Part 2: Implementing the NIST RMF in Your Organization
An overview is all well and good, but by now I’m sure you’re asking, “But I’m a <insert org-type here>! How do we implement this whole thing?”
I’m with you. It’s time to dig deeper. All too often in cybersecurity, we see loads of technical documentation; we see just as many tools that have been procured for our environment, and it can be overwhelming to even think about how to start. Rest assured, we’re going to start easy here. This part of the book focuses on individual sections of the NIST RMF, but still from a high level. When you finish this part, you’ll have a good understanding of the overall framework, its individual parts, and how you might be able to adapt this framework for your own use.
This part has the following chapters: