You're reading from Unveiling the NIST Risk Management Framework (RMF) A practical guide to implementing RMF and managing risks in your organization

Product type Paperback

Published in Apr 2024

Publisher Packt

ISBN-13 9781835089842

Length 240 pages

Edition 1st Edition

Concepts

Cybersecurity

Author (1):

Mr. Thomas Marsland

View More author details

Table of Contents (17) Chapters

Preface

1. Part 1: Introduction to the NIST Risk Management Framework FREE CHAPTER

2. Chapter 1: Understanding Cybersecurity and Risk Management

3. Chapter 2: NIST Risk Management Framework Overview

4. Chapter 3: Benefits of Implementing the NIST Risk Management Framework

5. Part 2: Implementing the NIST RMF in Your Organization

6. Chapter 4: Preparing for RMF Implementation

7. Chapter 5: The NIST RMF Life Cycle

8. Chapter 6: Security Controls and Documentation

9. Chapter 7: Assessment and Authorization

10. Part 3: Advanced Topics and Best Practices

11. Chapter 8: Continuous Monitoring and Incident Response

12. Chapter 9: Cloud Security and the NIST RMF

13. Chapter 10: NIST RMF Case Studies and Future Trends

14. Chapter 11: A Look Ahead

15. Index

Why subscribe?

16. Other Books You May Enjoy

Case studies and examples

Despite my best efforts, it’s not easy to locate organizations telling their story of implementing the NIST RMF. In fact, I was only able to locate one – the University of Florida. Our case study focuses on an implementation at the University of Florida. This was discussed at the NIST High-Performance Computing Workshop in 2018. The case study, titled Applying NIST Risk Management Framework to Controlled Unclassified Information on High-Performance Computing (HPC), focuses on the application of the NIST RMF to manage risks associated with controlled unclassified information (CUI) in a high-performance computing environment.

You can read about it here: https://www.nist.gov/system/files/documents/2018/03/28/erik_-_rmf-to-cui-for-hpc-lessons-deumens.pdf.

Here is a summary of the key points and the implementation process.