NIST releases its Risk Management Framework 2.0
By MYBRANDBOOK
The National Institute of Standards and Technology posted the newest update to its Risk Management Framework.
“RMF 2.0 is the first framework in the world to address security, privacy, and supply chain risk in an integrated manner - at the organization, mission/business process, and system levels,” NIST Fellow Ron Ross wrote in a Twitter post.
RMF 2.0’s full name is the NIST Special Publication 800-37 Revision 2, Risk Management Framework (RMF) for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy.
NIST said RMF 2.0 adds a step called Prepare and includes seven major objectives.
Prepare is intended to help organizations facilitate effective communication between executives and employees. It also guides users to enable enterprise-wide identification of privacy and security controls, reduce complexity of IT systems and applications, eliminate unnecessary functions and, ultimately prioritize resources for high value assets and protect those accordingly.
NIST listed the seven objectives of the Risk Management Framework -
1. Provide closer linkage and communication to top executives and governance-level employees and the rest of the organization
2. Create critical risk management preparatory activities at all necessary levels
3. Show how the NIST Cybersecurity Framework can be aligned with the RMF
4. Include privacy risk management in the RMF
5. Promote trustworthy secure systems by aligning the RMF with NIST framework for engineering such secure systems
6. Integrate supply chain risk management concepts into the RMF
7. Enable organizations to generate a “control selection approach” as a complement to NIST SP 800-53 Revision 5 consolidated control catalog.
“By achieving the above objectives, organizations can simplify RMF execution, employ innovative approaches for managing risk, and increase the level of automation when carrying out specific tasks,” NIST added.
Singapore to remove One-Time Passwords from Bank Accounts
According to the Monetary Authority of Singapore, clients who utilise secur...
Is 375 million Airtel subscribers database breached?
When a hacker claims to have accessed and put up for sale a customer databa...
The government of India intends to construct a single portal f
A single portal will be launched by the Indian government to list all of it...
OpenAI offers GPT-4o, a faster model available to all users at
GPT-4o, a faster and more sophisticated AI model, is made available to all...
Icons Of India : ASHISH KUMAR CHAUHAN
Ashish kumar Chauhan, an Indian business executive and administrator, ...
Icons Of India : ALOK OHRIE
Alok Ohrie leads Dell Technologies’ India business, overseeing Sales...
ICONS OF INDIA : SACHIN BANSAL
Sachin Bansal is an Indian entrepreneur. He is best known as the found...
CERT-IN - Indian Computer Emergency Response Team
CERT-In is a national nodal agency for responding to computer security...
PFC - Power Finance Corporation Ltd
PFC is a leading financial institution in India specializing in power ...
IFFCO - Indian Farmers Fertiliser Cooperative
IFFCO operates as a cooperative society owned and controlled by its fa...
Indian Tech Talent Excelling The Tech World - Aneel Bhusri, CEO, Workday
Aneel Bhusri, Co-Founder and Executive Chair at Workday, has been a le...
Indian Tech Talent Excelling The Tech World - Steve Sanghi, Executive Chair, Microchip
Steve Sanghi, the Executive Chair of Microchip Technology, has been a ...
Indian Tech Talent Excelling The Tech World - JAY CHAUDHRY, CEO – Zscaler
Jay Chaudhry, an Indian-American technology entrepreneur, is the CEO a...