birth to the NIST cybersecurity framework 800-53.  In this blog, we provide…

Sprinto: Your growth superpower

Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.

Contact sales