IDEF ZERO

Node A6 · Acronym decoder

RMF

Risk Management Framework

What it actually means

The NIST-defined process for authorizing information systems: categorize the system, select and implement controls, assess them, authorize operation, and monitor continuously. In DoD it's the machinery behind every ATO — and the paperwork burden that "continuous ATO" initiatives exist to automate.

Where you'll meet it

Cybersecurity compliance for any system on a government network.

Related terms

← All systems engineering acronyms