The NIST Risk Management Framework: Problems and recommendations

Cyber security assessment initiatives and frameworks abound in the US government, but their effectiveness is inconsistent. The most important law from which these frameworks and assessments arose is the Federal Information Systems Management Act (FISMA), passed in 2002, and updated…