NIST said Wednesday the proposed update to the RMF seeks to help organizations determine and respond to privacy risks such as concerns related to the use of personally identifiable information.
“The update provides cross-references so that organizations using the RMF can see where and how the [Cybersecurity Framework] aligns with the current steps in the RMF,” said Ron Ross, one of the authors of the draft NIST Special Publication 800-37 Revision 2.
“Conversely, if you’re using the CSF, you can bring in the RMF and give your organization a robust…