The agency said Tuesday the update aims to create a better correlation between the risk management processes and activities at the executive level and those at the operational level, as well as standardize critical risk management preparatory activities at all risk management efforts.
The modification also intends to align the NIST Cybersecurity Framework with the RMF; help privacy programs support privacy protection needs; promote the development of credible systems; identify malicious actors or fraudulent processes using supply chain risk management concepts and match organization-generated and traditional baseline control selection approaches.
NIST seeks feedback on the updated RMF draft, as well as its process of developing, passing, storing and deleting information and its impact on security and privacy.
The agency will hold a public comment period regarding the RMF update from Oct. 2 to Oct. 31.