Data-Driven RMF Blog Series

Qmulos will be publishing a six-part blog series on a data-driven approach to the Risk Management Framework (RMF) defined in “NIST Special Publication 800-37 Risk Management Framework for Information Systems and Organizations.”

Why use a data-driven RMF approach?

A data-driven approach to RMF uses data automatically collected from your IT environment to streamline, automate, and inform decision-making to manage the cybersecurity risks with developing and operating your information systems. Traditional approaches focus on documenting and reviewing implementation statements along with static snapshots of technical evidence to assess if security controls are correctly implemented and operating effectively. As a result, this creates hundreds of pages of documentation based on outdated data, and provides little actual security value. Rather than just reviewing implementation statements and taking a “trust me” approach, a data-driven approach uses the machine data (e.g. logs, configuration settings, events, transactions, etc.) that’s automatically collected from your systems so that you can continuously monitor and verify that the controls are providing the required levels of protection.

data-driven RMF through Qmulos

In each part of this series, we’ll be discussing each step of the RMF. Summarily, we will describe the key objective of that step, typical implementation, and what it means from a data-driven perspective. Furthermore, we’ll discuss how our flagship continuous monitoring and compliance automation solution Q-Compliance enables a data-driven approach to implement that particular step of the RMF. Finally, we will explain how traditional approaches and GRC tools implement that step, and highlight benefits of the data-driven approach. Stay tuned, bookmark this page and check back regularly for links to each part as we publish them.

1. Part 1 – Categorize
2. Part 2 – Select
3. Part 3 – Implement (Live: October 6th)
4. Part 4 – Assess (Live: October 13th)
5. Part 5 – Authorize (Live: October 20th)
6. Part 6 – Monitor (Live: October 27th)

You are now leaving Qmulos

Qmulos provides links to web sites of other organizations in order to provide visitors with certain information. A link does not constitute an endorsement of content, viewpoint, policies, products or services of that web site. Once you link to another web site not maintained by Qmulos, you are subject to the terms and conditions of that web site, including but not limited to its privacy policy.

You will be redirected to
in 7 seconds...

Click the link above to continue or CANCEL