Executing the RMF as an Engineering Discipline, not a Paperwork Exercise
Dr. Darren Death, ICIT Fellow, shares his perspective on using the Risk Management Framework (RMF) as intended - as an engineering framework that links security requirements to system behavior.
The RMF defines a complete model for continuous authorization and should be executed as part of engineering and operations, rather than as a separate compliance process.
The Risk Management Framework is intended to align engineering, operations, and governance with measurable control performance.
- The RMF's structure remains unchanged, but its implementation has shifted towards documentation rather than technical validation.
- Some agencies have adapted the RMF into an administrative process focused on documentation, rather than active demonstration of protection.
Author's summary: Execute RMF as engineering discipline.
More News
- Dear ASEAN Leaders: Trumpism Is Not A Temporary Phenomenon. Here’s Why?
- As top LDS Church leaders age, they move closer to ‘the zone of dementia’
- The Coming Dementia Crisis—and the Cost of Doing Nothing
- Football Continues Strong Season, Eyeing Fourth-Straight Little Three Title – The Wesleyan Argus
- “No Faux King Way”: ‘No Kings’ Protesters Fighting Against Trumpism And White Christian Nationalists - Black Star News
- Landmark New Report Shows Canadian Lobbyists Represent Major Polluters Alongside Environmental Groups
- Utica outlasts Warren Cousino; Lakeview topples rival Lake Shore; Chippewa Valley, Warren Mott also record lopsided wins
- Major Candy Company Files Chapter 11 Bankruptcy Amid Halloween Week Shock - CCE l ONLINE NEWS
- Archbishop Leads Public Prayer Vigils To Stop Abortion But Not To Support Immigrants, the Homeless, or the Hungry
- Benz Hui Dies At 76 from Cancer-Related Organ Failure