cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
AlexDersch
Newcomer I

Tools for NIST RMF

Hi, we are looking for a tool to support us in the paperwork of the RMF processes. Something similar to ServiceNow Integrated Risk Management. 

Any ideas or suggestions?

 

thanks in advanced

Alex

7 Replies
Caute_cautim
Community Champion

@AlexDersch   Build your own approach for better understanding within the corporation:

 

Example:  https://www.ibm.com/policy/ibms-approach-to-implementing-the-nist-ai-rmf/

 

Regards

 

Caute_Cautim

AlexDersch
Newcomer I

Thanks for your feedback Caute_Cautim,

it not about the processes, my request is more related to tracking poam's, risks, in excel is quite a pain. 

Greetings from Switzerland

Alex

Early_Adopter
Community Champion

If pedigree is important and money no issues then Archer would probably work for you.

Panaseer is a small startup that will do things for you.

OneTrust got very big, very quick on a privacy push from GDPR, then shrunk a bit.

Or you can roll your own with the help of some open source efforts.

That would be more challenging but fun. Even more effort gets you your own data store and some BI visualisations.

Just plugged Vendors so I might as well add this:

https://www.gartner.com/reviews/market/it-risk-management-solutions

https://www.gartner.com/reviews/market/it-risk-management-solutions

Hard to say what’s a fit with limited info I’m afraid.
AlexDersch
Newcomer I

Thanks, Early Adopter, I am not a fan of open source solutions. I will have a look at the Gartner reports.
Best regards
Alex
Steve-Wilme
Advocate II

It's perfectly possible to implement risk management in ServiceNow without purchasing the dedicate risk module if your support team has the skill set.  

 

-----------------------------------------------------------
Steve Wilme CISSP-ISSAP, ISSMP MCIIS
shervinG
Viewer

Hi Alex, I know your post is somewhat dated, but I was wondering if you found the tool you were looking for as a ServiceNow IRM alternative?

volochainmlm4
Viewer II

Tools for the NIST Risk Management Framework (RMF) are essential for organizations aiming to effectively manage cybersecurity risks and comply with federal standards. These tools range from automated assessment platforms that streamline the categorization and selection of security controls, to risk assessment and monitoring solutions that facilitate continuous compliance. Additionally, documentation tools help maintain comprehensive records of security activities, while training resources ensure that personnel are well-versed in the RMF processes table top styles. By leveraging these tools, organizations can enhance their risk management practices, improve decision-making, and strengthen their overall cybersecurity posture.