Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

A Document-based View of the Risk Management Framework

Published

Author(s)

Joshua Lubell

Abstract

Cybersecurity professionals know the Risk Management Framework as a rigorous yet flexible process for managing security risk. But the RMF lacks a document focus, even though much of the process requires authoring, reviewing, revising, and accessing plans and reports. It is possible to build such a focus by looking more closely at these documents, starting with the System Security Plan and the roles of key participants responsible for it. Such a document- and role-centric view of the RMF process can lead the way toward more efficient and less error-prone security assurance.
Proceedings Title
Balisage Series on Markup Technologies
Conference Dates
July 27-31, 2020
Conference Location
Washington, DC
Conference Title
Balisage: The Markup Conference

Keywords

Risk Management Framework, XML, OSCAL, DITA, markup language, System Security Plan

Citation

Lubell, J. (2020), A Document-based View of the Risk Management Framework, Balisage Series on Markup Technologies, Washington, DC, [online], https://doi.org/10.4242/BalisageVol25.Lubell01 (Accessed October 31, 2024)

Issues

If you have any questions about this publication or are having problems accessing it, please contact reflib@nist.gov.

Created August 2, 2020, Updated August 3, 2020