What is it?

NDIT Security’s Risk Management Framework (RMF) service is provided to ensure security, risk management, IT, and business resources are aligned throughout the evolution of an IT project.

The framework is based on industry best practices and guidelines outlined in NIST 800-37R2 and provides a process that integrates security, privacy and cyber supply chain risk management activities into the system development life cycle.

What do you get with the service?

NDIT will work closely with state agencies to tailor RMF for large IT projects. This ensures your IT project aligns with your overall mission and business objectives, while incorporating State and Federal security requirements.

By implementing RMF, your organization and citizen data will be better prepared to protect it against security threats and ensure the confidentiality, integrity, and availability of your information assets.

The service includes:

  • Identification of potential risks to the organization's information assets
  • Assessment of the likelihood and impact of those risks
  • Development and implementation of controls to mitigate or accept identified risks
  • Continuous monitoring and maintenance of the implemented controls
  • Regular communication with stakeholders on risk management activities and results

How do you request service?

For IT projects more than $500,000 (or as federally required), projects will automatically incorporate RMF process through Project Management.

For IT projects less than $500,000, submit a ServiceNow request for this service:

NDIT’s Service Portal - Generic Service Request

  • Request Type: Security

Provide additional details in the description:

  • ATTN: Governance, Risk and Compliance
    • Request for System Risk Assessment
  • Target dates in which you want this implemented

Requests are prioritized as they come in and scheduled based upon the availability of resources.  We strive to complete requests within three weeks from start to finish for system risk assessments.