Home / Cybersecurity / NIST Seeks Public Comments on Draft Update to Risk Management Framework

NIST Seeks Public Comments on Draft Update to Risk Management Framework

The National Institute of Standards and Technology has released a draft version of its update to the Risk Management Framework designed to help federal agencies and companies safeguard their information systems from cyber threats.

NIST said Wednesday the proposed update to the RMF seeks to help organizations determine and respond to privacy risks such as concerns related to the use of personally identifiable information.

“The update provides cross-references so that organizations using the RMF can see where and how the [Cybersecurity Framework] aligns with the current steps in the RMF,” said Ron Ross, one of the authors of the draft NIST Special Publication 800-37 Revision 2.

“Conversely, if you’re using the CSF, you can bring in the RMF and give your organization a robust methodology to manage security and privacy risks,” Ross added.

The draft RMF update seeks to incorporate privacy and security into systems development; link senior leaders to operations; address supply chain-related concerns; and provide organizations with a process to pick controls from the consolidated catalog for privacy and security controls.

NIST will accept public feedback on the draft update to RMF through June 22 with plans to issue the final version in October.

Check Also

GAO: Air Force to Deploy New Combat Rescue Helicopters to Active Component by FY 2020

The Government Accountability Office has found that the U.S. Air Force intends to start fielding in fiscal 2020 new Combat Rescue Helicopters to replace aging HH-60G Pave Hawk helicopters that have recorded the most flight time when it comes to staff recovery missions. GAO said in a report published Thursday the service will initially deploy the new helicopters to the active component six years ahead of the reserve component and to the Air National Guard by 2027.

Leave a Reply

Your email address will not be published. Required fields are marked *