What is it?

NDIT Security’s Risk Management Framework (RMF) service is provided to ensure security, risk management, IT, and business resources are aligned throughout the IT project lifecycle.

The framework is based on industry best practices and guidelines outlined in NIST 800-37R2 and provides a process that integrates security, privacy and cyber supply chain risk management activities into the system development life cycle.

What do you get with the service?

NDIT will work closely with state agencies to tailor RMF for large IT projects. This ensures your IT project aligns with your overall mission and business objectives, while incorporating State and Federal security requirements.

By implementing RMF, your organization and citizen data will be better prepared to protect it against security threats and ensure the confidentiality, integrity, and availability of your information assets.

The service includes:

  • Identification of potential risks to the organization's information assets
  • Assessment of the likelihood and impact of those risks
  • Development and implementation of controls to mitigate or accept identified risks
  • Continuous monitoring and maintenance of the implemented controls
  • Regular communication with stakeholders on risk management activities and results

How do you request service?

For projects requiring a System Security Plan (SSP), which are generally systems containing regulated data, the RMF process will be automatically incorporated through Project Management and reflected in the project schedule.

Other projects will be evaluated through the Initiative Intake process to determine if Risk Management Framework is warranted.  Factors evaluated include: overall project cost, size of the project, citizen impact, etc.