FISMA & NIST RMF

Josef Kamara, CPA, CISSP, CISA · Updated May 6, 2026 · 1 minute read

Risk Management Framework (RMF)

NIST Special Publication 800-37 Revision 2 defines the seven-step Risk Management Framework that federal agencies use to bring information systems into operation under FISMA. The steps are Prepare, Categorize, Select, Implement, Assess, Authorize, and Monitor; each produces specific artifacts that feed the next. The framework replaced the older Certification and Accreditation process in 2010 and has been the de facto federal authorization process since.

The Authority Brief

One compliance analysis per week from Josef Kamara, CPA, CISSP, CISA. Federal and private compliance, written for practitioners.