RISK MANAGEMENT FRAMEWORK RMF
The Risk Management Framework (NIST Special Publication 800-37). ... The Risk Management Framework(RMF), illustrated at right, provides a disciplined and structured process that integrates information security and risk management activities into the system development life cycle.
The selection and specification of security controls for a system is accomplished as part of an organization-wide information security program that involves the management of organizational risk---that is, the risk to the organization or to individuals associated with the operation of a system. The management of organizational risk is a key element in the organization's information security program and provides an effective framework for selecting the appropriate security controls for an system---the security controls necessary to protect individuals and the operations and assets of the organization.