Recently I had the opportunity to co-present a webinar with my colleague Steve Horvath, titled: The RMF is Dead. Long Live the RMF! This webinar was a follow-up discussion to a Nextgov op-ed that I co-authored with Rick Tracy earlier this year.
In the article, we discussed how the NIST Risk Management Framework (RMF) is alive and well, especially with the release of RMF 2.0. In addition, the article calls attention to several organizations who have been able to get RMF to work for them, not against them.
In the recent webinar, Steve and I pick up where the article left off, highlighting some of the methods employed to get organizations to a faster, more agile RMF with the added benefit of security and compliance. We covered a number of topics, including:
- The value of “RMF Without an ATO Driver”
- Ideas for architecting efficient risk management processes
- Managing requirement across multiple mandated frameworks
- Tips for those just starting the RMF
It wouldn’t be an RMF webinar if we didn’t dive into the details. So, we also took a few minutes to discuss security controls, and the best practices for getting control of your controls. We concluded the webinar with recommendations for dissecting process problems and developing a roadmap for improvement.
I invite you to watch the on-demand webinar here, and share it with your colleagues who are interested in exploring the past, present and potential future of the NIST RMF.