NIST 800-37: Applying the Risk Management Framework

Learn how to implement the NIST Risk Management Framework (RMF) to ensure compliance, reduce risk, and secure modern information systems across industries.

Course Objectives

• Understand the structure and intent of NIST SP 800-37 Rev 2.
• Apply each of the seven steps of the RMF to real-world systems.
• Integrate RMF with organizational security and privacy practices.
• Support continuous authorization and adaptive risk management.

Course Overview

This course provides a practical understanding of the NIST Risk Management Framework (RMF) as defined in Special Publication 800-37. You’ll explore the seven-step process, key roles and responsibilities, critical documentation, and integration of the RMF within the System Development Life Cycle (SDLC). The course uses current federal guidelines and industry case studies to build expertise in securing federal and enterprise systems.

Sample Module: Understanding the RMF Lifecycle

This module introduces the seven-step Risk Management Framework and highlights its purpose in aligning system-level security decisions with organizational missions and risk tolerances.

Lesson: Step 1 – Prepare

In this lesson, we explore the foundational step of the RMF: Prepare. You’ll learn how to establish organizational context, assign responsibilities, and define the boundaries of information systems before engaging in categorization and control selection.