The Past, Present and Potential Future of the NIST RMF

Gianna Price
Gianna Price
November 22, 2019 • 2 min read

Recently I had the opportunity to co-present a webinar with my colleague Steve Horvath, titled: The RMF is Dead. Long Live the RMF!  This webinar was a follow-up discussion to a Nextgov op-ed that I co-authored with Rick Tracy earlier this year.

In the article, we discussed how the NIST Risk Management Framework (RMF) is alive and well, especially with the release of RMF 2.0. In addition, the article calls attention to several organizations who have been able to get RMF to work for them, not against them.

In the recent webinar, Steve and I pick up where the article left off, highlighting some of the methods employed to get organizations to a faster, more agile RMF with the added benefit of security and compliance.  We covered a number of topics, including:

  • The value of “RMF Without an ATO Driver”
  • Ideas for architecting efficient risk management processes
  • Managing requirement across multiple mandated frameworks
  • Tips for those just starting the RMF

…and more.

It wouldn’t be an RMF webinar if we didn’t dive into the details.  So, we also took a few minutes to discuss security controls, and the best practices for getting control of your controls. We concluded the webinar with recommendations for dissecting process problems and developing a roadmap for improvement.

I invite you to watch the on-demand webinar here, and share it with your colleagues who are interested in exploring the past, present and potential future of the NIST RMF.

Gianna Price
Gianna Price
Xacta® Solutions Architect
Gianna Price is an Xacta® solutions architect at Telos Corporation.
Read full bio
1 Comment
Newest Most Voted
Inline Feedbacks
View all comments
Thomas A Marshall

Hello from the ISSA NoVa RMF LifeBoat Group,

The group was founded over three years ago with the charter to explore the implementations of the RMF and to freely present those finding to the cybersecurity community. We use the meetup format;
The group has nearly 800 meetup members and another 200+ BCC email members who don’t use meetup for privacy reasons. We have grown by finding presentation cybersecurity topics that interest our membership. See the past events listing for the spectrum of presentation,

Having viewed the webinar, The RMF is Dead, Long Live the RMF!, I believe that a live presentation to the RMF Lifeboat Group would be mutually beneficial. We always have lively, respectful discussions as our membership come from diverse cybersecurity sectors with different implementations of the RMF. We advise presenters to plan for 60 minutes of presentation and 30 minutes of discussions.

Members always take away information that they can apply on the job in the following weeks! In addition, our LifeBoat Group meetings provide opportunities for the all-important professional networking and making business-to-business contacts. Do note that the RMF LifeBoat Group operates under Information Systems Security Association, Northern Virginia Chapter (ISSA NoVa) sponsorship so that attendees may earn Professional Development Units (PDUs).

We meet on Saturday morning from 9:30 – 11:30 at a central NCR location, Marymount University – Balston Center, 1000 N Glebe Rd, Arlington, VA. One can arrive 30 minutes before and stay 30 minutes after the meeting for professional networking. Future available presentation dates Mar 7 and Apr 4.


Thomas Marshall
Ginger Doetsch
RMF LifeBoat Co-Founders