22 Dec NIST Addresses Privacy in New Risk Management Framework
The National Institute of Standards and Technology (NIST) released this week the final version of its risk management framework (RMF)–NIST SP 800-37 Revision 2 which now also addresses both security and privacy concerns in IT risk management.
NIST fellow Ron Ross said that the RMF 2.0 ensures the term compliance means real cybersecurity and privacy risk management and not just satisfying a static set of controls in a checklist.
Agencies will be required to follow the revised RMF as dictated by Circular A-130 from the Office of Management and Budget (OMB).
Source: MeriTalk
