Risk management framework (RMF) for DoD information technology (IT)

The Risk Management Framework is a United States federal government policy and standards to help secure information systems developed by National Institute of Standards and Technology (NIST). The two main publications that cover the details of RMF are NIST Special Publication 800-37, "Guide for Applying the Risk Management Framework to Federal Information Systems", and NIST Special Publication 800-53, "Security and Privacy Controls for Federal Information Systems and Organizations". DoD instruction 8510.01 defines the Risk Management Framework for DoD Information Technology. The rules for this policy are:

• RMF for DoD IT: CCN and Sensitive Disease or Drug
• RMF for DoD IT: Confidential Document
• RMF for DoD IT: Name and Common Medical Condition (Default)
• RMF for DoD IT: Name and Common Medical Condition (Narrow)
• RMF for DoD IT: Name and Crime
• RMF for DoD IT: Name and Ethnicity
• RMF for DoD IT: Name and Sensitive Disease (Default)
• RMF for DoD IT: Name and Sensitive Disease (Narrow)
• RMF for DoD IT: Name and SSN
• RMF for DoD IT: Network Information and Security (Pattern and IP)
• RMF for DoD IT: Network Information and Security (Textual Pattern)
• RMF for DoD IT: Password Dissemination for HTTP Traffic (Wide)
• RMF for DoD IT: Password Dissemination for HTTP Traffic (Default)
• RMF for DoD IT: Password Dissemination for HTTP Traffic (Narrow)
• RMF for DoD IT: Password Dissemination for non-HTTP/S Traffic (Wide)
• RMF for DoD IT: Password Dissemination for non-HTTP/S Traffic (Default)
• RMF for DoD IT: Password Dissemination for non-HTTP/S Traffic (Narrow)
• RMF for DoD IT: Proprietary in Header or Footer
• RMF for DoD IT: SSN and Crime
• RMF for DoD IT: SSN and Ethnicity
• RMF for DoD IT: SSN and Sensitive Disease or Drug