Tag Archives: Risk Management Framework

Goodbye RMF, Hello CSRMC

Posted on by

The Risk Management Framework (RMF) was introduced in 2022 to create a standardized way to measure and manage cybersecurity risk in the federal government. Modeled with standards including the Federal Information Security Modernization Act and NIST Special Publication 800-53, the RMF was a repeatable, structured method to manage cybersecurity risk and ensure compliance with federal standards. The RMF allowed agencies to identify, understand, prioritize, and reduce risks to their information systems and missions. It informed leaders of security risks, allowing them to make educated decisions about trade-offs between security and mission needs.

While it was designed to be more than a checklist, in practice the RMF had become just that. Rather than engaging with it dynamically, agencies employed highly manual processes that slowed the adoption of much-needed solutions. The process could not keep up with the quickly evolving threat landscape. Continue reading

Department Spotlight: Department of Commerce

Posted on by

The Department of Commerce's mission is to create the conditions for economic growth and opportunity for all communities. With 13 bureaus, it serves as the voice of business in the Federal Government and spurs the growth of quality jobs in communities across the country.

Commerce plays a huge role in innovation and advanced computing. Commerce is the department that oversees the efforts of the National Institute of Standards and Technology (NIST) and the National Telecommunications and Information Administration (NTIA) to provide guidelines around secure and equitable technology use. Additionally, the National Oceanic and Atmospheric Administration's (NOAA) leading climate science research and the U.S. Patent and Trademark Office's (USPTO) work to protect American IP are also housed under Commerce. Continue reading