NIST Risk Management Framework (RMF) Small Enterprise Quick Start Guide
A Comprehensive, Flexible, Risk-Based Approach to Managing Information Security and Privacy Risk
Purpose of this Small Enterprise Quick Start Guide
For organizations of all sizes, managing risk (including information security1 and privacy risk) is critical for organizational resilience. This guide is designed to help small, under-resourced entities understand the value and core components of the NIST Risk Management Framework (RMF)2 and provide a starting point for designing and implementing an information security and privacy risk management program. This document is not intended to replace the RMF; it is intended to be an introductory guide to help organizations get started.