Thanks to visit codestin.com
Credit goes to csrc.nist.gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( Codestin Search App ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Projects

NIST Risk Management Framework RMF

Overview

August 27, 2025: In response to Executive Order 14306, NIST SP 800-53 Release 5.2.0 has been finalized and is now available on the Cybersecurity and Privacy Reference Tool. Release 5.2.0 includes changes to SP 800-53 and SP 800-53A, there are no changes to the baselines in SP 800-53B. A summary of the changes is available, and replaces the "preview version" issued on August 22 (no longer available). 

August 22, 2025: A preview of the updates to NIST SP 800-53 (Release 5.2.0) is available on the Public Comment Site. This preview will be available until NIST issues Release 5.2.0 through the Cybersecurity and Privacy Reference Tool. SP 800-53 Release 5.2.0 will include:

  • New Control/Control Enhancements and Assessment Procedures: SA-15(13), SA-24, SI-02(07)
  • Revisions to Existing Controls: SI-07(12)
  • Updates to Control Discussion: SA-04, SA-05, SA-08, SA-08(14), SI-02, SI-02(05)
  • Updates to Related Controls: All -01 Controls, AU-02, AU-03, CA-07, IR-04, IR-06, IR-08, SA-15, SI-02, SI-07

August 14, 2025: The NIST SP 800-53 Control Overlays for Securing AI Systems Concept Paper is available for comment, and we welcome stakeholders to join the NIST Overlays Securing AI Systems Slack Collaboration to engage in facilitated discussions with the NIST principal investigators and other subgroup members, share ideas, provide real-time feedback, and contribute to overlay development.

August 6, 2025: The expedited public comment period on the NIST SP 800-53 controls is closed.  Thank you for your feedback!  We expect to issue SP 800-53 Release 5.2.0 through the Cybersecurity and Privacy Reference Tool in the coming weeks.

July 22, 2025: Proposed updates to the NIST SP 800-53 controls addressing secure and reliable patches available for comment through August 5, 2025 on the NIST SP 800-53 Public Comment Site. See more detail about the changes, view the changes and submit your feedback on the NIST SP 800-53 Public Comment Site.  

June 4, 2025: NIST invites comments on the initial public draft of SP 800-18r2, Developing Security, Privacy, and Cybersecurity Supply Chain Risk Management Plans for Systems. The public is invited to provide input by July 30, 2025.

The NIST Risk Management Framework (RMF) provides a comprehensive, flexible, repeatable, and measurable 7-step process that any organization can use to manage information security and privacy risk for organizations and systems and links to a suite of NIST standards and guidelines to support implementation of risk management programs to meet the requirements of the Federal Information Security Modernization Act (FISMA).  

This site provides an overview, explains each RMF step, and offers resources to support implementation, such as updated Quick Start Guides, and the RMF Publication.


RMF wheel

Prepare Essential activities to prepare the organization to manage security and privacy risks 
Categorize Categorize the system and information processed, stored, and transmitted based on an impact analysis
Select Select the set of NIST SP 800-53 controls to protect the system based on risk assessment(s)
Implement Implement the controls and document how controls are deployed
Assess Assess to determine if the controls are in place, operating as intended, and producing the desired results
Authorize Senior official makes a risk-based decision to authorize the system (to operate)
Monitor Continuously monitor control implementation and risks to the system

 

Learn More Picture

Learn More

 

 

 

SP 800-53 Controls & SP 800-53B Control Baselines Picture

Controls & Control Baselines

 

 

Stay Informed Picture

Stay Informed

 

 

Contacts

NIST Risk Management Framework Team
[email protected]

Created November 30, 2016, Updated September 10, 2025