NIST has released an updated Risk Management Framework for Systems and Organizations Introductory Course to reflect guidance from NIST Special Publication (SP) 800-37, Revision 2. The RMF was developed by NIST to help organizations manage information security and privacy risks to and from Information Technology (IT) systems more easily, efficiently and effectively.
This three hour online course provides individuals new to risk management an overview of a flexible methodology for organizational and system risk, the Risk Management Framework (RMF). For individuals with experience with NIST SP 800-37, Revision 1, this course explains updates to the RMF in Revision 2, including the integration of privacy and supply chain risk management into this holistic process.
The RMF Introductory Course describes at a high-level the importance of establishing an organization-wide risk management program, the information security legislation related to organizational risk management, the steps in the RMF, and the NIST publications related to each step. The course can be launched through your internet browser and upon completion, individuals may print a certificate of completion. The training is also available for organizations who wish to include it as a module in their Learning Management Systems (LMS) in the following LMS standards: SCORM, AICC, xAPI, and cmi5.
The Risk Management Framework for Systems and Organizations Introductory Course is developed by NIST and available free of charge.
Course Duration: THREE Hours
NIST-developed software is provided by NIST as a public service. You may use, copy and distribute copies of the software in any medium, provided that you keep intact this entire notice. You may improve, modify and create derivative works of the software or any portion of the software, and you may copy and distribute such modifications or works. Modified works should carry a notice stating that you changed the software and should note the date and nature of any such change. Please explicitly acknowledge the National Institute of Standards and Technology as the source of the software.
NIST-developed software is expressly provided “AS IS.” NIST MAKES NO WARRANTY OF ANY KIND, EXPRESS, IMPLIED, IN FACT OR ARISING BY OPERATION OF LAW, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT AND DATA ACCURACY. NIST NEITHER REPRESENTS NOR WARRANTS THAT THE OPERATION OF THE SOFTWARE WILL BE UNINTERRUPTED OR ERROR-FREE, OR THAT ANY DEFECTS WILL BE CORRECTED. NIST DOES NOT WARRANT OR MAKE ANY REPRESENTATIONS REGARDING THE USE OF THE SOFTWARE OR THE RESULTS THEREOF, INCLUDING BUT NOT LIMITED TO THE CORRECTNESS, ACCURACY, RELIABILITY, OR USEFULNESS OF THE SOFTWARE.
You are solely responsible for determining the appropriateness of using and distributing the software and you assume all risks associated with its use, including but not limited to the risks and costs of program errors, compliance with applicable laws, damage to or loss of data, programs or equipment, and the unavailability or interruption of operation. This software is not intended to be used in any situation where a failure could cause risk of injury or damage to property. The software developed by NIST employees is not subject to copyright protection within the United States.
Please contact [email protected] with questions or comments.