This page provides an overview of the NIST framework.

Grey Matter complies with NIST.

****National Institute of Standards and Technology (NIST) 800-37 offers guidelines for the application of Risk Management Framework (RMF) to information systems. The guideline defines RMF roles, responsibilities, and lifecycle processes for systems and organizations. RMF offers a flexible structured process for security and privacy risk management. This process covers IT categorization; implementation, controls, and assessment; system and common control authorizations; and continuous monitoring.

Mitigate Risk

The RMF also prepares organizations to mitigate risk. IT common control authorization provides senior leaders and executives with the necessary information to make cost-effective risk management decisions. RMF also incorporates security and privacy into the development lifecycle. RMF management process tasks are linked from the system level to risk management organization level. In addition, RMF establishes responsibility and accountability for organizational IT system controls and those inherited by their systems.


Want to learn more about our compliance standards?

Contact us at