NIST Risk Management Framework: From a response perspective,…

NIST Risk Management Framework: From a response perspective, the key point that you need to understand about the NIST RMF, and what makes it so revolutionary within the Department of Defense (DoD) and associated organizations, is that risk response starts with steps 4 and 5 of the RMF.This is where authorizing the system (based upon the responsible authority’s acceptance of risk levels) and continuous monitoring take place. To achieve these ends, the RMF encourages automated mechanisms (such as Tenable Security Center and the McAfee Host-Based Security System, for example) to be implemented to support rapid analysis and reporting to management, and for organizations under the mandate of the standard, the RMF establishes a level of accountability and responsibility for the controls selected and implemented within supporting information systems.