An introduction to the NIST Risk Management Framework - IT Governance USA Blog

The Risk Management Framework (RMF) is a set of information security policies and standards for federal government developed by The National Institute of Standards and Technology (NIST). The RMF is covered specifically in the following NIST publications: Special Publication 800-37, "Guide for Applying the Risk Management Framework to Federal Information Systems", describes the formal RMF certification and accreditation process.