What is RMF & why is it important?

The Risk Management Framework (RMF) was originally developed by the Department

of Defense (DoD) and has been adopted by the rest of U.S. Federal Information Systems. The RMF process can be described in six main steps.


Step 1: Categorize

Step 2: Select

Step 3: Implement

Step 4: Assess

Step 5: Authorize

Step 6: Monitor


These steps help improve the security of the information system/application by implementing security controls that support early risk detection and resolution. The RMF

achieves this by helping companies bring more structure and oversight to the system

development life cycle by integrating cybersecurity and risk management into the early

stages of the system development process.


One of the main steps in the RMF is Step 2: Selecting the Security Controls. Security and

privacy controls were established by NIST and are fully documented in NIST SP 800-53,

Revision 5. Security and privacy controls are safeguards/countermeasures prescribed

for Information systems. During this step, you will make decisions about what baseline

security controls you want to implement based on what category the risk falls into.

These controls will protect the confidentiality, integrity, and availability of the system

and its information. It’s important to note that the risk management framework is not

simply a compliance drill. Security controls can be applied but not all can be satisfied.

Thus, you have to take steps to mitigate the vulnerability and understand the severity

of the residual risk and make a determination as to whether you want to operate a system under that risk posture.


Attacks on information systems today are often well-organized, disciplined, aggressive,

well-funded, and extremely sophisticated. Successful attacks on public and private

sector information systems could cause some serious harm. The ultimate goal of the

6-step RMF approach is to ensure that your information system is protected and secure

by implementing security controls and monitoring them regularly.

d1e1871a85e906df5b85bace3dbfd254.jpg

INNOVATION FACILITY NOW OPEN

PSI's state-of-the-art Innovation Facility is now open in Valparaiso, FL. It is designed to provide a cyber secure ecosystem for development of new technologies and approaches, illustrating the company’s commitment to deliver excellence to its customers. Watch a video about the Innovation Facility.

PSI_Collab.jpg

#WEAREPSI

PSI works hard to maintain its unique, diverse, and collaborative culture. Success is the result when we connect the power of our people. Watch a video about who we are.

military.png

SKILLBRIDGE OPPORTUNITIES

We have a new internship program that helps Active-Duty Service Members make a shift into civilian life. Learn more here.

woman-in-tech.png

FEATURED INDUSTRY: INTELLIGENCE

PSI is a proud and dedicated services provider to the Intelligence Community. Our IT solutions solve today’s complex challenges, improve operational efficiencies, and meet challenges to our national security. Learn more here.