Beyond Compliance-Addressing the Political, Cultural and Technical Dimensions of Applying the Risk Management Framework

Abstract

The Risk Management Framework (RMF) promulgated by the Joint Task Force provides organizations with a structured yet flexible approach to identify and prioritize the risks of depending on information, communications, and cyber-physical technologies; thus enhancing the ability to manage those risks. RMF implementation is in varying stages of maturity throughout the US Government. The RMF offers promise, but its implementation thus far raises questions and concerns about the direction the Federal government is taking to manage risk in a timely manner. Managing these cyber risks effectively requires organizations and their mission or business elements, acquisition or procurement elements, and system owner-operators to make political, cultural, and technical changes. This paper presents the benefits the RMF is designed to provide, challenges that organizations have faced, and recommendations to overcome those challenges and achieve the benefits.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jan 01, 2014
Accession Number
AD1107794

Entities

People

  • Jennifer Fabius
  • Richard D. Graubart

Organizations

  • MITRE Corporation

Tags

Communities of Interest

  • Cyber
  • Weapons Technologies

DTIC Thesaurus Topics

  • Acquisition
  • Commerce
  • Cybersecurity
  • Department Of Defense
  • Engineering
  • Governments
  • Information Processing
  • Information Security
  • Information Systems
  • Intelligence Community (United States)
  • Mental Processes
  • National Security
  • Risk
  • Risk Analysis
  • Risk Management
  • Robotics
  • Security
  • Standards
  • Systems Engineering
  • Training

Readers

  • Cybersecurity.
  • Organizational Process Management (OPM).
  • Systems Analysis and Design

Technology Areas

  • Cyber