Updated for 2017 with New Requirements.
Flat Iron Technologies, LLC, provides industry leading risk management services and solutions, along with Defense Information Assurance Risk Management Framework (DIARMF) mandates. The concept of risk management has become an increasingly important element of today’s growing regulatory compliance and information security mandates and best practices, one that requires the expertise of a firm with years of security, governance, and compliance needs. That firm is Flat Iron Technologies, LLC who offers the following NIST SP 800-37 Risk Management Framework (RMF) & DIARMF services.
NIST SP 800-37 Risk Management Compliance - Talk to the Risk Experts Today
The Nation Institute, in partnership with the Department of Defense (DoD), and other notable entities, has developed a common information security framework for federal agencies, along with contractors, for which the concept of risk is an incredibly important component of it. More specifically, the Risk Management Framework (RMF) as published within NIST SP 800-37 consists of the following six step process:
- RMF STEP 1 – CATEGORIZE INFORMATION SYSTEM: Step 1 required organizations to categorize the respective information system and document the results of the security categorization in the security plan.
- RMF STEP 2 – SELECT SECURITY CONTROLS: Identify the security controls that are provided by the organization as common controls for organizational information systems and document the controls in a security plan (or equivalent document).
- RMF STEP 3 – IMPLEMENT SECURITY CONTROLS: Implement the security controls specified in the security plan.
- RMF STEP 4 – ASSESS SECURITY CONTROLS: Develop, review, and approve a plan to assess the security controls.
- RMF STEP 5 – AUTHORIZE INFORMATION SYSTEM: Prepare the plan of action and milestones based on the findings and recommendations of the security assessment report excluding any remediation actions taken.
- RMF STEP 6 – MONITOR SECURITY CONTROLS: Determine the security impact of proposed or actual changes to the information system and its environment of operation.
Defense Information Assurance Risk Management Framework (DIARMF) Compliance