Posted by: Margaret Rouse
government IT, risk management
|The most obvious impacts will be seen in how this [document] brings the national security community closer to legislative compliance requirements, assists our inspector general audits, and aligns with the rest of the federal government to support reciprocity…the document provides an approach to manage risks for both traditional and complex systems, a procedure that was not formalized previously.
Roger L. Caslow,as quoted in New Document Provides Framework for Interagency Data Sharing
Roger L. Caslow is chief of the Risk and Information Assurance Program Division, Office of the Associate Director of National Intelligence and Chief Information Officer. He’s talking about NIST Special Publication 800-37, Revision 1, Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach (NIST SP 800-37) and apparently he doesn’t like to have his picture taken.
Henry Kenyon describes the special publication as a six-step risk management framework (RMF); a common information security framework for the federal government and the contractors who support it. The official diagram is below: