top of page

What is RMF & why is it important?

The Risk Management Framework (RMF) was originally developed by the Department

of Defense (DoD) and has been adopted by the rest of U.S. Federal Information Systems. The RMF process can be described in six main steps.

Step 1: Categorize

Step 2: Select

Step 3: Implement

Step 4: Assess

Step 5: Authorize

Step 6: Monitor

These steps help improve the security of the information system/application by implementing security controls that support early risk detection and resolution. The RMF

achieves this by helping companies bring more structure and oversight to the system

development life cycle by integrating cybersecurity and risk management into the early

stages of the system development process.

One of the main steps in the RMF is Step 2: Selecting the Security Controls. Security and

privacy controls were established by NIST and are fully documented in NIST SP 800-53,

Revision 5. Security and privacy controls are safeguards/countermeasures prescribed

for Information systems. During this step, you will make decisions about what baseline

security controls you want to implement based on what category the risk falls into.

These controls will protect the confidentiality, integrity, and availability of the system

and its information. It’s important to note that the risk management framework is not

simply a compliance drill. Security controls can be applied but not all can be satisfied.

Thus, you have to take steps to mitigate the vulnerability and understand the severity

of the residual risk and make a determination as to whether you want to operate a system under that risk posture.

Attacks on information systems today are often well-organized, disciplined, aggressive,

well-funded, and extremely sophisticated. Successful attacks on public and private

sector information systems could cause some serious harm. The ultimate goal of the

6-step RMF approach is to ensure that your information system is protected and secure

by implementing security controls and monitoring them regularly.



PSI's state-of-the-art Innovation Facility is now open in Valparaiso, FL. It is designed to provide a cyber secure ecosystem for development of new technologies and approaches, illustrating the company’s commitment to deliver excellence to its customers. Watch a video about the Innovation Facility.

bottom of page