Risk Management Framework
NIST's structured process for managing security and privacy risk in information systems, moving through steps to prepare, categorize, select, implement, assess, authorize, and monitor. It is mandatory for US federal systems and culminates in the Authority to Operate decision. It replaced the older checklist mindset with continuous, risk-based authorization.