A structured, six-step approach used to oversee and manage risks to organizational operations (mission, functions, image, or reputation), organizational assets, individuals, other organizations, or the nation resulting from the operation or use of an information system.
Many security and compliance projects begin with a simple idea: assess the organization's risk of vulnerabilities and breaches. Indeed, implementing an IT security risk assessment is absolutely critical to the overall security posture of your organization.
A list of NIST, DoD, and other federal agencies' guidance on RMF. This section also contains a series of checklists broken down by RMF step to assist with your projects. Please note, these are UNCLASSIFIED documents with no restrictions on usage or distribution.