topic Tools for NIST RMF in Governance, Risk, Compliance

Tools for NIST RMF

AlexDersch — Wed, 20 Mar 2024 20:30:55 GMT

Hi, we are looking for a tool to support us in the paperwork of the RMF processes. Something similar to ServiceNow Integrated Risk Management.

Any ideas or suggestions?

thanks in advanced

Alex

Re: Tools for NIST RMF

Caute_cautim — Thu, 21 Mar 2024 00:40:53 GMT

@AlexDersch Build your own approach for better understanding within the corporation:

Example: https://www.ibm.com/policy/ibms-approach-to-implementing-the-nist-ai-rmf/

Regards

Caute_Cautim

Re: Tools for NIST RMF

AlexDersch — Thu, 21 Mar 2024 07:01:46 GMT

Thanks for your feedback Caute_Cautim,

it not about the processes, my request is more related to tracking poam's, risks, in excel is quite a pain.

Greetings from Switzerland

Alex

Re: Tools for NIST RMF

Early_Adopter — Thu, 21 Mar 2024 07:52:38 GMT

If pedigree is important and money no issues then Archer would probably work for you.

Panaseer is a small startup that will do things for you.

OneTrust got very big, very quick on a privacy push from GDPR, then shrunk a bit.

Or you can roll your own with the help of some open source efforts.

That would be more challenging but fun. Even more effort gets you your own data store and some BI visualisations.

Just plugged Vendors so I might as well add this:

https://www.gartner.com/reviews/market/it-risk-management-solutions

https://www.gartner.com/reviews/market/it-risk-management-solutions

Hard to say what’s a fit with limited info I’m afraid.

Re: Tools for NIST RMF

AlexDersch — Thu, 21 Mar 2024 09:32:53 GMT

Thanks, Early Adopter, I am not a fan of open source solutions. I will have a look at the Gartner reports.
Best regards
Alex

Re: Tools for NIST RMF

Steve-Wilme — Thu, 21 Mar 2024 11:43:15 GMT

It's perfectly possible to implement risk management in ServiceNow without purchasing the dedicate risk module if your support team has the skill set.

Re: Tools for NIST RMF

shervinG — Tue, 21 May 2024 19:51:09 GMT

Hi Alex, I know your post is somewhat dated, but I was wondering if you found the tool you were looking for as a ServiceNow IRM alternative?

Re: Tools for NIST RMF

volochainmlm4 — Sat, 21 Sep 2024 07:54:41 GMT

Tools for the NIST Risk Management Framework (RMF) are essential for organizations aiming to effectively manage cybersecurity risks and comply with federal standards. These tools range from automated assessment platforms that streamline the categorization and selection of security controls, to risk assessment and monitoring solutions that facilitate continuous compliance. Additionally, documentation tools help maintain comprehensive records of security activities, while training resources ensure that personnel are well-versed in the RMF processes table top styles. By leveraging these tools, organizations can enhance their risk management practices, improve decision-making, and strengthen their overall cybersecurity posture.