The Risk Management Framework

The Risk Management Framework In 2002, Congress passed the Federal Information Security Management Act (FISMA). As part of the implementation effort, the National Institute of Standards and Technology released Special Publication 800-37, which replaces the traditional certification and accreditation process with a six-step risk-management framework. The first step is to categorize the information system. Next, […]  More »